evice number 64 using dummy_hcd [ 490.970895][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 490.984857][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.006434][ T4141] usb 2-1: Product: syz [ 491.016288][ T4141] usb 2-1: Manufacturer: syz [ 491.021731][ T4141] usb 2-1: SerialNumber: syz [ 491.028197][T12789] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 491.048193][T12789] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 491.057268][T12789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.058851][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 491.090618][T12789] usb 3-1: config 0 descriptor?? [ 491.131203][T12789] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 491.158105][T12789] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 491.668123][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 492.089240][T12789] usb 2-1: USB disconnect, device number 71 [ 492.707863][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 492.714911][ T4141] ath9k_htc: Failed to initialize the device [ 492.721760][T12789] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:18 executing program 2: r0 = syz_usb_connect(0x0, 0x34, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x0, "81bb6e86a9"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:18 executing program 4: 09:55:18 executing program 3: 09:55:18 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:18 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x13, 0x0, &(0x7f0000000040)=0x64) 09:55:18 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9ef"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 493.339319][ T9700] usb 3-1: USB disconnect, device number 64 09:55:18 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}]}}}]}, 0x38}}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) fsetxattr$security_evm(r3, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="020700ff93e088813d70"], 0xa, 0x2) getpid() r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40086602, 0x400007) getsockopt$inet6_tcp_buf(r4, 0x6, 0xb, &(0x7f0000000140)=""/77, &(0x7f00000000c0)=0x4d) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) 09:55:18 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x400c00) 09:55:18 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xfd08283856736a22) setuid(r3) ioprio_get$uid(0x3, r3) 09:55:18 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) sync_file_range(r0, 0x0, 0x0, 0x2) [ 493.677646][ T4141] usb 2-1: new high-speed USB device number 72 using dummy_hcd 09:55:19 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}]}}}]}, 0x38}}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) fsetxattr$security_evm(r3, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="020700ff93e088813d70"], 0xa, 0x2) getpid() r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x40086602, 0x400007) getsockopt$inet6_tcp_buf(r4, 0x6, 0xb, &(0x7f0000000140)=""/77, &(0x7f00000000c0)=0x4d) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d0) 09:55:19 executing program 4: sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x89a1, &(0x7f0000000340)={@local}) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr=' \x01\x00', @loopback, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x40000}) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x1, 0x1010, 0xffffffffffffffff, 0x40000000) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f00000000c0)={0x0, 0x0}, 0x10) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) pipe(0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f00000014c0)=0x975c, 0x4) [ 493.898240][ T9700] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 494.078277][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 494.096700][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.123681][ T4141] usb 2-1: Product: syz [ 494.138833][ T4141] usb 2-1: Manufacturer: syz [ 494.145083][ T4141] usb 2-1: SerialNumber: syz [ 494.150946][ T9700] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 494.164522][ T9700] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 494.175686][ T9700] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.199695][ T9700] usb 3-1: config 0 descriptor?? [ 494.213273][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 494.240551][ T9700] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 494.251141][ T9700] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 494.847258][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 495.268241][ T12] usb 2-1: USB disconnect, device number 72 [ 495.907128][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 495.914073][ T4141] ath9k_htc: Failed to initialize the device [ 495.920989][ T12] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:21 executing program 2: r0 = syz_usb_connect(0x0, 0x2f, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x2, 0x5}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x4, 0x0, &(0x7f0000000040)) 09:55:21 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:21 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb, 0x7e, 0x6, 0x1, 0x1, 0x1}, 0x3c) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='bpf\x00', 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000140)='./file0/file0\x00', r2}, 0x10) 09:55:21 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7, 0x0, &(0x7f0000000040)=0x64) 09:55:21 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efeded"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 496.458717][T12789] usb 3-1: USB disconnect, device number 65 09:55:21 executing program 3: perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x20000}, 0x0, 0xffffffffffdfffff, 0xffffffffffffffff, 0x2) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x1000000000000000}, 0x0, 0x0, 0x1, 0x0, 0x4786}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000580)={0x0, {0x2, 0x4e21, @dev}, {0x2, 0x4e22, @remote}, {0x2, 0x4e28, @multicast2}, 0x1b6}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={0x750, {0x2, 0x0, @dev}, {0x2, 0x0, @remote}, {0x2, 0x0, @broadcast}, 0xf9, 0x0, 0x2, 0x46a, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x97ba, 0xa4000) syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x400, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000001240)={0x84, @broadcast, 0x4e20, 0x0, 'lblc\x00', 0x0, 0x7, 0x5b}, 0x2c) dup3(r1, 0xffffffffffffffff, 0x80000) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r2 = socket$inet(0x2, 0x4000000805, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) dup3(r2, r3, 0x0) 09:55:21 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:21 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="0207060902"], 0x10}}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x33}, 0x0, @in6=@mcast1, 0x0, 0x0, 0x0, 0x9b, 0xffffffff}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2, 0x0) 09:55:22 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) close(r3) 09:55:22 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 496.818250][ T12] usb 2-1: new high-speed USB device number 73 using dummy_hcd 09:55:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) sendto$inet(r0, 0x0, 0xffffffffffffffb5, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='westwood\x00', 0x9) ioctl$EVIOCGUNIQ(0xffffffffffffffff, 0x80404508, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x80000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x6) syz_open_dev$mouse(0x0, 0x0, 0x20000) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000003c0), 0x4) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYRESDEC, @ANYRES16=0x0], 0x2bcf) shutdown(r0, 0x1) recvmsg(r0, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0xfc, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x100) openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x2e9701, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/softnet_stat\x00') [ 496.976707][T12789] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 497.186709][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 497.187114][T12789] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 497.195997][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.215125][ T12] usb 2-1: Product: syz [ 497.219694][ T12] usb 2-1: Manufacturer: syz [ 497.224491][ T12] usb 2-1: SerialNumber: syz [ 497.226620][T12789] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping [ 497.258137][T12789] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 497.277008][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 497.286659][T12789] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 497.306620][T12789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.327159][T12789] usb 3-1: config 0 descriptor?? [ 497.368978][T12789] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 497.376224][T12789] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 497.866566][ T12] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 498.300174][T12789] usb 2-1: USB disconnect, device number 73 [ 498.946262][ T12] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 498.953204][ T12] ath9k_htc: Failed to initialize the device [ 498.959310][T12789] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:24 executing program 2: r0 = syz_usb_connect(0x0, 0x2f, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x2, 0x5}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000240)=""/216) 09:55:24 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:24 executing program 3: perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x20000}, 0x0, 0xffffffffffdfffff, 0xffffffffffffffff, 0x2) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x1000000000000000}, 0x0, 0x0, 0x1, 0x0, 0x4786}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000580)={0x0, {0x2, 0x4e21, @dev}, {0x2, 0x4e22, @remote}, {0x2, 0x4e28, @multicast2}, 0x1b6}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={0x750, {0x2, 0x0, @dev}, {0x2, 0x0, @remote}, {0x2, 0x0, @broadcast}, 0xf9, 0x0, 0x2, 0x46a, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x97ba, 0xa4000) syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x400, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000001240)={0x84, @broadcast, 0x4e20, 0x0, 'lblc\x00', 0x0, 0x7, 0x5b}, 0x2c) dup3(r1, 0xffffffffffffffff, 0x80000) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) r2 = socket$inet(0x2, 0x4000000805, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) dup3(r2, r3, 0x0) 09:55:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$AUDIT_SIGNAL_INFO(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x3f2, 0x20, 0x70bd2d, 0x25dfdbff}, 0x10}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:24 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efeded"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 499.545241][ T17] usb 3-1: USB disconnect, device number 66 09:55:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 499.734637][T16519] blk_update_request: I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 0 [ 499.745703][T16519] Buffer I/O error on dev loop0, logical block 0, lost async page write 09:55:25 executing program 4: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x318, 0x0, 0x168, 0x0, 0x0, 0x168, 0x248, 0x248, 0x248, 0x248, 0x248, 0x3, 0x0, {[{{@ipv6={@remote, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c]}, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x128, 0x158, 0x0, {}, [@common=@unspec=@addrtype1={{0x28, 'addrtype\x00'}, {0x0, 0x0, 0x8}}, @common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'veth1_to_bond\x00'}}]}, @common=@inet=@SET2={0x30, 'SET\x00'}}, {{@ipv6={@ipv4={[], [], @dev}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth0_to_team\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000029000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x80000) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$unlink(0x9, 0x0, 0x0) setregid(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, 0x0) setregid(0x0, r1) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, 0x0) remap_file_pages(&(0x7f000001f000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0) [ 499.893519][T16528] kvm: emulating exchange as write [ 499.898852][T12789] usb 2-1: new high-speed USB device number 74 using dummy_hcd 09:55:25 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 499.958483][T16530] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT 09:55:25 executing program 4: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xa4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000200)=0x1, 0x85) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x0, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000000c0), 0x4) [ 500.006377][T16530] mmap: syz-executor.4 (16530) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 09:55:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 500.066027][ T12] usb 3-1: new high-speed USB device number 67 using dummy_hcd 09:55:25 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) ioctl$BLKROTATIONAL(0xffffffffffffffff, 0x127e, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, 0x0}, 0x0) [ 500.278455][T12789] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 500.287764][T12789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.298295][ T12] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 500.298969][T12789] usb 2-1: Product: syz [ 500.313677][T12789] usb 2-1: Manufacturer: syz [ 500.324585][ T12] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping [ 500.332285][T12789] usb 2-1: SerialNumber: syz [ 500.366315][ T27] audit: type=1804 audit(1589882125.693:72): pid=16555 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir279944485/syzkaller.CQBi5i/110/bus" dev="sda1" ino=16373 res=1 [ 500.389212][ T12] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 500.389322][ T12] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 500.431896][ T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.436497][T12789] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 500.465586][ T12] usb 3-1: config 0 descriptor?? [ 500.510582][ T12] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 500.534412][ T27] audit: type=1804 audit(1589882125.853:73): pid=16559 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir279944485/syzkaller.CQBi5i/110/bus" dev="sda1" ino=16373 res=1 [ 500.537091][ T12] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 501.055799][T12789] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 501.470354][ T17] usb 2-1: USB disconnect, device number 74 [ 502.145517][T12789] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 502.152436][T12789] ath9k_htc: Failed to initialize the device [ 502.159261][ T17] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:28 executing program 2: r0 = syz_usb_connect(0x0, 0x2f, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x2, 0x5}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:28 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:28 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001000050728cc226f11b6a97a0953350e", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008001300", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = getpid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9, 0x1, 'veth\x00'}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x3c}}, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netfilter\x00') getdents(r3, 0x0, 0x0) readahead(r3, 0x9, 0x6) r4 = fcntl$getown(r2, 0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000080)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003440200bfa30000000000001702000000feffff7a0af0ff01ffffff79a4f0ff00000000b7060000ffffffff3d640200000000005502faff037202000404000001007d60b6030000001000006a0a00fe39000000850000002b0000009c000000000000009500000000000000a81bbfa3982de7b0efc5733ed236e4add6de01800000aaa6912a8b2ce571c4580000f7000000e3a94b574d2eb38a548355f0b886bd001362df1d4fdd860db5808922433e3e0f242a46b3009a54f4077db089bd9d5fdb68832e986440ff0a7edfa0cb231ccd00000000000000000000007777e27060493073807c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a02fa0892729507982d90e116bba29bb744af70a4cd8f3ad2db451de058226c4e31a27bf456c04c58bdd0b424ac416e66af9ebcfea905d37cf226312cb81ec843bcea06e7fa5e5b3596301460142f83b465d9e57dfdb06dcf91fd0600000000000000d2110cf2e1f4682c24a314447c5e0807f0b1766ec7ecbd061772daa52a38539295d3fea7a7e669441e1ff041143ecfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd356e205585e30a64830a5796cd7ce18b68bc37e061d33357d6a39d33c702576cc2a8881663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d4326968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a9000000000000000000000000000000e02739ccd50523d36032d38f5cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb0e6d5244c1ff01e97628a88a4b37032f1ef8b8046a3237ad1fe10f7035489179fc8f6c673e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2818206ce5fba6fca8b270d76191b43ab4cbdd4dbcccdc644fe65e7bd90a5fc16387bcb5e1e028d7d2a33c78cb8fe48ddcf6adfc9417bd42909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9538eb067b21111dbaa58b19a52f3f12880128d08eb477ad349c2214bc7f8378b7e5b5415f3da911411ed6655c6b66beaf92e416313dfe58e88fbfa825114227c2f6cfd1448ca37902a5678af7277e6cde25737b058ba3ca60696bc1d4df56b6f544f57ddc35f3c1b5904def348912e1fefe8164c3341b91913718593085d2a9a260663c11f5484cad2de673f9a1fcac868ff6cb20122f76531881165f4d46e1a23ce0dc462ff47e1fb4a8e2a1f6e3b8134031eb29e068c831dc2d825b82749063a85bf6c1bcf4ccf798e49000000000000000000009e664603220bf1e47cfdc28f5cc38b3d66751a524081f961f3a6bec7b84976ae5fc7a8d29dc65277d3a47422bcf49b3f399fb3b10967ef66d63e4404d66f6ac1c6d0d57dd3e55dc62e58b25a34d1a482652315813e92188263a93f13dde4dd81dfe32af06f6f3fcd73789cc69925a3211955290f85e42dabf19d40f717edd7361ad3801f6642046376000000000000005581a3b65fc336f7011e6810cd"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040)}, 0x24) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f00000001c0), 0xfffffef3) write$P9_RLINK(r2, &(0x7f0000000300)={0x7, 0x47, 0x2}, 0x7) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) 09:55:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:28 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) mount(&(0x7f0000000240)=ANY=[@ANYBLOB='./file0'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x1147810, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x20, &(0x7f0000000000)={[{@data_err_abort='data_err=abort'}, {@nojournal_checksum='nojournal_checksum'}]}) 09:55:28 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efeded"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 502.658954][T10131] usb 3-1: USB disconnect, device number 67 [ 502.747160][ T27] audit: type=1800 audit(1589882128.074:74): pid=16600 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16373 res=0 [ 502.781046][T16600] EXT4-fs (sda1): re-mounted. Opts: data_err=abort,nojournal_checksum, 09:55:28 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x0, 0x0, "f4360a31ab8e89a9"}) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, "8000"}) r3 = syz_open_pts(r2, 0x0) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000100)={0xfdfdffff, 0x0, 0x0, 0x0, 0x0, "000000000000000000000010000000001000"}) 09:55:28 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 503.005383][ T17] usb 2-1: new high-speed USB device number 75 using dummy_hcd 09:55:28 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8001) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0xffffffffffffffff, 0x0, 0x0, 0x0) 09:55:28 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 503.185251][T10131] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 503.219035][ T27] audit: type=1804 audit(1589882128.544:75): pid=16634 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir279944485/syzkaller.CQBi5i/113/bus" dev="sda1" ino=15739 res=1 [ 503.352039][ T27] audit: type=1804 audit(1589882128.674:76): pid=16649 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir279944485/syzkaller.CQBi5i/113/bus" dev="sda1" ino=15739 res=1 09:55:28 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 503.395266][ T17] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 503.415296][T10131] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 503.435348][ T17] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.457567][T10131] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping [ 503.479886][ T17] usb 2-1: Product: syz [ 503.494849][ T17] usb 2-1: Manufacturer: syz [ 503.507991][T10131] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 503.537559][ T17] usb 2-1: SerialNumber: syz [ 503.578750][T10131] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 503.593043][T10131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.604529][ T17] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 503.651642][T10131] usb 3-1: config 0 descriptor?? [ 503.697509][T10131] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 503.709148][T10131] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 504.215103][T12789] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 504.626652][ T12] usb 2-1: USB disconnect, device number 75 [ 505.264829][T12789] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 505.271856][T12789] ath9k_htc: Failed to initialize the device [ 505.278759][ T12] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:31 executing program 2: r0 = syz_usb_connect(0x0, 0x32, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x5, 0x5, "81bb6e"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:55:31 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001000050728cc226f11b6a97a0953350e", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008001300", @ANYRES32=0x0, @ANYBLOB], 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = getpid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9, 0x1, 'veth\x00'}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x3c}}, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netfilter\x00') getdents(r3, 0x0, 0x0) readahead(r3, 0x9, 0x6) r4 = fcntl$getown(r2, 0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x2}}, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000080)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003440200bfa30000000000001702000000feffff7a0af0ff01ffffff79a4f0ff00000000b7060000ffffffff3d640200000000005502faff037202000404000001007d60b6030000001000006a0a00fe39000000850000002b0000009c000000000000009500000000000000a81bbfa3982de7b0efc5733ed236e4add6de01800000aaa6912a8b2ce571c4580000f7000000e3a94b574d2eb38a548355f0b886bd001362df1d4fdd860db5808922433e3e0f242a46b3009a54f4077db089bd9d5fdb68832e986440ff0a7edfa0cb231ccd00000000000000000000007777e27060493073807c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a02fa0892729507982d90e116bba29bb744af70a4cd8f3ad2db451de058226c4e31a27bf456c04c58bdd0b424ac416e66af9ebcfea905d37cf226312cb81ec843bcea06e7fa5e5b3596301460142f83b465d9e57dfdb06dcf91fd0600000000000000d2110cf2e1f4682c24a314447c5e0807f0b1766ec7ecbd061772daa52a38539295d3fea7a7e669441e1ff041143ecfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd356e205585e30a64830a5796cd7ce18b68bc37e061d33357d6a39d33c702576cc2a8881663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d4326968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a9000000000000000000000000000000e02739ccd50523d36032d38f5cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb0e6d5244c1ff01e97628a88a4b37032f1ef8b8046a3237ad1fe10f7035489179fc8f6c673e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2818206ce5fba6fca8b270d76191b43ab4cbdd4dbcccdc644fe65e7bd90a5fc16387bcb5e1e028d7d2a33c78cb8fe48ddcf6adfc9417bd42909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9538eb067b21111dbaa58b19a52f3f12880128d08eb477ad349c2214bc7f8378b7e5b5415f3da911411ed6655c6b66beaf92e416313dfe58e88fbfa825114227c2f6cfd1448ca37902a5678af7277e6cde25737b058ba3ca60696bc1d4df56b6f544f57ddc35f3c1b5904def348912e1fefe8164c3341b91913718593085d2a9a260663c11f5484cad2de673f9a1fcac868ff6cb20122f76531881165f4d46e1a23ce0dc462ff47e1fb4a8e2a1f6e3b8134031eb29e068c831dc2d825b82749063a85bf6c1bcf4ccf798e49000000000000000000009e664603220bf1e47cfdc28f5cc38b3d66751a524081f961f3a6bec7b84976ae5fc7a8d29dc65277d3a47422bcf49b3f399fb3b10967ef66d63e4404d66f6ac1c6d0d57dd3e55dc62e58b25a34d1a482652315813e92188263a93f13dde4dd81dfe32af06f6f3fcd73789cc69925a3211955290f85e42dabf19d40f717edd7361ad3801f6642046376000000000000005581a3b65fc336f7011e6810cd"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040)}, 0x24) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f00000001c0), 0xfffffef3) write$P9_RLINK(r2, &(0x7f0000000300)={0x7, 0x47, 0x2}, 0x7) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) 09:55:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:31 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:31 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x0) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 505.761608][ T4141] usb 3-1: USB disconnect, device number 68 [ 505.883261][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 505.962803][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 506.036011][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 506.088558][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 506.101280][T16707] blk_update_request: I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 0 [ 506.112296][T16707] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 506.137033][T10131] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 506.174261][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready 09:55:31 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 506.253860][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 506.264606][ T4141] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 506.331171][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 506.363899][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 506.377765][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 506.397097][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 506.416606][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 506.439165][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 506.460230][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 506.478005][T16693] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready 09:55:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:55:31 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 506.486752][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 506.520264][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping [ 506.574761][T10131] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 506.588470][T10131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.606310][T10131] usb 2-1: Product: syz [ 506.611524][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 506.615535][T10131] usb 2-1: Manufacturer: syz [ 506.655992][T10131] usb 2-1: SerialNumber: syz [ 506.690280][ T4141] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 506.701373][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 506.716559][ T4141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 09:55:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = memfd_create(&(0x7f0000000000), 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xfffffffe) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x43) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$vsock(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000140)={0x0, 0xb30, &(0x7f00000001c0)="8016acb206148cf2f339fda345d9c0af6e28c7a0c32be5b5e15019e5b78ce82ff139d3a131b5ae61de50009fdbd16b06c4ae3be131b1417f5c6480a86b8ff6200e0c057241646ceeccc78525a836a7f03ee47f74089b8b699d813513e65bf071b3f48ddcb42095a69da0468cbb080a8a98fbbc850f151946", &(0x7f00000002c0)="357061e72247da8d8a30a8feb26a6d596cdd16e8c22ba4f0e6bc925e4a74684f40044aa288ee2069131943779a45a0ee6298b4aff3d475952d11696cf09060c1a8fdd9f310103d1743adfe2e386abd93dec77097d5dbb3020531", 0x78, 0x5a}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4c8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:55:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 506.735101][T10131] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 506.746250][ T4141] usb 3-1: config 0 descriptor?? [ 506.796726][ T4141] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 506.801215][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 506.804176][ T4141] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 506.849371][T16736] blk_update_request: I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 0 [ 506.853865][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 506.860355][T16736] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 506.919184][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready 09:55:32 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 506.974082][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 507.035345][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 507.072831][T16725] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 507.081973][T16748] kvm: pic: single mode not supported [ 507.082004][T16748] kvm: pic: level sensitive irq not supported [ 507.090869][T16748] kvm: pic: single mode not supported [ 507.140248][T16748] kvm: pic: single mode not supported [ 507.145835][T16748] kvm: pic: level sensitive irq not supported [ 507.163997][T16748] kvm: pic: single mode not supported [ 507.170282][T16748] kvm: pic: level sensitive irq not supported [ 507.197226][T16748] kvm: pic: single mode not supported [ 507.203383][T16748] kvm: pic: level sensitive irq not supported [ 507.220048][T16748] kvm: pic: single mode not supported [ 507.226376][T16748] kvm: pic: level sensitive irq not supported [ 507.233569][T16748] kvm: pic: single mode not supported [ 507.243830][T16748] kvm: pic: single mode not supported [ 507.249420][T16748] kvm: pic: level sensitive irq not supported [ 507.262461][T16748] kvm: pic: level sensitive irq not supported [ 507.294042][T16748] kvm: pic: single mode not supported [ 507.307606][T16748] kvm: pic: single mode not supported [ 507.404482][T10131] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 508.104401][T12825] usb 2-1: USB disconnect, device number 76 [ 508.464085][T10131] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 508.471164][T10131] ath9k_htc: Failed to initialize the device [ 508.478137][T12825] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:34 executing program 2: r0 = syz_usb_connect(0x0, 0x32, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x5, 0x5, "81bb6e"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:34 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = memfd_create(&(0x7f0000000000), 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xfffffffe) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x43) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$vsock(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000140)={0x0, 0xb30, &(0x7f00000001c0)="8016acb206148cf2f339fda345d9c0af6e28c7a0c32be5b5e15019e5b78ce82ff139d3a131b5ae61de50009fdbd16b06c4ae3be131b1417f5c6480a86b8ff6200e0c057241646ceeccc78525a836a7f03ee47f74089b8b699d813513e65bf071b3f48ddcb42095a69da0468cbb080a8a98fbbc850f151946", &(0x7f00000002c0)="357061e72247da8d8a30a8feb26a6d596cdd16e8c22ba4f0e6bc925e4a74684f40044aa288ee2069131943779a45a0ee6298b4aff3d475952d11696cf09060c1a8fdd9f310103d1743adfe2e386abd93dec77097d5dbb3020531", 0x78, 0x5a}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4c8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:55:34 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x0) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 508.860657][T12825] usb 3-1: USB disconnect, device number 69 09:55:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 509.122862][T16797] kvm: pic: level sensitive irq not supported [ 509.162143][T16797] kvm: pic: level sensitive irq not supported 09:55:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 509.178472][T16797] kvm: pic: level sensitive irq not supported [ 509.203997][ T4141] usb 2-1: new high-speed USB device number 77 using dummy_hcd 09:55:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 509.383910][T12825] usb 3-1: new high-speed USB device number 70 using dummy_hcd 09:55:34 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = memfd_create(&(0x7f0000000000), 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xfffffffe) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x43) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$vsock(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000140)={0x0, 0xb30, &(0x7f00000001c0)="8016acb206148cf2f339fda345d9c0af6e28c7a0c32be5b5e15019e5b78ce82ff139d3a131b5ae61de50009fdbd16b06c4ae3be131b1417f5c6480a86b8ff6200e0c057241646ceeccc78525a836a7f03ee47f74089b8b699d813513e65bf071b3f48ddcb42095a69da0468cbb080a8a98fbbc850f151946", &(0x7f00000002c0)="357061e72247da8d8a30a8feb26a6d596cdd16e8c22ba4f0e6bc925e4a74684f40044aa288ee2069131943779a45a0ee6298b4aff3d475952d11696cf09060c1a8fdd9f310103d1743adfe2e386abd93dec77097d5dbb3020531", 0x78, 0x5a}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4c8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:55:34 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 509.604303][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 509.618924][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.624104][T12825] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping 09:55:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 509.661407][ T4141] usb 2-1: Product: syz [ 509.677220][T12825] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping [ 509.679024][ T4141] usb 2-1: Manufacturer: syz [ 509.717973][T12825] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 509.747586][ T4141] usb 2-1: SerialNumber: syz [ 509.762627][T12825] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 509.800746][T12825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.818480][T12825] usb 3-1: config 0 descriptor?? [ 509.824606][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 509.888341][T12825] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 509.897009][T12825] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 510.393737][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 511.020805][ T9859] usb 2-1: USB disconnect, device number 77 [ 511.503502][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 511.510411][ T4141] ath9k_htc: Failed to initialize the device [ 511.516806][ T9859] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:37 executing program 2: r0 = syz_usb_connect(0x0, 0x32, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x20, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x5, 0x5, "81bb6e"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:37 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = memfd_create(&(0x7f0000000000), 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xfffffffe) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x43) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$vsock(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000140)={0x0, 0xb30, &(0x7f00000001c0)="8016acb206148cf2f339fda345d9c0af6e28c7a0c32be5b5e15019e5b78ce82ff139d3a131b5ae61de50009fdbd16b06c4ae3be131b1417f5c6480a86b8ff6200e0c057241646ceeccc78525a836a7f03ee47f74089b8b699d813513e65bf071b3f48ddcb42095a69da0468cbb080a8a98fbbc850f151946", &(0x7f00000002c0)="357061e72247da8d8a30a8feb26a6d596cdd16e8c22ba4f0e6bc925e4a74684f40044aa288ee2069131943779a45a0ee6298b4aff3d475952d11696cf09060c1a8fdd9f310103d1743adfe2e386abd93dec77097d5dbb3020531", 0x78, 0x5a}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4c8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:55:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:37 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x0) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 511.954124][ T9859] usb 3-1: USB disconnect, device number 70 09:55:37 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 512.171943][T16896] pic_ioport_write: 29 callbacks suppressed [ 512.171959][T16896] kvm: pic: single mode not supported [ 512.171969][T16896] pic_ioport_write: 11 callbacks suppressed [ 512.171984][T16896] kvm: pic: level sensitive irq not supported 09:55:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 512.172307][T16896] kvm: pic: single mode not supported [ 512.268986][T16896] kvm: pic: single mode not supported [ 512.275716][T16896] kvm: pic: level sensitive irq not supported [ 512.291004][T16896] kvm: pic: single mode not supported [ 512.297397][T16896] kvm: pic: level sensitive irq not supported [ 512.313292][T12825] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 512.340530][T16896] kvm: pic: single mode not supported 09:55:37 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 512.340562][T16896] kvm: pic: level sensitive irq not supported [ 512.368275][T16896] kvm: pic: single mode not supported [ 512.374602][T16896] kvm: pic: level sensitive irq not supported 09:55:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 512.408031][T16896] kvm: pic: single mode not supported [ 512.436343][T16896] kvm: pic: single mode not supported [ 512.441795][T16896] kvm: pic: level sensitive irq not supported [ 512.458405][T16896] kvm: pic: level sensitive irq not supported [ 512.482195][T16896] kvm: pic: single mode not supported [ 512.491566][T16896] kvm: pic: single mode not supported [ 512.533925][ T9859] usb 3-1: new high-speed USB device number 71 using dummy_hcd 09:55:37 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 512.713576][T12825] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 512.727816][T12825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.743750][T12825] usb 2-1: Product: syz [ 512.755423][T12825] usb 2-1: Manufacturer: syz [ 512.763010][T12825] usb 2-1: SerialNumber: syz [ 512.806173][T12825] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 512.823428][ T9859] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 512.873154][ T9859] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping [ 512.898517][ T9859] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 512.945263][ T9859] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 512.965597][ T9859] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.993709][ T9859] usb 3-1: config 0 descriptor?? [ 513.047719][ T9859] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 513.066790][ T9859] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 513.373164][T12825] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 514.203955][T10131] usb 2-1: USB disconnect, device number 78 [ 514.462839][T12825] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 514.471100][T12825] ath9k_htc: Failed to initialize the device [ 514.478002][T10131] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:40 executing program 2: r0 = syz_usb_connect(0x0, 0x33, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x21, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x6, 0x5, "81bb6e86"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = memfd_create(&(0x7f0000000000), 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0xfffffffe) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x43) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) openat$vsock(0xffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000140)={0x0, 0xb30, &(0x7f00000001c0)="8016acb206148cf2f339fda345d9c0af6e28c7a0c32be5b5e15019e5b78ce82ff139d3a131b5ae61de50009fdbd16b06c4ae3be131b1417f5c6480a86b8ff6200e0c057241646ceeccc78525a836a7f03ee47f74089b8b699d813513e65bf071b3f48ddcb42095a69da0468cbb080a8a98fbbc850f151946", &(0x7f00000002c0)="357061e72247da8d8a30a8feb26a6d596cdd16e8c22ba4f0e6bc925e4a74684f40044aa288ee2069131943779a45a0ee6298b4aff3d475952d11696cf09060c1a8fdd9f310103d1743adfe2e386abd93dec77097d5dbb3020531", 0x78, 0x5a}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4c8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:55:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:40 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:40 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x0) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 515.060548][ T4141] usb 3-1: USB disconnect, device number 71 09:55:40 executing program 0: r0 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r0, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2) [ 515.301275][T16982] kvm: pic: level sensitive irq not supported [ 515.406352][T16982] kvm: pic: level sensitive irq not supported [ 515.412666][ T9859] usb 2-1: new high-speed USB device number 79 using dummy_hcd 09:55:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:40 executing program 0: r0 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r0, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2) [ 515.431266][T16982] kvm: pic: level sensitive irq not supported [ 515.542560][ T4141] usb 3-1: new high-speed USB device number 72 using dummy_hcd 09:55:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c387"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a88858abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:40 executing program 0: r0 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r0, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2) 09:55:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 515.822989][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 515.842845][ T9859] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 515.868349][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 515.886636][ T9859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.912524][ T9859] usb 2-1: Product: syz [ 515.917910][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 515.935730][ T9859] usb 2-1: Manufacturer: syz [ 515.940961][ T9859] usb 2-1: SerialNumber: syz [ 515.946848][ T4141] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 515.957118][ T4141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.975319][ T4141] usb 3-1: config 0 descriptor?? [ 516.014983][T16995] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 516.022666][ T9859] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 516.038205][ T4141] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 516.047473][ T4141] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 516.732372][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 517.156579][ T27] audit: type=1804 audit(1589882142.477:77): pid=16987 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39372FE8 dev="sda1" ino=16113 res=1 [ 517.185665][ T27] audit: type=1804 audit(1589882142.497:78): pid=16987 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39372FE8 dev="sda1" ino=16113 res=1 [ 517.214692][ T27] audit: type=1804 audit(1589882142.497:79): pid=16987 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39372FE8 dev="sda1" ino=16113 res=1 [ 517.485427][T10131] usb 2-1: USB disconnect, device number 79 [ 517.822081][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 517.829052][ T4141] ath9k_htc: Failed to initialize the device [ 517.835933][T10131] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:43 executing program 2: r0 = syz_usb_connect(0x0, 0x33, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x21, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x6, 0x5, "81bb6e86"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = semget$private(0x0, 0x2, 0x0) semop(r3, &(0x7f00000002c0)=[{0x0, 0xffff}], 0x1) semctl$SETALL(r3, 0x0, 0x11, &(0x7f0000000100)=[0x2]) 09:55:43 executing program 0: r0 = syz_open_dev$loop(0x0, 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:43 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x0) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 518.161102][ T4141] usb 3-1: USB disconnect, device number 72 09:55:43 executing program 0: r0 = syz_open_dev$loop(0x0, 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:43 executing program 0: r0 = syz_open_dev$loop(0x0, 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 518.544271][T10131] usb 2-1: new high-speed USB device number 80 using dummy_hcd 09:55:44 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 518.691943][ T4141] usb 3-1: new high-speed USB device number 73 using dummy_hcd 09:55:44 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000300)='batadv\x00') [ 518.912814][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 518.935602][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 518.974459][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 518.974746][T10131] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 519.017421][T10131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.023313][ T4141] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 519.037301][ T4141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.037777][T10131] usb 2-1: Product: syz [ 519.056791][ T4141] usb 3-1: config 0 descriptor?? [ 519.060920][T10131] usb 2-1: Manufacturer: syz [ 519.073891][T10131] usb 2-1: SerialNumber: syz [ 519.083292][T17084] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 519.104279][ T4141] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 519.111578][ T4141] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 519.124912][T10131] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 519.781768][T10131] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 520.206263][ T27] audit: type=1804 audit(1589882145.527:80): pid=17074 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39382FE8 dev="sda1" ino=16384 res=1 [ 520.234050][ T27] audit: type=1804 audit(1589882145.527:81): pid=17074 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39382FE8 dev="sda1" ino=16384 res=1 [ 520.284521][ T27] audit: type=1804 audit(1589882145.527:82): pid=17074 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39382FE8 dev="sda1" ino=16384 res=1 [ 520.514580][ T4141] usb 2-1: USB disconnect, device number 80 [ 520.861486][T10131] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 520.868440][T10131] ath9k_htc: Failed to initialize the device [ 520.875350][ T4141] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:46 executing program 2: r0 = syz_usb_connect(0x0, 0x33, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x21, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x6, 0x5, "81bb6e86"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r1, 0x8028c003, 0x0) 09:55:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:46 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:46 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = semget$private(0x0, 0x2, 0x0) semop(r2, &(0x7f00000001c0)=[{}], 0x1) semop(r2, &(0x7f00000002c0)=[{0x0, 0xffff}, {0x0, 0x367}], 0x2) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000100)=[0x2]) 09:55:46 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:46 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x0) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 521.271382][ T4141] usb 3-1: USB disconnect, device number 73 09:55:46 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:46 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0xffffffffffffffff, 0x4) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000000080)=0x402, 0x4) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000000)) 09:55:46 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 521.611381][ T12] usb 2-1: new high-speed USB device number 81 using dummy_hcd 09:55:47 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(0x0, 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 521.743120][ T4141] usb 3-1: new high-speed USB device number 74 using dummy_hcd 09:55:47 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setrlimit(0x7, &(0x7f0000000240)) dup(r0) [ 521.962095][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 521.987711][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 522.011553][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 522.025211][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 522.034390][ T4141] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 522.044352][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.052789][ T4141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.060839][ T12] usb 2-1: Product: syz [ 522.065789][ T12] usb 2-1: Manufacturer: syz [ 522.070897][ T12] usb 2-1: SerialNumber: syz [ 522.076811][ T4141] usb 3-1: config 0 descriptor?? [ 522.112870][T17168] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 522.133460][ T4141] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 522.140999][ T4141] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 522.149157][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 522.761188][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 523.185945][ T27] audit: type=1804 audit(1589882148.508:83): pid=17163 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39392FE8 dev="sda1" ino=16384 res=1 [ 523.215864][ T27] audit: type=1804 audit(1589882148.518:84): pid=17163 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39392FE8 dev="sda1" ino=16384 res=1 [ 523.246795][ T27] audit: type=1804 audit(1589882148.518:85): pid=17163 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F39392FE8 dev="sda1" ino=16384 res=1 [ 523.493940][ T9859] usb 2-1: USB disconnect, device number 81 [ 523.830903][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 523.837840][ T4141] ath9k_htc: Failed to initialize the device [ 523.844252][ T9859] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:49 executing program 2: syz_usb_connect(0x0, 0x34, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "81bb6e86a9"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r0, 0x8028c003, 0x0) 09:55:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:49 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(0x0, 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:49 executing program 4: 09:55:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:49 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x0) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) [ 524.345681][T10131] usb 3-1: USB disconnect, device number 74 09:55:49 executing program 4: 09:55:49 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(0x0, 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:49 executing program 4: 09:55:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r3) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:50 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 524.710698][ T4141] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 524.860707][T10131] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 525.080654][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 525.089806][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.110600][ T4141] usb 2-1: Product: syz [ 525.114896][ T4141] usb 2-1: Manufacturer: syz [ 525.119471][ T4141] usb 2-1: SerialNumber: syz [ 525.152436][T10131] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 525.170637][T10131] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 525.173067][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 525.210867][T10131] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1646, setting to 1024 [ 525.222823][T10131] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 525.236679][T10131] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 525.246490][T10131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.257539][T10131] usb 3-1: config 0 descriptor?? [ 525.292247][T17258] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 525.523393][T10131] iowarrior 3-1:0.0: IOWarrior product=0x1501, serial= interface=0 now attached to iowarrior0 [ 525.548080][T10131] usb 3-1: USB disconnect, device number 75 [ 525.562515][T10131] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 525.752929][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 09:55:51 executing program 2: syz_usb_connect(0x0, 0x34, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "81bb6e86a9"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r0, 0x8028c003, 0x0) 09:55:51 executing program 4: 09:55:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:51 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r3) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:51 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 526.168779][ T27] audit: type=1804 audit(1589882151.489:86): pid=17251 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130302FE8 dev="sda1" ino=16374 res=1 [ 526.221237][T10131] usb 2-1: USB disconnect, device number 82 [ 526.224114][ T27] audit: type=1804 audit(1589882151.489:87): pid=17251 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130302FE8 dev="sda1" ino=16374 res=1 [ 526.369977][ T27] audit: type=1804 audit(1589882151.489:88): pid=17251 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130302FE8 dev="sda1" ino=16374 res=1 [ 526.502937][T10634] usb 3-1: new high-speed USB device number 76 using dummy_hcd 09:55:52 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x0) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:55:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:52 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r3) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) syz_read_part_table(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r0) 09:55:52 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 526.735448][T10634] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 526.750189][T10634] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 526.780337][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 526.787206][ T4141] ath9k_htc: Failed to initialize the device [ 526.803531][T10634] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1646, setting to 1024 [ 526.824373][T10131] usb 2-1: ath9k_htc: USB layer deinitialized [ 526.826917][T10634] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 09:55:52 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, 0x0, 0x0, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 526.925373][T10634] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 526.935251][T10634] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.944625][T10634] usb 3-1: config 0 descriptor?? [ 526.961859][T17342] raw-gadget gadget: fail, usb_ep_enable returned -22 09:55:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0, 0x0) syz_read_part_table(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r0) [ 527.220765][T10634] iowarrior 3-1:0.0: IOWarrior product=0x1501, serial= interface=0 now attached to iowarrior0 [ 527.234461][T10634] usb 3-1: USB disconnect, device number 76 [ 527.241686][T10634] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 527.300227][T10131] usb 2-1: new high-speed USB device number 83 using dummy_hcd 09:55:53 executing program 2: syz_usb_connect(0x0, 0x34, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "81bb6e86a9"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(r0, 0x8028c003, 0x0) 09:55:53 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:53 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, 0x0, 0x0, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) close(r3) openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r6, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x113, 0x0, 0x0, 0x0) [ 527.740849][T10131] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 527.749902][T10131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.838046][T10131] usb 2-1: Product: syz [ 527.861053][T10131] usb 2-1: Manufacturer: syz [ 527.865652][T10131] usb 2-1: SerialNumber: syz [ 527.940473][T10131] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 528.140040][T10634] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 528.370035][T10634] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 528.398202][T10634] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 528.448279][T10634] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1646, setting to 1024 [ 528.489991][T10634] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 528.505195][T10634] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 528.514713][T10634] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.533501][T10634] usb 3-1: config 0 descriptor?? [ 528.551705][T17443] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 528.629961][T10131] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 528.792648][T10634] iowarrior 3-1:0.0: IOWarrior product=0x1501, serial= interface=0 now attached to iowarrior0 [ 528.808790][T10634] usb 3-1: USB disconnect, device number 77 [ 528.828759][T10634] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 529.064816][ T27] audit: type=1804 audit(1589882154.389:89): pid=17384 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130312FE8 dev="sda1" ino=16384 res=1 [ 529.095313][ T27] audit: type=1804 audit(1589882154.389:90): pid=17384 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130312FE8 dev="sda1" ino=16384 res=1 [ 529.122937][ T27] audit: type=1804 audit(1589882154.389:91): pid=17384 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130312FE8 dev="sda1" ino=16384 res=1 [ 529.153398][T10634] usb 2-1: USB disconnect, device number 83 09:55:55 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x0) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:55:55 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, 0x0, 0x0, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:55 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r2, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) 09:55:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:55 executing program 2: r0 = syz_usb_connect(0x0, 0x34, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "81bb6e86a9"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(0xffffffffffffffff, 0x8028c003, 0x0) [ 529.659721][T10131] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 529.666619][T10131] ath9k_htc: Failed to initialize the device [ 529.703357][T10634] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:55 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000), 0x0, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 529.805968][T17501] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:55:55 executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:55:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:55 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000), 0x0, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:55 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x42, 0x0, &(0x7f0000000200)) 09:55:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 530.039665][ T4141] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 530.069373][T17538] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 530.212393][T10634] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 530.252411][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 530.271975][ T4141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 530.298573][ T4141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1646, setting to 1024 [ 530.317249][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 530.333590][ T4141] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 530.343549][ T4141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.356212][ T4141] usb 3-1: config 0 descriptor?? [ 530.381975][T17506] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 530.609843][T10634] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 530.619066][T10634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.633425][ T4141] iowarrior 3-1:0.0: IOWarrior product=0x1501, serial= interface=0 now attached to iowarrior0 [ 530.645681][T10634] usb 2-1: Product: syz [ 530.656761][T10634] usb 2-1: Manufacturer: syz [ 530.662272][T10634] usb 2-1: SerialNumber: syz [ 530.701179][T10634] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 530.843345][ T9700] usb 3-1: USB disconnect, device number 78 [ 530.853148][ T9700] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 531.279488][T10634] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 531.703907][ T27] audit: type=1804 audit(1589882157.030:92): pid=17516 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130322FE8 dev="sda1" ino=16384 res=1 [ 531.731337][ T27] audit: type=1804 audit(1589882157.030:93): pid=17516 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130322FE8 dev="sda1" ino=16384 res=1 [ 531.762629][ T27] audit: type=1804 audit(1589882157.030:94): pid=17516 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130322FE8 dev="sda1" ino=16384 res=1 [ 531.773732][ T9700] usb 2-1: USB disconnect, device number 84 [ 531.899615][ T0] NOHZ: local_softirq_pending 08 09:55:57 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(0xffffffffffffffff, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:55:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:57 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x0) 09:55:57 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000), 0x0, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:55:57 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:57 executing program 2: r0 = syz_usb_connect(0x0, 0x34, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "81bb6e86a9"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(0xffffffffffffffff, 0x8028c003, 0x0) [ 532.299266][T10634] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 532.306144][T10634] ath9k_htc: Failed to initialize the device [ 532.339041][ T9700] usb 2-1: ath9k_htc: USB layer deinitialized 09:55:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x5452, &(0x7f0000000000)={0x6, 'batadv_slave_0\x00'}) 09:55:57 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 532.559190][T17605] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:55:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:55:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 532.649296][ T4141] usb 3-1: new high-speed USB device number 79 using dummy_hcd 09:55:58 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20008005, 0x0, 0x0) 09:55:58 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 532.869415][ T9700] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 532.889462][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 532.913780][ T4141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 532.933954][ T4141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1646, setting to 1024 [ 532.948716][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 532.964770][ T4141] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 532.978083][ T4141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.990751][ T4141] usb 3-1: config 0 descriptor?? [ 533.015697][T17603] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 533.252304][ T4141] iowarrior 3-1:0.0: IOWarrior product=0x1501, serial= interface=0 now attached to iowarrior0 [ 533.309125][ T9700] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 533.321352][ T9700] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.331515][ T9700] usb 2-1: Product: syz [ 533.335727][ T9700] usb 2-1: Manufacturer: syz [ 533.343872][ T9700] usb 2-1: SerialNumber: syz [ 533.401870][ T9700] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 533.465328][T10634] usb 3-1: USB disconnect, device number 79 [ 533.472536][T10634] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 534.048948][ T9700] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 534.463375][ T27] audit: type=1804 audit(1589882159.790:95): pid=17619 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130332FE8 dev="sda1" ino=16369 res=1 [ 534.491132][ T27] audit: type=1804 audit(1589882159.790:96): pid=17619 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130332FE8 dev="sda1" ino=16369 res=1 [ 534.518252][ T27] audit: type=1804 audit(1589882159.790:97): pid=17619 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130332FE8 dev="sda1" ino=16369 res=1 [ 534.559610][T12789] usb 2-1: USB disconnect, device number 85 09:56:00 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(0xffffffffffffffff, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:00 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) shmctl$IPC_SET(0x0, 0xc, 0x0) 09:56:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:00 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{0x0}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:00 executing program 2: r0 = syz_usb_connect(0x0, 0x34, &(0x7f0000002c40)={{0x12, 0x1, 0x0, 0x1c, 0x0, 0xf5, 0x40, 0x7c0, 0x1501, 0x6514, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x12, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "81bb6e86a9"}]}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGREP(0xffffffffffffffff, 0x8028c003, 0x0) [ 535.098771][ T9700] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 535.105651][ T9700] ath9k_htc: Failed to initialize the device 09:56:00 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) io_setup(0x20, &(0x7f0000000240)=0x0) io_submit(r2, 0x0, 0x0) io_pgetevents(r2, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0), 0x8}) [ 535.144320][T12789] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:00 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:00 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:00 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r2, r1, 0x0, 0x0, 0x0}, 0x30) [ 535.491183][ T4141] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 535.608665][T12789] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 535.728644][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 535.743902][ T4141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 169, changing to 11 [ 535.760693][ T4141] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1646, setting to 1024 [ 535.786453][ T4141] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 535.808198][ T4141] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=65.14 [ 535.817866][ T4141] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.829890][ T4141] usb 3-1: config 0 descriptor?? [ 535.860320][T17710] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 535.978608][T12789] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 535.987660][T12789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.008545][T12789] usb 2-1: Product: syz [ 536.012714][T12789] usb 2-1: Manufacturer: syz [ 536.017370][T12789] usb 2-1: SerialNumber: syz [ 536.059586][T12789] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 536.119059][ T4141] iowarrior 3-1:0.0: IOWarrior product=0x1501, serial= interface=0 now attached to iowarrior0 [ 536.347768][T10131] usb 3-1: USB disconnect, device number 80 [ 536.380986][T10131] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 536.628501][T12789] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 537.064551][ T27] audit: type=1804 audit(1589882162.391:98): pid=17715 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130342FE8 dev="sda1" ino=16365 res=1 [ 537.093006][ T27] audit: type=1804 audit(1589882162.391:99): pid=17715 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130342FE8 dev="sda1" ino=16365 res=1 [ 537.120706][ T27] audit: type=1804 audit(1589882162.391:100): pid=17715 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130342FE8 dev="sda1" ino=16365 res=1 [ 537.159725][ T4141] usb 2-1: USB disconnect, device number 86 09:56:03 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(0xffffffffffffffff, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:03 executing program 4: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000002c0)='./file0/file0\x00', r1, &(0x7f0000000180)='./file0/file0\x00') perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) renameat2(r1, &(0x7f0000000100)='./file0/file0\x00', r1, &(0x7f0000000000)='./file0\x00', 0x0) 09:56:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:03 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x802, 0x73) sendmmsg$inet6(r2, &(0x7f0000003380)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@flowinfo={{0x14, 0x29, 0xb, 0x1}}], 0x18}}], 0x1, 0x0) [ 537.658287][T12789] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 537.665448][T12789] ath9k_htc: Failed to initialize the device [ 537.672301][ T4141] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:03 executing program 2: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000080)={0x0, 0x882200}) [ 537.863034][T17808] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:56:03 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:03 executing program 4: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000002c0)='./file0/file0\x00', r1, &(0x7f0000000180)='./file0/file0\x00') perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) renameat2(r1, &(0x7f0000000100)='./file0/file0\x00', r1, &(0x7f0000000000)='./file0\x00', 0x0) 09:56:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 538.185415][T17836] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 538.228129][ T4141] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 538.264155][T17850] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 538.628362][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 538.640080][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.649980][ T4141] usb 2-1: Product: syz [ 538.654304][ T4141] usb 2-1: Manufacturer: syz [ 538.662023][ T4141] usb 2-1: SerialNumber: syz [ 538.721845][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 539.398032][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 539.812506][ T27] audit: type=1804 audit(1589882165.141:101): pid=17816 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130352FE8 dev="sda1" ino=16384 res=1 [ 539.841236][ T27] audit: type=1804 audit(1589882165.141:102): pid=17816 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130352FE8 dev="sda1" ino=16384 res=1 [ 539.869144][ T27] audit: type=1804 audit(1589882165.141:103): pid=17816 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130352FE8 dev="sda1" ino=16384 res=1 [ 539.908684][T10634] usb 2-1: USB disconnect, device number 87 09:56:05 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, 0x0, 0x0) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:05 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:05 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/nf_conntrack\x00') lseek(r0, 0x1000, 0x0) shutdown(0xffffffffffffffff, 0x0) 09:56:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:05 executing program 4: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0xf8, 0x128, 0x128, 0x0, 0x0, 0x260, 0x290, 0x290, 0x260, 0x290, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@inet=@set2={{0x28, 'set\x00'}, {{0x0, 0x26}}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00'}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4, [], [], 'ip_vti0\x00', 'bridge0\x00'}, 0x0, 0xf8, 0x168, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @common=@unspec=@pkttype={{0x28, 'pkttype\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "5276ee798a229cbc9c628bb5d2835e23e3a986bb1c205d499fc9a0df6eccb5155624d7de4ded9dbdeadb8c7c3240ad14a79f938202d1202b00"}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390) memfd_create(0x0, 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x1000005, 0x11, 0xffffffffffffffff, 0x0) 09:56:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 540.457728][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 540.464831][ T4141] ath9k_htc: Failed to initialize the device 09:56:05 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r0 = creat(&(0x7f0000000180)='./file1\x00', 0x0) r1 = creat(&(0x7f0000000240)='./bus\x00', 0x0) dup2(r0, r1) [ 540.498460][T17879] Cannot find set identified by id 0 to match [ 540.504824][T10634] usb 2-1: ath9k_htc: USB layer deinitialized [ 540.593316][T17881] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 540.637007][T17907] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:56:06 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:06 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r2, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x800000080004105) 09:56:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c00000023002d0800008000000000ff01"], 0x1c}, 0x1, 0x60}, 0x0) [ 540.967657][T10634] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 541.064589][T17932] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 541.069141][T17933] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 541.337647][T10634] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 541.357617][T10634] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.365748][T10634] usb 2-1: Product: syz [ 541.377572][T10634] usb 2-1: Manufacturer: syz [ 541.384800][T10634] usb 2-1: SerialNumber: syz [ 541.428130][T10634] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 542.007552][T10634] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 542.422623][ T27] audit: type=1804 audit(1589882167.752:104): pid=17904 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130362FE8 dev="sda1" ino=16383 res=1 [ 542.452705][ T27] audit: type=1804 audit(1589882167.752:105): pid=17904 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130362FE8 dev="sda1" ino=16383 res=1 [ 542.480973][ T27] audit: type=1804 audit(1589882167.752:106): pid=17904 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130362FE8 dev="sda1" ino=16383 res=1 [ 542.520589][ T9700] usb 2-1: USB disconnect, device number 88 09:56:08 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, 0x0, 0x0) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:08 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:08 executing program 4: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10) 09:56:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:08 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x42e, &(0x7f0000000000)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0x0], @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "9cffff", 0x3f8, 0x3a, 0xff, @local={0xfe, 0x80, [0x0, 0x10, 0x0, 0x26, 0x0, 0x4c]}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xb, "a78ce540cd4f791153d581000000ff0200000000000023493b87aa0568f00b1c71a8242373244ad2439adc07df0a69748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c11b37adac11084db8f736b41e5a803721d"}, {0x0, 0x16, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283d0dcd52a6de228bf697d3d6506afec30ef7e07413c7afc1eb139e0fb1a5a643b4099519e31f3fd4457f0e6d586ad05e1"}, {0x0, 0x5a, "062bf7b5e0f2dbbdc849b90d4e80a0e3f7af088060d01a1cfcfad88ef4512c6ef5c0ead4b9cc87484b106a060a9899d50f595204418f51e914c88c29078a5457de6a262cadf02b071d88e61703f037caded0b315701274012fa532ddd69499074e1a2df196e0afcffda08fb3d82ab8160253a47d3efc3d7cead55c28610ae20f69aaced0a1a6ce815344cf8d0bc8a0dfcdd1e8cd7242601777ec653c2d4b704397dcb1350982afd017eaa630c840d71589499fd68239ae0c0aa2fc9b949d1a716d40a24f078e92e8c268ff726290944b5f3a3bea9559f2d2a51405fba224411ecc49544dea47917a98bf79c3bfeed70429abf70a52ecbda21c9bf0f6a70cd2c2c887391e4095ad22b437c60abf829447b47bd231ca2a98d9da7519a4bd28e803fa000fafc0dc453ed56cdf4356d7abcfec4eed0b94a4f78ce44a7177c6684026ba4f26a17e52e326c8bb7be5e2ea5780d7169d8f4ff62cb2b223f1d6221f62e0ee0244d86042560edd36853c464b23be536c65b87cd5ea60932ed90607b369ed2017f645afcb5cd07f6896a08473bd5dea2bfb52ac501a39c338ede985aa4a7755db876cbe4d944f3cce0079d2ad9ba8d17f01a614052aadbd4af0fd282f594dc4530ee49b6c9ae6d5d80a073e678594be2e2f0869baa2a58dd2d0f6a995fb706c4d1b618d57da1c2d8f55611f746105a947b4f6bb74dbdbffb1b3c1f2316f6a28a07f0145b1bf8345b6aa4e9d5a819497856792121219ea151c1f8e2f86356439bc5b87fe4cad68b6afa08687e6e751803865165eac0c34bdddae1bbe52f55d08cc4a0865f8df372635e8a26ac4ac9716a124ac4e83349f17b612e2b1893b5eaccecc7d812bb4f4fc6b313f57c2035a90f782a4a97b5f5309b6c5798d72b9187f3d411e84041e3671fe35e39fa1887846721c38d501b471990b919d2ad9ca9bc71157a843d75838c1aa4ff0dabd74284709f1f87f324ec4f56eacd70e6bb5e9c3ff719786c4d4284e4cfdc828e0465ca168d04de1"}]}}}}}}, 0x0) [ 543.097358][T10634] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 543.104232][T10634] ath9k_htc: Failed to initialize the device [ 543.114340][T17959] IPv6: addrconf: prefix option has invalid lifetime [ 543.143864][ T9700] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@local, @multicast, @val={@void}, {@ipv4={0x800, @gre={{0x6, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x7, 0x4}]}}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}}}}}}, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 09:56:08 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:08 executing program 2: syz_emit_ethernet(0x42e, &(0x7f0000000500)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0x0], @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "9cffff", 0x3f8, 0x3a, 0xff, @empty, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe753, 0x0, [{0x3, 0xb, "a78ce540cd4f791153d581000000ff0200000000000023493b87aa0568f00b1c71a8242373244ad2439adc07df0a69748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c11b37adac11084db8f736b41e5a803721d"}, {0x0, 0xe, "84f0da52ef24571313968050378ee824f4dffba7feed320557f7671975afc9c545c5ea6137c8ce680ba2d2e8794cc0ee661ab31313a50f67f637326bdc20eee126a2c281295ae9405b24d13dc48b7b6aa26e8a94498418f3472f7281922377d30a3b5ed2c6a2990e5ea6b275c1d5bddf59f3d1843df268e8c825c6b2cff208dfb5cd8283d0dcd52a6de228bf697d3d6506afec30ef7e07413c7afc1eb139e0fb1a5a643b4099519e31f3fd4457f0e6d586ad05e1"}, {0x0, 0x5a, "062bf7b5e0f2dbbdc849b90d4e80a0e3f7af088060d01a1cfcfad88ef4512c6ef5c0ead4b9cc87484b106a060a9899d50f595204418f51e914c88c29078a5457de6a262cadf02b071d88e61703f037caded0b315701274012fa532ddd69499074e1a2df196e0afcffda08fb3d82ab8160253a47d3efc3d7cead55c28610ae20f69aaced0a1a6ce815344cf8d0bc8a0dfcdd1e8cd7242601777ec653c2d4b704397dcb1350982afd017eaa630c840d71589499fd68239ae0c0aa2fc9b949d1a716d40a24f078e92e8c268ff726290944b5f3a3bea9559f2d2a51405fba224411ecc49544dea47917a98bf79c3bfeed70429abf70a52ecbda21c9bf0f6a70cd2c2c887391e4095ad22b437c60abf829447b47bd231ca2a98d9da7519a4bd28e803fa000fafc0dc453ed56cdf4356d7abcfec4eed0b94a4f78ce44a7177c6684026ba4f26a17e52e326c8bb7be5e2ea5780d7169d8f4ff62cb2b223f1d6221f62e0ee0244d86042560edd36853c464b23be536c65b87cd5ea60932ed90607b369ed2017f645afcb5cd07f6896a08473bd5dea2bfb52ac501a39c338ede985aa4a7755db876cbe4d944f3cce0079d2ad9ba8d17f01a614052aadbd4af0fd282f594dc4530ee49b6c9ae6d5d80a073e678594be2e2f0869baa2a58dd2d0f6a995fb706c4d1b618d57da1c2d8f55611f746105a947b4f6bb74dbdbffb1b3c1f2316f6a28a07f0145b1bf8345b6aa4e9d5a819497856792121219ea151c1f8e2f86356439bc5b87fe4cad68b6afa08687e6e751803865165eac0c34bdddae1bbe52f55d08cc4a0865f8df372635e8a26ac4ac9716a124ac4e83349f17b612e2b1893b5eaccecc7d812bb4f4fc6b313f57c2035a90f782a4a97b5f5309b6c5798d72b9187f3d411e84041e3671fe35e39fa1887846721c38d501b471990b919d2ad9ca9bc71157a843d75838c1aa4ff0dabd74284709f1f87f324ec4f56eacd70e6bb5e9c3ff719786c4d4284e4cfdc828e0465ca168d04de1"}]}}}}}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x11, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2000102, 'dh\x00', 0x0, 0xfffffffe, 0x8}, 0x2c) accept$inet(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f0000000080)=0x10) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) r5 = socket$inet(0x2, 0xa, 0xffffe705) socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x83, &(0x7f0000000080)={r6}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r6, @ANYBLOB="240000006c9eace2df993d31fa2ff481f9513dcfc04430932ac440beea50e829750600f5b10700001db859a028703ceb82eb5a32b9e377519dfc1975c22b4e35d0e9fb0084eb8baecf53feff010000a9b1eb46c03d2db072"], &(0x7f0000000480)=0x2c) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f00000004c0)={r7, 0x4, 0x7}, 0x8) 09:56:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:08 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 543.386325][T17986] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET) [ 543.517266][ T9700] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 543.897365][ T9700] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 543.906420][ T9700] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.927133][ T9700] usb 2-1: Product: syz [ 543.931322][ T9700] usb 2-1: Manufacturer: syz [ 543.935919][ T9700] usb 2-1: SerialNumber: syz [ 543.977512][ T9700] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 544.547059][ T9700] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 544.970113][ T27] audit: type=1804 audit(1589882170.302:107): pid=17967 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130372FE8 dev="sda1" ino=15739 res=1 [ 544.997970][ T27] audit: type=1804 audit(1589882170.302:108): pid=17967 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130372FE8 dev="sda1" ino=15739 res=1 [ 545.025095][ T27] audit: type=1804 audit(1589882170.302:109): pid=17967 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130372FE8 dev="sda1" ino=15739 res=1 [ 545.033858][ T17] usb 2-1: USB disconnect, device number 89 09:56:10 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, 0x0, 0x0) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:10 executing program 4: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0) chdir(&(0x7f0000000240)='./file0\x00') creat(&(0x7f00000000c0)='./bus\x00', 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x1, 0x0) io_submit(0x0, 0x1, &(0x7f00000005c0)=[&(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) r2 = getuid() write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0x19, 0x2, {0x0, {}, 0x0, r2, 0x0, 0x2, 0x1000, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffa}}, 0xa0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ftruncate(r1, 0x200004) sendfile(r0, r1, 0x0, 0x80001d00c0d0) 09:56:10 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) socket(0x11, 0x800000003, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) r2 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r2, 0x29, 0x2d, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) 09:56:10 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 09:56:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:10 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 545.586862][ T9700] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 545.614187][ T9700] ath9k_htc: Failed to initialize the device [ 545.635810][ T17] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:11 executing program 2: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd, 0x1, 'fq_codel\x00'}, {0xc, 0x2, [@TCA_FQ_CODEL_ECN={0x8}]}}]}, 0x40}}, 0x0) 09:56:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 09:56:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:11 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000010103f2"], 0x1c}}, 0x0) [ 546.053520][T18074] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 546.070965][ T17] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 546.078137][T18071] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 546.446712][ T17] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 546.455944][ T17] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.476782][ T17] usb 2-1: Product: syz [ 546.480963][ T17] usb 2-1: Manufacturer: syz [ 546.485555][ T17] usb 2-1: SerialNumber: syz [ 546.527284][ T17] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 547.096660][ T17] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 547.520416][ T27] audit: type=1804 audit(1589882172.853:110): pid=18048 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130382FE8 dev="sda1" ino=16113 res=1 [ 547.549829][ T27] audit: type=1804 audit(1589882172.853:111): pid=18048 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130382FE8 dev="sda1" ino=16113 res=1 [ 547.578178][ T27] audit: type=1804 audit(1589882172.853:112): pid=18048 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130382FE8 dev="sda1" ino=16113 res=1 [ 547.608855][T10131] usb 2-1: USB disconnect, device number 90 09:56:13 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200), 0x0) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:13 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:13 executing program 2: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000024000b0f00"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000d00010066715f636f64656c"], 0x40}}, 0x0) 09:56:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 09:56:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000010103f2"], 0x1c}}, 0x0) [ 548.140009][ T17] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 548.146988][ T17] ath9k_htc: Failed to initialize the device [ 548.171263][T18105] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 548.175178][T10131] usb 2-1: ath9k_htc: USB layer deinitialized [ 548.200819][T18108] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 09:56:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:13 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 548.258426][T18110] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 548.276197][T18105] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 09:56:13 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:13 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x3e, &(0x7f0000000480)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaab86dd60bf6e0000083a00fe8000000000000000000000000000bbff02"], 0x0) 09:56:13 executing program 4: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000140)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000740)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f0000000000)=""/22, 0x16}], 0x8}}], 0x1, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000cfefee), 0x0, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) inotify_init() r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) inotify_add_watch(r4, &(0x7f0000000100)='./file0\x00', 0x400000008300010d) [ 548.473906][T18132] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:56:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 548.696405][T10131] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 549.116317][T10131] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 549.128126][T10131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.136141][T10131] usb 2-1: Product: syz [ 549.143002][T10131] usb 2-1: Manufacturer: syz [ 549.151670][T10131] usb 2-1: SerialNumber: syz [ 549.208988][T10131] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 549.836159][T10131] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 550.270323][ T27] audit: type=1804 audit(1589882175.603:113): pid=18124 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130392FE8 dev="sda1" ino=16384 res=1 [ 550.299530][ T27] audit: type=1804 audit(1589882175.603:114): pid=18124 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130392FE8 dev="sda1" ino=16384 res=1 [ 550.326523][ T27] audit: type=1804 audit(1589882175.603:115): pid=18124 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3130392FE8 dev="sda1" ino=16384 res=1 [ 550.342290][ T4141] usb 2-1: USB disconnect, device number 91 [ 550.458210][ T0] NOHZ: local_softirq_pending 08 09:56:16 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200), 0x0) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:16 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:16 executing program 2: 09:56:16 executing program 4: 09:56:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 550.866010][T10131] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 550.873008][T10131] ath9k_htc: Failed to initialize the device [ 550.910514][ T4141] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:16 executing program 4: 09:56:16 executing program 2: 09:56:16 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:16 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x2, 0x3, 0x310, 0x150, 0x0, 0x0, 0x0, 0x0, 0x278, 0x278, 0x278, 0x278, 0x278, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, 0xe8, 0x150, 0x0, {}, [@common=@unspec=@connmark={{0x30, 'connmark\x00'}}, @common=@unspec=@nfacct={{0x48, 'nfacct\x00'}, {'syz0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xc0, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @common=@unspec=@connlabel={{0x28, 'connlabel\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x370) 09:56:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:16 executing program 2: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'hsr0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="5c00000010000304080000c6d5671a6f9ee4e5e6", @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100766c616e000020001c0002800600010004000080040003800c000200100000001300000008000500", @ANYRES32=r1], 0x5c}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000022d, 0x0) [ 551.310093][T18220] xt_nfacct: accounting object `syz0' does not exists [ 551.328744][T18223] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 551.338768][T18223] 8021q: VLANs not supported on hsr0 [ 551.366773][T18226] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 551.376528][ T4141] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 551.394475][T18226] 8021q: VLANs not supported on hsr0 [ 551.756061][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 551.765111][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.795774][ T4141] usb 2-1: Product: syz [ 551.800072][ T4141] usb 2-1: Manufacturer: syz [ 551.804644][ T4141] usb 2-1: SerialNumber: syz [ 551.846349][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 552.415736][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 552.839921][ T27] audit: type=1804 audit(1589882178.173:116): pid=18195 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131302FE8 dev="sda1" ino=16384 res=1 [ 552.868329][ T27] audit: type=1804 audit(1589882178.173:117): pid=18195 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131302FE8 dev="sda1" ino=16384 res=1 [ 552.895355][ T27] audit: type=1804 audit(1589882178.173:118): pid=18195 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131302FE8 dev="sda1" ino=16384 res=1 [ 552.939481][ T12] usb 2-1: USB disconnect, device number 92 09:56:18 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200), 0x0) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:18 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:18 executing program 4: 09:56:18 executing program 2: 09:56:18 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_NMI(r0, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 553.505567][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 553.515806][ T4141] ath9k_htc: Failed to initialize the device [ 553.540603][ T12] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:18 executing program 4: 09:56:18 executing program 2: 09:56:19 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_NMI(r0, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 09:56:19 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:19 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:19 executing program 2: [ 554.077782][ T12] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 554.515389][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 554.524743][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.536690][ T12] usb 2-1: Product: syz [ 554.540954][ T12] usb 2-1: Manufacturer: syz [ 554.547786][ T12] usb 2-1: SerialNumber: syz [ 554.623196][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 555.235266][ T12] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 555.659421][ T27] audit: type=1804 audit(1589882180.994:119): pid=18273 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131312FE8 dev="sda1" ino=16384 res=1 [ 555.687073][ T27] audit: type=1804 audit(1589882180.994:120): pid=18273 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131312FE8 dev="sda1" ino=16384 res=1 [ 555.715332][ T27] audit: type=1804 audit(1589882180.994:121): pid=18273 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131312FE8 dev="sda1" ino=16384 res=1 [ 555.747008][T12825] usb 2-1: USB disconnect, device number 93 09:56:21 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r2, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:21 executing program 2: 09:56:21 executing program 4: 09:56:21 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_NMI(r0, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 09:56:21 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 09:56:21 executing program 2: [ 556.295058][ T12] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 556.301939][ T12] ath9k_htc: Failed to initialize the device [ 556.327650][T12825] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:21 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_NMI(r1, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:21 executing program 2: 09:56:21 executing program 4: 09:56:21 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 556.834961][T12825] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 557.204969][T12825] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 557.204995][T12825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.234919][T12825] usb 2-1: Product: syz [ 557.239111][T12825] usb 2-1: Manufacturer: syz [ 557.243679][T12825] usb 2-1: SerialNumber: syz [ 557.285509][T12825] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 557.854848][T12825] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 558.278918][ T27] audit: type=1804 audit(1589882183.614:122): pid=18336 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131322FE8 dev="sda1" ino=16384 res=1 [ 558.310727][ T27] audit: type=1804 audit(1589882183.614:123): pid=18336 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131322FE8 dev="sda1" ino=16384 res=1 [ 558.341734][ T27] audit: type=1804 audit(1589882183.614:124): pid=18336 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131322FE8 dev="sda1" ino=16384 res=1 [ 558.607603][T10131] usb 2-1: USB disconnect, device number 94 [ 558.934679][T12825] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 558.941621][T12825] ath9k_htc: Failed to initialize the device [ 558.948498][T10131] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:24 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r2, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:24 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_NMI(r1, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:24 executing program 2: 09:56:24 executing program 4: 09:56:24 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 09:56:24 executing program 4: 09:56:24 executing program 2: 09:56:24 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:24 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_NMI(r1, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:24 executing program 4: 09:56:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 559.755505][T10131] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 560.154768][T10131] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 560.181402][T10131] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.214300][T10131] usb 2-1: Product: syz [ 560.228987][T10131] usb 2-1: Manufacturer: syz [ 560.243574][T10131] usb 2-1: SerialNumber: syz [ 560.304855][T10131] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 561.004389][T10131] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 561.418240][ T27] audit: type=1804 audit(1589882186.755:125): pid=18409 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131332FE8 dev="sda1" ino=16384 res=1 [ 561.448018][ T27] audit: type=1804 audit(1589882186.755:126): pid=18409 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131332FE8 dev="sda1" ino=16384 res=1 [ 561.478922][ T27] audit: type=1804 audit(1589882186.755:127): pid=18409 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131332FE8 dev="sda1" ino=16384 res=1 [ 561.717196][T12825] usb 2-1: USB disconnect, device number 95 [ 562.055725][T10131] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 562.064448][T10131] ath9k_htc: Failed to initialize the device [ 562.070524][T12825] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:27 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r2, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:27 executing program 4: 09:56:27 executing program 2: 09:56:27 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:27 executing program 2: 09:56:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:27 executing program 4: 09:56:27 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:27 executing program 2: 09:56:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 562.893994][ T12] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 563.268206][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 563.277345][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.286309][ T12] usb 2-1: Product: syz [ 563.290496][ T12] usb 2-1: Manufacturer: syz [ 563.295394][ T12] usb 2-1: SerialNumber: syz [ 563.334339][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 563.913926][ T12] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 564.337941][ T27] audit: type=1804 audit(1589882189.675:128): pid=18472 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131342FE8 dev="sda1" ino=16384 res=1 [ 564.368670][ T27] audit: type=1804 audit(1589882189.675:129): pid=18472 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131342FE8 dev="sda1" ino=16384 res=1 [ 564.401436][ T27] audit: type=1804 audit(1589882189.675:130): pid=18472 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131342FE8 dev="sda1" ino=16384 res=1 [ 564.637680][T12825] usb 2-1: USB disconnect, device number 96 [ 564.943763][ T12] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 564.950688][ T12] ath9k_htc: Failed to initialize the device [ 564.957656][T12825] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:30 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:30 executing program 4: 09:56:30 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_NMI(r1, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:30 executing program 2: 09:56:30 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:30 executing program 4: 09:56:30 executing program 2: 09:56:30 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_NMI(r1, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:30 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:30 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_NMI(r0, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 09:56:30 executing program 4: [ 565.626615][T18542] blk_update_request: I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 0 [ 565.637624][T18542] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 565.736895][ T17] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 566.168837][ T17] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 566.180493][ T17] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.189522][ T17] usb 2-1: Product: syz [ 566.196595][ T17] usb 2-1: Manufacturer: syz [ 566.201236][ T17] usb 2-1: SerialNumber: syz [ 566.244035][ T17] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 566.863496][ T17] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 567.287465][ T27] audit: type=1804 audit(1589882192.626:131): pid=18529 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131352FE8 dev="sda1" ino=16384 res=1 [ 567.317488][ T27] audit: type=1804 audit(1589882192.626:132): pid=18529 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131352FE8 dev="sda1" ino=16384 res=1 [ 567.348759][ T27] audit: type=1804 audit(1589882192.626:133): pid=18529 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131352FE8 dev="sda1" ino=16384 res=1 [ 567.595833][T12789] usb 2-1: USB disconnect, device number 97 [ 567.903271][ T17] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 567.910139][ T17] ath9k_htc: Failed to initialize the device [ 567.916187][T12789] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:33 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:33 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_NMI(r1, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:33 executing program 2: 09:56:33 executing program 4: 09:56:33 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_NMI(r0, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 09:56:33 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:33 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:33 executing program 2: 09:56:33 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_NMI(r0, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 09:56:33 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:33 executing program 4: 09:56:33 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r1, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 568.803133][ T17] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 569.223085][ T17] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 569.232236][ T17] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.241025][ T17] usb 2-1: Product: syz [ 569.245569][ T17] usb 2-1: Manufacturer: syz [ 569.250169][ T17] usb 2-1: SerialNumber: syz [ 569.303423][ T17] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 569.933023][ T17] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 570.347745][ T27] audit: type=1804 audit(1589882195.686:134): pid=18599 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131362FE8 dev="sda1" ino=16384 res=1 [ 570.378440][ T27] audit: type=1804 audit(1589882195.686:135): pid=18599 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131362FE8 dev="sda1" ino=16384 res=1 [ 570.410346][ T27] audit: type=1804 audit(1589882195.686:136): pid=18599 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131362FE8 dev="sda1" ino=16384 res=1 [ 570.645759][ T12] usb 2-1: USB disconnect, device number 98 [ 571.012803][ T17] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 571.019707][ T17] ath9k_htc: Failed to initialize the device [ 571.026455][ T12] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:36 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x20000000) 09:56:36 executing program 2: 09:56:36 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:36 executing program 4: 09:56:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:36 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r1, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:36 executing program 2: 09:56:36 executing program 4: 09:56:36 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r1, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:36 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:36 executing program 2: 09:56:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 571.812744][T12825] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 572.182826][T12825] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 572.235576][T12825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.279610][T12825] usb 2-1: Product: syz [ 572.299739][T12825] usb 2-1: Manufacturer: syz [ 572.310247][T12825] usb 2-1: SerialNumber: syz [ 572.355784][T12825] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 572.853423][ T0] NOHZ: local_softirq_pending 08 [ 572.942539][T12825] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 573.366695][ T27] audit: type=1804 audit(1589882198.707:137): pid=18657 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131372FE8 dev="sda1" ino=16384 res=1 [ 573.398350][ T27] audit: type=1804 audit(1589882198.707:138): pid=18657 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131372FE8 dev="sda1" ino=16384 res=1 [ 573.430463][ T27] audit: type=1804 audit(1589882198.707:139): pid=18657 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131372FE8 dev="sda1" ino=16384 res=1 [ 573.665508][ T4141] usb 2-1: USB disconnect, device number 99 [ 573.972378][T12825] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 573.979284][T12825] ath9k_htc: Failed to initialize the device [ 573.986243][ T4141] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:39 executing program 2: 09:56:39 executing program 4: 09:56:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:39 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:39 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) syz_open_dev$hiddev(0x0, 0x0, 0x0) r1 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r2, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r1, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x40086602, 0x20000000) 09:56:39 executing program 4: 09:56:39 executing program 2: 09:56:39 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:39 executing program 2: 09:56:39 executing program 4: 09:56:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:39 executing program 4: 09:56:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:40 executing program 2: 09:56:40 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 574.882220][ T4141] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 575.262496][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 575.271681][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.283236][ T4141] usb 2-1: Product: syz [ 575.287522][ T4141] usb 2-1: Manufacturer: syz [ 575.293778][ T4141] usb 2-1: SerialNumber: syz [ 575.344322][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 575.922111][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 576.346230][ T27] audit: type=1804 audit(1589882201.677:140): pid=18723 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131382FE8 dev="sda1" ino=16384 res=1 [ 576.377486][ T27] audit: type=1804 audit(1589882201.677:141): pid=18723 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131382FE8 dev="sda1" ino=16384 res=1 [ 576.408311][ T27] audit: type=1804 audit(1589882201.677:142): pid=18723 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131382FE8 dev="sda1" ino=16384 res=1 [ 576.565372][T12825] usb 2-1: USB disconnect, device number 100 [ 577.011913][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 577.018928][ T4141] ath9k_htc: Failed to initialize the device [ 577.025771][T12825] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:42 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r1, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:42 executing program 4: 09:56:42 executing program 2: 09:56:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:42 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:42 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) syz_open_dev$hiddev(0x0, 0x0, 0x0) r1 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r2, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r1, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x40086602, 0x20000000) 09:56:42 executing program 4: 09:56:42 executing program 2: 09:56:42 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:42 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r1, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) 09:56:42 executing program 4: 09:56:42 executing program 2: 09:56:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:42 executing program 4: 09:56:42 executing program 2: 09:56:42 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:43 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r1, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 577.711836][ T4141] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 578.081792][ T4141] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 578.090836][ T4141] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.111784][ T4141] usb 2-1: Product: syz [ 578.115969][ T4141] usb 2-1: Manufacturer: syz [ 578.120557][ T4141] usb 2-1: SerialNumber: syz [ 578.162295][ T4141] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 578.741763][ T4141] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 579.166505][ T27] audit: type=1804 audit(1589882204.497:143): pid=18794 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131392FE8 dev="sda1" ino=16384 res=1 [ 579.199141][ T27] audit: type=1804 audit(1589882204.497:144): pid=18794 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131392FE8 dev="sda1" ino=16384 res=1 [ 579.230025][ T27] audit: type=1804 audit(1589882204.497:145): pid=18794 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3131392FE8 dev="sda1" ino=16384 res=1 [ 579.383985][ T12] usb 2-1: USB disconnect, device number 101 [ 579.811560][ T4141] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 579.818438][ T4141] ath9k_htc: Failed to initialize the device [ 579.825315][ T12] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:45 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) syz_open_dev$hiddev(0x0, 0x0, 0x0) r1 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r2, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r1, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(0xffffffffffffffff, 0x40086602, 0x20000000) 09:56:45 executing program 4: 09:56:45 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) 09:56:45 executing program 2: 09:56:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:45 executing program 2: 09:56:45 executing program 4: 09:56:45 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x2) [ 580.141208][T18868] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:56:45 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2) 09:56:45 executing program 2: 09:56:45 executing program 4: [ 580.581393][ T12] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 580.951570][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 580.960800][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.978737][ T12] usb 2-1: Product: syz [ 580.995318][ T12] usb 2-1: Manufacturer: syz [ 581.000443][ T12] usb 2-1: SerialNumber: syz [ 581.041649][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 581.621337][ T12] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 582.044339][ T27] audit: type=1804 audit(1589882207.378:146): pid=18878 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132302FE8 dev="sda1" ino=16033 res=1 [ 582.075800][ T27] audit: type=1804 audit(1589882207.378:147): pid=18878 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132302FE8 dev="sda1" ino=16033 res=1 [ 582.106758][ T27] audit: type=1804 audit(1589882207.378:148): pid=18878 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132302FE8 dev="sda1" ino=16033 res=1 [ 582.260827][T12825] usb 2-1: USB disconnect, device number 102 [ 582.691199][ T12] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 582.698072][ T12] ath9k_htc: Failed to initialize the device [ 582.709047][T12825] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:48 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x0) 09:56:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:48 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2) 09:56:48 executing program 2: 09:56:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:48 executing program 4: 09:56:48 executing program 4: 09:56:48 executing program 2: 09:56:48 executing program 4: 09:56:48 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x2) 09:56:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:48 executing program 2: [ 583.271051][ T12] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 583.651005][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 583.660179][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.690950][ T12] usb 2-1: Product: syz [ 583.695227][ T12] usb 2-1: Manufacturer: syz [ 583.699803][ T12] usb 2-1: SerialNumber: syz [ 583.741442][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 584.313435][ T12] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 584.724756][ T27] audit: type=1804 audit(1589882210.058:149): pid=18926 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132312FE8 dev="sda1" ino=16257 res=1 [ 584.754957][ T27] audit: type=1804 audit(1589882210.058:150): pid=18926 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132312FE8 dev="sda1" ino=16257 res=1 [ 584.787752][ T27] audit: type=1804 audit(1589882210.058:151): pid=18926 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132312FE8 dev="sda1" ino=16257 res=1 [ 584.944375][ T17] usb 2-1: USB disconnect, device number 103 [ 585.330760][ T12] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 585.337727][ T12] ath9k_htc: Failed to initialize the device [ 585.344416][ T17] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:50 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x0) 09:56:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:50 executing program 4: 09:56:50 executing program 2: 09:56:50 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x0) 09:56:50 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:51 executing program 2: 09:56:51 executing program 4: 09:56:51 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x0) 09:56:51 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:51 executing program 4: 09:56:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 586.053194][ T12] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 586.430635][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 586.439681][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.460600][ T12] usb 2-1: Product: syz [ 586.464807][ T12] usb 2-1: Manufacturer: syz [ 586.469398][ T12] usb 2-1: SerialNumber: syz [ 586.511516][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 587.080589][ T12] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 587.503147][ T27] audit: type=1804 audit(1589882212.839:152): pid=18999 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132322FE8 dev="sda1" ino=15749 res=1 [ 587.533823][ T27] audit: type=1804 audit(1589882212.839:153): pid=18999 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132322FE8 dev="sda1" ino=15749 res=1 [ 587.563479][ T27] audit: type=1804 audit(1589882212.839:154): pid=18999 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132322FE8 dev="sda1" ino=15749 res=1 [ 587.727073][ T9700] usb 2-1: USB disconnect, device number 104 [ 588.130388][ T12] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 588.137303][ T12] ath9k_htc: Failed to initialize the device [ 588.144762][ T9700] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:53 executing program 1: r0 = syz_usb_connect_ath9k(0x3, 0x92, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc0c, &(0x7f00000002c0)=ANY=[@ANYBLOB="050c004e83e89102ec8bde087a6bfede66e17d55dc48fbfc69ce1831b8406d7232f1bd2c040fabb5802b3cbe8f6a601dedfbd83e6611185ff626d0a8b9d77a17bff4509b9a9a3c6d35337fec002551d9e831788ad98b8a00a8abaf61da2c595735722218b055a947cc9d0a300500865a338b822f390661bacca766015278856e6f67e61b893ce71b9a3aa3f097848b4a2ec886a5f97c47d76541f0ddf1aa6de26d3c9b9741b157ea6ce05a7a289662c252707b503de4e2271acc418aefd1c2b610c2cf0d2d8569025fdd09cbbcad3f7d3f7e8f9781db43ba3a529485ac8eaacc1105b37f14ccea22f82c5f048da7eb637d7862064c10c2b61835401f79f8a50e78bd95bd4cbbb57cce8e54e0ef934b32fa75663af10d9dd12467882ecb68cbdb055948f11dd04c9e7ffc97916b19a87df9f530a88821b847a5409901570563aca7e0ceecf54dde0cd1dcd9936020a7364edc687adad30ce25828cb0d6810d2e0fa6d1eb8faf98aadb101bd583bb35c2b93250f1bb3cd4f95a43fdd5670e59a7d5a3b97a20800fec97ab01818f196a7ed035235ccf84db12deafce7f72d5a7f8f1bd6d02d7bc3d23dd3835906784936a10e872af2eacd9613a79368ce7d5402de4f662778261ed7055e9b6d6e97da91609d23e4c9335d9de63a7df1ade3bce7a532bbf853c62f269f7941981626b8fa1c2e8d0269309034ff82893c9f7ca84bbfd46f4935710f74d551ee9e63b173ddbacfb5f1a75d307a3e0bcfb6c8ee0efd8fdb3c0380bfb506d73e457af8c2263bd00ea10fd274f294b770e87ecfe10a9a15a12de112698c67c3a6ef72e214e07ca6ca3766d81d355af35830d9d76640bacdfaf3eedb5a656cfd1edc76df8afafdbac20acc8de4d493814da48b7b9ae1fe6cc0d1028779327afeb3215ff4ef4a58d2f06cae67e153eecf6734bbe7616ae9e81d7e3367c18e16d392a968bf39ab1e0e59742d069f9ddc82927dca25a383793ca294e15e7d6dfcd019084d3475e4555456d4d596e00c39614245b607a93bcb29e5286e1391b9039663825556efd39ad9509f9e658f62c66850d02b04f7813223b3914f54daace072e465b1576cbd333b91972559f7411ca25bbaf1fe40bb3e9a680f333025ecc7fb8609158572341ba429687224212ac977fa058c4bd6f9e0c8329e9705222a3b0e463c59d0ff4ab47f5b6b407168c16c3a1669604e83704c00f501fd3fef6f8535c6cef334a25789ce6b7bf6dc218b69d36b87c582157c1ba205eb30bc33e25671247eaa67471e704b922d30d1c8deb9f397a2fc4349cdc9a37317130f2d7851f8ef5e2dd5df4611cc1d571ac1f6045ac1b59fc12bafb88f50e1126f6480d9ea223c123c99150f05d018d1c8e58efc47ebfec2d8e915d932aef473a0039032f88364b8849f8bc022ff7a1050132301b5af21cc1a29619f9aebaad6a44d2e2340aadd833a2171bf87054c342fab6f9b82a1b90f4b78cf467a3dc82889d8d21cdcbe4dd8668ec2d302780cfc6ead0228c66516d9d044ac11ae5c3c3f8e2a1f3e59567963351d7fd67c6a04d21b3f50e2feaa577bad6844d49ba31dbf1db34f2390222bbdc791c8c27b1cb7bdf00c3c7e4bc239468ea93b7a95cf48643d1c17f2990ae33dfcb817cced0421d5cd3b7e4983835236e736cf0bc55fbe7542114e6fa9f1596fc0329e3d26f97c4b7d54cafb7344e6cbb99341ec65ed43fde214beb1c6648d438496be300633db5dad5063ed9abc25c38b6e1414c3272f0dc1123e61ecb39965a32bd8e540080000000000000077b7cc7912b65f53cb683949fc32315a29dc276cb705e43117b6cf7a28c76ac5d58c3c01a71e41d9905381a91301c4f257774fef58b23088c0f3cfd1c4a4fb01052c60692092593685ce62ec4247db7865047c69320b14627f884137105d43f1eba6cd3ee1fdf2bae11c5c3ed8728c7395d0b173ee85e63056941bff00000000a0555ce3b458c3ddcaa7a8d8739fe59cd1cc4ecc00de561ebf37bb885e47e169930f7088d3b1f89420a3b8daf065ba57cac0ac06e680838a21cbfee6aad2baa9bf5ab9bd44a2ea3e1cfb7a8a6dc34f3039f6daff5bebcbabd068dd3c2091bb45043fdd7f6d963a49f4973ad9049f288532ec53c69913dad30c1f0b1ae032b95fbe3acf2bd38d845f555460de89f1f854845696a9edf92189b47e7deb02833f7040d6e5a15959c72c712282fb40008cf310c99e521c709535132a2534fb02b18c01e8c8d517b72311f1621b67381049aff0194f390531e4df7d3494d362f7fa060000b000f5e1b459b0951f760f43fd8a99321ea6cbd1a5000d562d8e65339dedcf6fe0efafa184f707154b08ad74f52e2ca51b2942350023f87f1ef4d1f4cfa7d878bceba5875b3ce9c71556da9b654ab3ab9c9278128cb35bffc6e6a89ca137e3f7458d08aa2e6399f3bef82bd26465af466d144bbb1c27a8e0e8b236cd63ddd57d224b86065e06f5daec86c6ec0e126a7fa1833bd6819af434a557f1f639326870e80bde6501def4e1ed46982ab63db2f42106fadf52e41ecb97722cf89ae9adf316c8472a1f9b05fffcd2b5fdf683570b9079e236beb4706e0596baf1c7f180544d34114c76c81070d77697e89c6db2c57437ea2b7a4a41fe232ea69afdfc4955bd7b12eb724b4958099fc1da4715373137c3b655357fc1eadf0180419e2667c19fd5acb003bcb6dcd05656cff8737a0b70880df17a154a89bf5f0a72664ca57c9574db73bec117c851e399cdf5d4d439e2dc7dffbee00a4cb4589eb614cb4e3014ce9d8c750b3c9c36d643ec8e8cdeb136278afb640f7ff532976ab745fa3560ba5c9a31ec73bcc3dfc0a51f5903333160d6a349e4e9ad9eb25f25ac88e0deb84ba26192f440d2afbd039ed260cd41d8f8bcbdd6fa2182acbcdeac538181fd5efb08877e6a73af1db14144e7a25a4467b15a6b32683b977f8a6996052e3097360beb64ade18f1caa480936e277f9ddd41ae647ec2083e81c8bb8a851475aa782f047c56e8bd09fa2ddac1f9eee8152dfffaa74b47426c9c7430b23004b87ec1cd3901d7d81a6a243e61f1c3534afef0514bb4541e516e7db11cb58075cfa5c43e1874031036b7766f0f86f53215766f4b69ba5bf523bf5ab9cb4db364c5b928439d7bd31586f7629c2c49c9b41aefd6cd7dfa0428c82626a2b9b09e1da5dfbbea0e6c80ff26c25cafedf0b60e5729f5189fd929b55e5f3dab8b1f474c7327cef1c065eff86ceb0c3f48dfb8bf73c8b7b4bc3b5ee454f3f989666a03f0a43c586650166eb39941540a4e7b010b830c76b7346c4a4a6125497cfe70fa8c477d766b2376189395e1583055155a51798b039b546c2e547d6c4c20139007014df69c6dff94c48ca1465d66323e25f8ff94fc988eb261752a99b361409a5ba879c7569a846d594507a26c599f8081a84a3937c95b5c7dc31f115a7daa011e327b5033c3a2507bc0af687be52a8b4f4750ebfd07acbb3ba7b446a9b9497926d4f6bad236fc886180b9b93fe4b5d8e234c848dca48ef2df3b11a5955456b053ac1a86f9c42838fa4ff23a34e435f32c0816a025554696c47add742243df5e52a085272ad8aee35c56570505c6dad45bd517faa499b6b5ecc99051ce0901a651b93430f57456d9f4ae8502bfa82ec756ed9522fcce8f5fbadf0fccbfbb88a47d70f9ef60aed9081c80d78b01862d63357750769acf7a8373d56814572e7fcc8e32bfdde85f651fbdc17d8b625198581c6a00c603d56b862829dcf466a4cc121b4107664e08c584bd2106a918b01c64c7859f14715cb0427c313783dcfe7fab02e30fe364a1bd59e68f962a96b4e9c5db1118388dd04891e2282112840f3131277fafafb4f1d90b0173f393e8a1be64748b43580eea24baccee47cfb3ed463d70a6e5ddaab38a0605b666cae99535d3f7561a139e9b1ae835888c574bbe71e70fe1889c7fcb1984af487dedaad9ca3e6dd995b74c9137ea4d06b25c28c51184af99988cc80db20a5368aca5e8b56badd29b72e84be54b2447fea2bddae5cec171078bb2c8cc7a795e175ffef3720838827e2708368aa3f1a7e5aa8ce960b3c8ee50ce9cf9c28e7c53e9b50d7b7ea7bdc5056071323aaf055deb7f41b10729cbf92051e0664b21ce866e016a402dd1e64e98809da7f8d660865212f94a8f8cb9196b410a3df9996348801b5bfec32b75f259db19be56b000183d515cffa558be42adeaa7f00109e96b181976847cb68176fcadc3ca5c97636595a89f59fe7199c3e578ce72552fb51ed6fbd1d640cf3f3a378cc766499fdcf1288e17e3eb5361522429da0aefb38e087451e6da02396ffc9efedede8"]) syz_open_dev$hidraw(0x0, 0x0, 0x80041) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x80041) r3 = syz_open_dev$hidraw(0x0, 0x0, 0x42601) write$hidraw(r3, &(0x7f0000001200)='\x00', 0xffffff45) ioctl$HIDIOCAPPLICATION(r2, 0x40305839, 0x4001e0) ioctl$HIDIOCAPPLICATION(r1, 0x40086602, 0x0) 09:56:53 executing program 2: 09:56:53 executing program 4: 09:56:53 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000300)='iC;`\xb6p+\x10{\xc5\xf46\xc9c\x90\xa4\xe7\xc4\\\xd1\x88\x10\xbd\xdb\x95\x93\x8b\xd4\x14\xd7\xc3\xfd\x016\xe3D\xfb\xf1\"~\xfe\f\xaa\x8b\xb5\xd5\xf4\x95`\x7ft8\x81;\xe6\xf2\xeda\xf3)\xc5\xe2\aKM\xf8s\xc5NA\xb8\xb6\xee\xa8\x05\x00/\xa8\xcf\xcf\xc8p\x90\x97\xde+\xe0\x9bbL\xcc \x17\xcb\xf1r\xfa\xf4\xc3n\xf9\xafU\a\x13\x85\xf0\x92\\\xfa\xe4M\x9cm\x8f\x84w\x83\xf6\x0fs\t\xc1l\xa4[F\xfd\nie\x1b`\xbc\x13?\xf6\xc1\xcd,\x88\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xb4d\x8ew\xad\xd8\xe3\t\xf4\x12\xb2Xe\xaa\xad\xa6\xe0\r\xe1\xdb\x1c\xc7u\xbe\x0e\xd4\xaa\'\'5\x9dMH\x0f\xe4\xf31\xafS\xff\x7f\x00\x00\xf2\x9a^h(\xcc@\xfb-3\xdcs\xc81\x98X\xdc\xd6\xaf1MTX\xde\x94\x04\xda\x86\x1e\xf8\xe9m\xe0\xb2B@\x864\xff&s\xbbe}\xe3\xc5\x14)\xd4\xdc\x91\x03\xff\xd1\x17\x19\x01\x9c\xf2!_\xbfwhw\xf2yzFm\x16\x1ex\x06|i\x8d\xea\xa2<\x96\x04i\xb5u>1\xfay^6k\x15\xe4\x85\x88\x06F\xfa)\xe4\xf6)$\x96U*`\xa8\\%\xca\xf0\x19#\x15]AB\b\xb7\xbf\xc8\x8b\xdb\"&Y_6\xa8mW\xe7n,', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)='V', 0x1}], 0x1, 0x81809) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) sync_file_range(r0, 0x0, 0x0, 0x0) 09:56:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:53 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:53 executing program 2: 09:56:53 executing program 0: 09:56:53 executing program 4: [ 588.525938][T19058] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 588.548473][T19072] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:56:54 executing program 2: 09:56:54 executing program 0: 09:56:54 executing program 2: [ 588.992724][ T12] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 589.370485][ T12] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 589.379598][ T12] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.388497][ T12] usb 2-1: Product: syz [ 589.393101][ T12] usb 2-1: Manufacturer: syz [ 589.397687][ T12] usb 2-1: SerialNumber: syz [ 589.440584][ T12] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 590.010186][ T12] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 590.133152][ T0] NOHZ: local_softirq_pending 08 [ 590.433430][ T27] audit: type=1804 audit(1589882215.769:155): pid=19082 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132332FE8 dev="sda1" ino=15779 res=1 [ 590.461506][ T27] audit: type=1804 audit(1589882215.769:156): pid=19082 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132332FE8 dev="sda1" ino=15779 res=1 [ 590.492498][ T27] audit: type=1804 audit(1589882215.769:157): pid=19082 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D746573746469723932313535343936372F73797A6B616C6C65722E4B71786634472F3132332FE8 dev="sda1" ino=15779 res=1 [ 590.663959][ T4141] usb 2-1: USB disconnect, device number 105 [ 591.090285][ T12] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 591.097569][ T12] ath9k_htc: Failed to initialize the device [ 591.103953][ T4141] usb 2-1: ath9k_htc: USB layer deinitialized 09:56:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:56 executing program 4: 09:56:56 executing program 0: 09:56:56 executing program 2: 09:56:56 executing program 1: 09:56:56 executing program 4: 09:56:56 executing program 2: 09:56:56 executing program 0: 09:56:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:56 executing program 2: 09:56:56 executing program 1: 09:56:56 executing program 4: 09:56:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:56 executing program 0: 09:56:56 executing program 2: 09:56:57 executing program 1: 09:56:57 executing program 4: 09:56:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:57 executing program 0: 09:56:57 executing program 2: 09:56:57 executing program 1: 09:56:57 executing program 4: 09:56:57 executing program 0: 09:56:57 executing program 2: 09:56:57 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:57 executing program 1: 09:56:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:57 executing program 4: 09:56:57 executing program 2: 09:56:57 executing program 0: 09:56:57 executing program 1: 09:56:57 executing program 0: 09:56:57 executing program 4: 09:56:57 executing program 2: 09:56:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:57 executing program 4: 09:56:57 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:57 executing program 0: 09:56:57 executing program 1: 09:56:57 executing program 2: 09:56:58 executing program 4: 09:56:58 executing program 1: 09:56:58 executing program 0: 09:56:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:58 executing program 2: 09:56:58 executing program 4: 09:56:58 executing program 0: 09:56:58 executing program 1: 09:56:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:58 executing program 2: 09:56:58 executing program 4: 09:56:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:58 executing program 0: 09:56:58 executing program 2: 09:56:58 executing program 1: 09:56:58 executing program 4: 09:56:58 executing program 0: 09:56:58 executing program 2: 09:56:58 executing program 4: 09:56:58 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:58 executing program 1: 09:56:58 executing program 0: 09:56:58 executing program 4: 09:56:58 executing program 2: 09:56:58 executing program 1: 09:56:58 executing program 0: 09:56:58 executing program 4: 09:56:59 executing program 2: 09:56:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:59 executing program 4: 09:56:59 executing program 1: 09:56:59 executing program 0: 09:56:59 executing program 2: 09:56:59 executing program 1: 09:56:59 executing program 4: 09:56:59 executing program 0: 09:56:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:56:59 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4000000020000006600000000000000730135000000000095000000000000004bb5eea0a6ec9fdb4b0a008a8443f22772d945c7e6dd329e4a0587536a9669924c8341ea7244ddb07b7e9912e0dd1a59541f7cbb1548ee5bd627f5b0b8ec77bd6d5f7b543f9aafaabe53339b12fbbe7decc4aa61b8aad03590e8d560bb4b5925fae801f4c91e31674b124a1b3b000000bc4da4a9b3d5cc9e0000f6a7a72900997320a3f6da9f010d41ac79fdd84abbec7d96629491727375b853d34344c60f0061fbe0131f3c7a026d8f00000800000000000000000bd724e9fc3cc004a1097fddc65c1b1b328277ff85ed56b9261eb7bcee28ec2d3616689ab3f31f849eebce6f00e6302003c0467844e0060700000000000000db9a28bd694a09b253a1c6c7863d3b9cd506231b40a7ab7069790d5b8f7ab45184ca6d9bee429bc7e2e4d219e1d7ebeb51511d9df85a648b1b85f93cb6cd21f93d5ea3da2b31657c065d052d9b9ee00320c9f97ebac25b929b3c8d772fb5c58a936620ba1f5fbb48703ab211f442697edc165b449db2e3c221fbf270a6db414516949b976e459c9b96a1cb208188c47ce81a38a23f03bd7c1a3e60c2e294f828e0e7e42cb70328f151f949e387aae9d7d2800c8ee8e093c05adc9086d3f143a7b87d06838c6525cafdc01820a8912a1641b38333ce1cde4f00fc4b36ea125753f9cc0a44a48169ed681d938de57c2f315a7f874cd1399132a72fd9becaf35682afceb31555cee56b7da2463347e0284412995027be3e94feb31d258273bba4c0c8bcd24310567f8ee642e2"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x21e, 0x10, &(0x7f00000002c0), 0xfffffffffffffd02}, 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={0xffffffffffffffff, r0}, 0x10) 09:56:59 executing program 4: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1147810, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x222c032, &(0x7f0000000080)=ANY=[@ANYBLOB='journal_ioprio=0']) 09:56:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:56:59 executing program 0: r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r1, &(0x7f0000001400)=[{&(0x7f00000010c0)=""/247, 0xf7}], 0x1) ppoll(&(0x7f0000001080)=[{r2}], 0x1, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x6) fcntl$setsig(r1, 0xa, 0x12) r3 = dup2(r1, r2) write$P9_RATTACH(r3, &(0x7f00000000c0)={0x14}, 0x14) fcntl$setown(r1, 0x8, r0) tkill(r0, 0x15) 09:56:59 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff080d0000000c00001f01000000190102c9130001000180000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) [ 594.229010][ T27] audit: type=1800 audit(1589882219.559:158): pid=19298 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=15816 res=0 09:56:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 594.301622][T19298] EXT4-fs (sda1): re-mounted. Opts: journal_ioprio=0 09:56:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 594.398231][ T27] audit: type=1804 audit(1589882219.729:159): pid=19305 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir921554967/syzkaller.Kqxf4G/138/file0/bus" dev="loop1" ino=36 res=1 [ 594.432357][T19313] EXT4-fs (sda1): re-mounted. Opts: journal_ioprio=0 09:56:59 executing program 2: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0x51d, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe5}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_blackhole={0xe, 0x1, 'blackhole\x00'}]}, 0x34}}, 0x0) [ 594.475801][ T27] audit: type=1804 audit(1589882219.809:160): pid=19319 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir921554967/syzkaller.Kqxf4G/138/file0/bus" dev="loop1" ino=36 res=1 09:56:59 executing program 4: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) mount(&(0x7f0000000240)=ANY=[@ANYBLOB='./file0'], &(0x7f00000000c0)='./file0\x00', 0x0, 0x10a7c19, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x222c4f2, 0x0) 09:56:59 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000006c0), 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, &(0x7f0000000080)={0x1, 'vlan0\x00', {}, 0x3}) pipe(0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x0) sched_setattr(0x0, &(0x7f0000000440)={0x38, 0x2, 0x1}, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_config_ext={0x0, 0x1f}, 0x9000, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 594.717978][ T27] audit: type=1800 audit(1589882220.050:161): pid=19337 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=15824 res=0 09:57:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:00 executing program 2: sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x8}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) [ 594.778815][T19337] EXT4-fs (sda1): re-mounted. Opts: 09:57:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 594.863900][T19344] EXT4-fs (sda1): re-mounted. Opts: [ 594.960345][T19353] binder: BINDER_SET_CONTEXT_MGR already set 09:57:00 executing program 4: syz_usb_connect$uac1(0x0, 0x93, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x81, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@mixer_unit={0xa, 0x24, 0x4, 0x0, 0x0, "f66bfa0a79"}, @selector_unit={0x9, 0x24, 0x5, 0x0, 0x0, "8ba9a291"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x1, 0xfd}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) [ 595.012776][T19353] binder: 19348:19353 ioctl 40046207 0 returned -16 09:57:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:57:00 executing program 2: syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x26, 0xca, 0xb7, 0x8, 0x499, 0x1509, 0x15fd, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0xaf, 0x2e}}]}}]}}, 0x0) [ 595.131614][ T21] attempt to access beyond end of device [ 595.137452][ T21] loop1: rw=1, want=4173, limit=63 09:57:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:57:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 595.233856][ T21] attempt to access beyond end of device [ 595.264827][ T21] loop1: rw=1, want=5901, limit=63 [ 595.449418][T12789] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 595.480013][T19378] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 595.489443][ T12] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 595.509550][ T27] audit: type=1804 audit(1589882220.840:162): pid=19384 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir916120310/syzkaller.zZ82Gp/312/file0/bus" dev="loop0" ino=37 res=1 [ 595.559923][T12789] usb 3-1: Using ep0 maxpacket: 8 [ 595.599601][ T12] usb 5-1: Using ep0 maxpacket: 8 [ 595.635468][ T27] audit: type=1804 audit(1589882220.970:163): pid=19400 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir916120310/syzkaller.zZ82Gp/312/file0/bus" dev="loop0" ino=37 res=1 [ 595.719564][ T12] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 595.719620][T12789] usb 3-1: New USB device found, idVendor=0499, idProduct=1509, bcdDevice=15.fd [ 595.736272][ T27] audit: type=1804 audit(1589882221.070:164): pid=19395 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir921554967/syzkaller.Kqxf4G/139/file0/bus" dev="loop1" ino=38 res=1 09:57:01 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 595.759345][T12789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.792276][ T12] usb 5-1: config 1 has no interface number 1 [ 595.794854][T12789] usb 3-1: config 0 descriptor?? [ 595.806202][ T12] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping 09:57:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 595.852838][ T12] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 595.946331][ T27] audit: type=1804 audit(1589882221.180:165): pid=19407 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir921554967/syzkaller.Kqxf4G/139/file0/bus" dev="loop1" ino=38 res=1 09:57:01 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 596.048317][T19420] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:01 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000580), 0xefee) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000040)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, 0x2, {0x7, 0x1b}}, 0x50) [ 596.105315][T12789] usb 3-1: USB disconnect, device number 81 [ 596.109705][ T12] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 596.132458][ T12] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.184209][ T12] usb 5-1: Product: syz [ 596.203004][ T12] usb 5-1: Manufacturer: syz [ 596.217674][ T12] usb 5-1: SerialNumber: syz 09:57:01 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 596.323689][T19440] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 596.396931][ T21] attempt to access beyond end of device [ 596.412806][ T21] loop1: rw=1, want=3093, limit=63 [ 596.454104][ T21] attempt to access beyond end of device [ 596.467874][ T21] loop1: rw=1, want=5141, limit=63 [ 596.487408][ T21] attempt to access beyond end of device [ 596.501304][ T21] loop1: rw=1, want=5241, limit=63 [ 596.579391][ T12] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 596.593592][ T12] usb 5-1: 2:1 : sample bitwidth 253 in over sample bytes 1 [ 596.603243][ T12] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 596.609542][ T12] usb 5-1: 2:1 : invalid channels 0 [ 596.634669][ T12] usb 5-1: USB disconnect, device number 40 [ 596.899317][T12789] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 597.020433][T12789] usb 3-1: Using ep0 maxpacket: 8 [ 597.159252][T12789] usb 3-1: New USB device found, idVendor=0499, idProduct=1509, bcdDevice=15.fd [ 597.168604][T12789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.192223][T12789] usb 3-1: config 0 descriptor?? [ 597.272170][ T12] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 597.369256][ T12] usb 5-1: Using ep0 maxpacket: 8 [ 597.459573][ T4141] usb 3-1: USB disconnect, device number 82 [ 597.499784][ T12] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 597.508766][ T12] usb 5-1: config 1 has no interface number 1 [ 597.541967][ T12] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 597.553979][ T12] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 597.719407][ T12] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 597.728495][ T12] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.743279][ T12] usb 5-1: Product: syz [ 597.750409][ T12] usb 5-1: Manufacturer: syz [ 597.755178][ T12] usb 5-1: SerialNumber: syz 09:57:03 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:03 executing program 1: sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:03 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000580), 0xefee) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000040)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, 0x2, {0x7, 0x1b}}, 0x50) 09:57:03 executing program 2: syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x26, 0xca, 0xb7, 0x8, 0x499, 0x1509, 0x15fd, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0xaf, 0x2e}}]}}]}}, 0x0) [ 598.079221][ T12] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 598.086981][ T12] usb 5-1: 2:1 : sample bitwidth 253 in over sample bytes 1 [ 598.129584][T19534] binder_alloc: 19528: binder_alloc_buf size 1099511627776 failed, no address space [ 598.151232][ T12] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 598.180308][ T12] usb 5-1: 2:1 : invalid channels 0 [ 598.185448][T19534] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 598.217055][ T12] usb 5-1: USB disconnect, device number 41 09:57:03 executing program 0: r0 = open(&(0x7f0000000240)='./file1\x00', 0x141142, 0x0) write$UHID_INPUT(r0, &(0x7f0000001440), 0xfffffc41) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(&(0x7f00000000c0)='./file1\x00', 0x0) r1 = open(&(0x7f0000000240)='./file1\x00', 0x141142, 0x0) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000000)) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000200)) [ 598.292844][T19562] binder: BINDER_SET_CONTEXT_MGR already set [ 598.324622][T19562] binder: 19528:19562 ioctl 40046207 0 returned -16 09:57:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 598.337394][T19565] binder_alloc: 19528: binder_alloc_buf size 1099511627776 failed, no address space [ 598.349062][T12789] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 598.363157][T19565] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 09:57:03 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:03 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000083a09018000000000000109022400010000000009040000090300000009211300000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00222200000007312de065040ecc5b707bf68d92d5a7053abaf7604d07bec34eb53ba6df52787536def7"], 0x0}, 0x0) 09:57:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 598.461770][T12789] usb 3-1: Using ep0 maxpacket: 8 [ 598.609379][T12789] usb 3-1: New USB device found, idVendor=0499, idProduct=1509, bcdDevice=15.fd [ 598.618640][T12789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.673370][T12789] usb 3-1: config 0 descriptor?? 09:57:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:04 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:04 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 598.959009][ T17] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 599.032094][T12789] usb 3-1: USB disconnect, device number 83 [ 599.059526][ T17] usb 2-1: Using ep0 maxpacket: 8 09:57:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 599.193927][ T17] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 599.226632][ T17] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 599.253405][ T17] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 599.285558][ T17] usb 2-1: New USB device found, idVendor=093a, idProduct=8001, bcdDevice= 0.00 [ 599.330941][ T17] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.375684][ T17] usb 2-1: config 0 descriptor?? 09:57:04 executing program 2: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000d80)=[{{&(0x7f0000000300)=@l2tp={0x2, 0x0, @private}, 0x80, 0x0}, 0x2}, {{&(0x7f0000000680)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000900)=""/8, 0x8}}, {{0x0, 0x0, &(0x7f0000000d40), 0x0, &(0x7f0000002880)=""/4096, 0x1000}}], 0x3, 0x0, 0x0) pipe(&(0x7f00000001c0)) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x800) lseek(r1, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:57:04 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 599.718597][T19655] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 599.765339][ T27] audit: type=1804 audit(1589882225.100:166): pid=19656 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir602339916/syzkaller.l0DHz4/219/file0/bus" dev="loop2" ino=39 res=1 [ 599.859900][ T17] hid-generic 0003:093A:8001.0001: unknown main item tag 0x7 [ 599.867332][ T17] hid-generic 0003:093A:8001.0001: unknown main item tag 0x6 [ 599.888996][ T17] hid-generic 0003:093A:8001.0001: hidraw0: USB HID v0.13 Device [HID 093a:8001] on usb-dummy_hcd.1-1/input0 [ 599.903506][ T27] audit: type=1804 audit(1589882225.190:167): pid=19666 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir602339916/syzkaller.l0DHz4/219/file0/bus" dev="loop2" ino=39 res=1 [ 600.061352][ T17] usb 2-1: USB disconnect, device number 106 [ 600.491216][ T27] audit: type=1804 audit(1589882225.830:168): pid=19691 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir602339916/syzkaller.l0DHz4/219/file0/bus" dev="loop2" ino=39 res=1 [ 600.564407][ T27] audit: type=1804 audit(1589882225.900:169): pid=19692 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir602339916/syzkaller.l0DHz4/219/file0/bus" dev="loop2" ino=39 res=1 [ 600.608263][ T27] audit: type=1804 audit(1589882225.900:170): pid=19690 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir602339916/syzkaller.l0DHz4/219/file0/bus" dev="loop2" ino=39 res=1 [ 600.848793][ T17] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 600.949019][ T17] usb 2-1: Using ep0 maxpacket: 8 [ 601.118993][ T17] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.143022][ T17] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 601.243076][ T17] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 601.349650][ T17] usb 2-1: New USB device found, idVendor=093a, idProduct=8001, bcdDevice= 0.00 [ 601.397333][ T17] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.491236][ T17] usb 2-1: config 0 descriptor?? 09:57:06 executing program 1: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001440), 0xfffffc41) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x200, 0x0) creat(&(0x7f00000000c0)='./file1\x00', 0x2) r1 = open(&(0x7f0000000240)='./file1\x00', 0x141142, 0x0) write$UHID_INPUT(r1, &(0x7f0000001440), 0xfffffc41) fadvise64(r1, 0x0, 0x0, 0x4) 09:57:06 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg$inet(r2, &(0x7f0000005400)=[{{&(0x7f0000001440)={0x2, 0x4e23, @local}, 0x10, 0x0, 0x0, &(0x7f0000001600)=[@ip_ttl={{0x14, 0x0, 0x2, 0x4}}], 0x18}}, {{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000005580)="9ea681177e8e8255e46884b11ae739b29629ac0136989524db6eb6e02e3318da7f9d35067e64aa15b4e0c67f737b219938bbffa9615ec5fc6f1e4c0f1cdba7ce54e1eceb5a153c54e7012a8a055071aaad686476d61946edb162d63558b8d45aef4a5b6c6155ec09717a03721b3b954968a6d4beff6f9980964d052e41b148b49322adf4981092a8dd67172c927b250701ab9d1ca605723ed7bbb43362476420cdeb38b23a6743065a3c9fcc934ddcd8ce341eff32136fb589e2db810929bacce206601aada73d237ab5fdc8866bf5fc120ddca49dd6e147324e75a64680e401d135a59a461040ea23e3bcf98ea58fcecc73cd1527b0a63a2b734a652d4c6553dedfbb560e55bc5be8983364d106f9e9765db4285a548754d38308193d97376fd707d8ff5c568b144c58d615eca123d4aaa5996a0e685131bd9d47f0c470f6f2820e295f0711fad912217425c0548aae0d1e3d439dd88c226c8747107ee95b062de8f650f16b00bb99196c8ea0d1a936b7db2b5723c230ce59978ff8f218b85de804607e1cc653543ede0dbbcfefe0e050ed27dd7d8202d8bd67083c195c929b779d9662615eff8f2c4ed5741fa6020109ca523880b969a7343295b6a83cfc1f634dc2515963abb844661fef5de5348595e2ffe8c14502fe9fd5f63a4c1ce99db650ceb1d9cb82de76ef944a9ffec4ee2645390f2dbd2887f555c0c07dc07bbb7ad9ca0c7c8344452a6a4d9d70dad70c8bb80e40b1ef4a4205d2d68e4a10277aa16d122f0358ed20f5b38bf4893841956169e2ae23f904267e5487f7d022a2229933ae021bc4e5df5a4cbf9f60d26d65c416bceae658b4bfddf6475e61fbbd28548e35bbd11f2e718af03961f7b79bf22fd9e92ce88790dc2a4ffa9ac1b8ac28d3ece2a9bcced8e5ae2017027313b2f119e7adc2dce2c3c3728aed2a9777be35c23dd982f2bad7e9d9e8f20d8d8b074003dc146d7ca84bb1f203842d2cf300f14b6436b48e6dc2db2237a4b1f23e8565c5380cc1c1f3e341054a9461a0a69ac7a742d798f854ede066b70189b57224ea48546c75b64b0959992a22f692041f92da5ef8747770c383c49421540d5a994af099d9fd20eb38cd2806ec56c62aa7b913ecd3bce8ee13c5f8029a5cfa3f0d3a887d11af06e5a0206f6a5ad2746d3913ca070428bf64e3280a3a4e159c5ff16f966649d6b3c1fe1153a5b2edecc5264b457f6dca3fa2b49d57105b19645ae5338509b79010597401f5920a77f82f2773f908d94683749cdd350064e63be58d56ce6d57f1110eff9583f610db73690635ff4346b4d3d6bbd6e4e7b0ae7e2126cb53ff80765a7fdc437120f970f7e8913428fa2c05d97c63e5cb5e9124ffd529b7cd77bc5a76bf3b1c72b12f96c9aa9c6d6a26b6298815472220130564508186ebb5cf1f541afb2dab476ef41be5480d9b88dfb7ced3b5db36a86e9f419c9405285c2c97782de018f7b55a4bca900979fd98b2eb3361cba37d3347f5493cfab03c9c12d49401ebedb29aee3de779e3ddc48a572eeb7b88c3160f03b4f9d0395b5f58041631e5e8ebd97dcafaccd6181b6c496173c559f707297ba04222c7c3d2b10454c01eb98ae5b9702e9fa6298cd586a19838bae8fe7a69b5808793af3ac488dddbb7fc40889b1a31bcf83409de08268a7d6f72b6f7ee59e2429671ade0cfcb4bbb2d2d0d889698cc2c4611aa3b4a7a5a89bb529688f06634aa82f02893dac10e1227158c6a588d34c5f853ddabfefca3b02079284fa4ea3c89b3a3aa7c9cb55518e8930c4cd8baac0e3d9cdc0eb648288e51120ef2e407943a7c81a6ed8811779c4c33761f67cd392c9ccb349d86508c93e025e5f0bb3a2f590b3e08156f3e35a474ad26450da9c7c8a896f0d6c2587e73aacde9efcb536a9c77f35a9dcd2518f6cce53685e25c4131fa47feefcc35be50798ea2a96bb06e9f1f08266f620b06235f93b192c52f2f67f7094d6e7de59ed710a90dcc4fddbc0b8b99e637c65e04b3473e9f891ee9d31052fc00e94e8f8fe104776024b0a65480d29494fa4d9e8dd4532334b40941fe952f8336d42c154bb8866dcfc126eea92745aa6c906fd0831119ccac0a8ae5f93e217b1f4f07d4c9e758aa8a28478d8e98ac34386a01cd69faa2328728e527e04d64270db1b19bf89cccbc6ac822bda25cbdbbbe02da0948a904ac91ea3556278dab736a3722b00ba4a225afd904322bca519ba15e5453c749ee57e5210c2eeb5ff0d4e9a583d965eccefcc26e672ebccd2cf91776c177289ec8c5c8169b13c25eb75d3c67385504cfc49f9a12bb8acbe07296db0318296255c9a66ebaa1210ab969af129f6cfabef156c15f5410f87625b13304feab1af8736c1294fa7fe9ccfaf3047cc3fb50b5339ec2c663a02ded880a23355c49a793a613e95f4cfd2d714f4ca8adb06696ff009aad1a3bde84e241b8f746088531690cd740f7b57b971c48cd6f3641171068bccb01ca2673406680d2d1b5e4d8e4af81e499322643794a86cdb51241918c4ad96d582a7681c76a77be1207dc7cfc5726c9da450161eee9e86e68f6087d349303fc9b3481516a01aa7ed40645f830c332ba2e8f086738f7241d2e46a05bf803e8c216a7890b48b89f029b50855ad8f14d80db499a28143df9690808cdbfe9057ab0d6b7ad1d2f4d3fdf5d4bc578b0f151033bbf02dff4b768aba7336254a4bc437baf962af5d07a15f872c481dea19f329e7d066dfed8c11fbba109c657298da3405502604eea8644ee4da149e914478118d547a8c0e15fe7cf0813019207f80c34b593cbfc6bcd905772170fbc6cb95f934b3fdf6a0eecd94a0666c4ee24097ab5e50d469337a3a7e1b3a6fda01bc4b0fa6b8be90f4650b97cd3ba037368c6b3f844bee3cc97f91c1b62af60df1e609dfca10d33b7805c9afaf4e634f2c7b5de93999c6bef0a162e92daf866d90145accfa8a6bf674ba823259d240e19c1181bdc4457d796f5d1a3595699486dc5f2a51b493f8cb1eb951dc60f4c02215374be0aeaa36b57ca71fab5280ae2d708930a2641c1ed0345bcf9b24a956d7583559377b214c3340bbf09034d0588b51cedaa9a60d0a359e12f6beae217485a438e6e2f61eb6e9bbaa5ed18d318cb3e7fc85669086c9d7311483ea22ab5da9fede40c21b3e703338bc2d17eab0c2b2af45cc1b3a37035ec0725363f6912840a7a5e1020f2a050d8e1339e0d4f0411dee797768d4adf8d305f3296ab5e76a14e554e6373c1cf2b17fdce5addb22f03aa070ed99d5791bc113de646c4c81216f7df1efa4a17dcebb899c2159141fd6c665bd38c1e8a4e17030c53e39dc91b0f7641bd11ae9acf1affcecb7bf5db82fcf2c943fcb50f6a9a50e07b9e596b972ad4b79e60fe46bfc1531b635430ceecc9fe79793e994feb045a40b2df62ac3088166a0b8fa65bc3135705ef3bcdb98f8d9d38b60fc207bb7bfc2c30dc3849ed6080b905b0c142e9dbeb118032063b6772204c910e4978fb1483d8b40ff620a1d8b443f9782d21b589cdc150289cedef2d8a913fe747e1b5c7f7eaf46e79b20d60d0e738d7704ace6505671d1ea904eaf026a9acfd8e27609e289900ef3f17155b3b6c8bd7cc90aa2e77b7a420e44da85fb695d76738ba698f0d76e49e62f0b4c20aa213438f31228e28decd3db8dcd7ce83b03eb2468af747faa4730c1bf805eb9070d689712cd1e14fa6b4349744c6bb2b3bf1b77d3983df604f87484eafdef564b97d3b4173f337324afd970009cb774935559b010b797741b0b55d481603de90b4570dd735bbdb0f706f45ba5b120a895c17db374c1a2b5e002814d8f2c7a84fb55493531ade5271ced08933d1925a26735f20f900ce9bc7812f4742533d89c6950a9bf9ece353dff4d36937010379e0474e20baee0fb9ce8aba0372315a65b1df25b69a5ca5e9d2b7f4f7bb7f3ac37dbe92d33740ed274635d20700c14c4534b417db5e7995fb58cd8719c358e253db04c2f4df382d1e40c0f5464b9927474d9aa1f81a20be9d1bcf4862496f1cdfb76764c7e600660f954d150da7cb60e248e2c15fa5e6dacf282d42815b1f0ae3d328e664d451b90141813c60930ee614117a9e64794c649adc2faa64fa7eb389fc73931b92d22f04741990c25f131fc25767309fb2def7321103c5479e46836a3a64407697254dbee762540d0ed66b894c466ec576066619f92a7c1def5beeba7192b20aa3beb52f33ed6c29f5cbfc6712c4d35d67b9c122b62ad65f162f1c3c023fd4a4ebe4f03d9491d43515688919e4ecd7f47b7e0266bfbdc588bd01bff89e68eee8bd55d7a11603942c41a9e0ba7c826e5415211cd939c767d94368336d92c5c260535a8e18d40cdc7e3a64319797d57cf01695c1fadf90e892333bc7b2d98c81e9dad0e7b6880f3dc11457cfedc6ef3fd411b5666c76b36cbe1191bb868bf5df4f8605840269291d8298717b45505effb2f47e8031b8e5a221ad3b6e9ca9e8e1d71fe3db7211c0ce0d55af41be2c10b6224cb56057e24256489e37e1a3739619762aa926f1d68510e03fa33214da11eeb2a368079d649b97eb52d49296c43efeecfef9e5c7698172cbcdce505374eecdf37e96f5e87930846d32c042459c6860d569e03103d26c871f76190dadf05a4cabd9a6bf00ad03d78e9127721276fbc80e4196aa6067e8d29e7a85aa0eaef3fb42029ba8496fe68cc7fed304062edba36855e3bde35b690faa2c81f2fa039d61bb4d37ad6d0da77613803ddd11dfe6f537df254f8f859a945bc48ea17992fe431c457fb9ba6d7c06f9404e1a4cab59c27715ffdcada249bb6d7f5ed7f03ba3d03ec91b01ddd0f143e0db7ac5574a1353dfeb229dc0f1ae2cedbbd583bc374be1fcf7de80f6415922177c728ef82591d79d23b3c5f6a5f750fe14ff192a8535f5be5c04794e1e19066c004987053cc176c2045c6a481ea1fb2afa38e9a31163a377386394c1f713e56d4980584cc7070960c5ae9a6a0109f2e38152839aadcd0712b36012430798b32565fa83481131d0e4d12764a7620211e564fcb1be59e4c03e15a8afa48ae306c2f9693f1ca160fe9e01b8cadb36dc0f8193fa3a16ca01390a221705730e31c825d948bdf439d7414ca03e7441ffe1dd8b7b0a57c2fdb6db71b6e18c0e4d4a23515c838640e181e600721d20cfbd01a847a2210996cf1aaed79832d916740a23fed6b3cc69b6fe0424985834d5eaac707d440c125d2dc6036974ac1d7d51da41602883875c49b835bbccdf9408067f1b376e4b5f55e76465e952891f3ba912b66190d086a41f65857bc3e107e3783c9c9ede7c8fd7643c746a41848e232ec1c2a86669d5938cf33ac35a14d5a682c5203b1c8b3f845d7d2a561626067dad5852911a62f5f730c64332bcd951e9c81879f3c9970e5e5a00e3734dd9c4c842f9ee63baf79276fc57d0bf38fb701825fdaed39049bdb30b6e537c34f7a0440bbb4a4242d540d67e2ad7a2eb541bd8e096503f3ee7f5ae4f86831bf2603e2245d6706eb3ee1dcdbdc6c51c076042f3f61fe8", 0xf59}], 0x1}}], 0x2, 0x0) 09:57:06 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:06 executing program 2: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000d80)=[{{&(0x7f0000000300)=@l2tp={0x2, 0x0, @private}, 0x80, 0x0}, 0x2}, {{&(0x7f0000000680)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000900)=""/8, 0x8}}, {{0x0, 0x0, &(0x7f0000000d40), 0x0, &(0x7f0000002880)=""/4096, 0x1000}}], 0x3, 0x0, 0x0) pipe(&(0x7f00000001c0)) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r1, 0x800) lseek(r1, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:57:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 601.639597][ T17] usb 2-1: can't set config #0, error -71 [ 601.678703][ T17] usb 2-1: USB disconnect, device number 107 09:57:07 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 601.865873][T19723] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:07 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000083a09018000000000000109022400010000000009040000090300000009211300000122220009058103"], 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222200000007040eccf50b40941aebaae216a822f31eadfb9029e9"], 0x0}, 0x0) 09:57:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 602.099766][ T27] audit: type=1804 audit(1589882227.440:171): pid=19720 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir602339916/syzkaller.l0DHz4/220/file0/bus" dev="sda1" ino=15819 res=1 09:57:07 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 602.258625][ T27] audit: type=1804 audit(1589882227.530:172): pid=19726 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir602339916/syzkaller.l0DHz4/220/file0/bus" dev="sda1" ino=15819 res=1 [ 602.263967][T19747] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 602.291824][T19750] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 602.458594][ T9700] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 602.551577][ T9700] usb 1-1: Using ep0 maxpacket: 8 [ 602.678849][ T9700] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 602.749518][ T9700] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 602.799665][ T9700] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 602.836167][ T9700] usb 1-1: New USB device found, idVendor=093a, idProduct=8001, bcdDevice= 0.00 [ 602.855305][ T9700] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 09:57:08 executing program 1: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001440), 0xfffffc41) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x200, 0x0) creat(&(0x7f00000000c0)='./file1\x00', 0x2) r1 = open(&(0x7f0000000240)='./file1\x00', 0x141142, 0x0) write$UHID_INPUT(r1, &(0x7f0000001440), 0xfffffc41) fadvise64(r1, 0x0, 0x0, 0x4) 09:57:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:08 executing program 2: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') 09:57:08 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 602.934546][ T9700] usb 1-1: config 0 descriptor?? 09:57:08 executing program 2: sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:08 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 603.198460][T19779] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 603.332644][T19800] binder: BINDER_SET_CONTEXT_MGR already set [ 603.355460][T19800] binder: 19793:19800 ioctl 40046207 0 returned -16 [ 603.429478][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x2 [ 603.436966][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.442517][T19800] binder: BINDER_SET_CONTEXT_MGR already set [ 603.469930][T19799] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 603.471997][T19800] binder: 19793:19800 ioctl 40046207 0 returned -16 [ 603.501730][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.535892][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.567774][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.598670][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.616643][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.634332][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.648157][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.664792][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.680053][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.687509][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.703088][ T9700] hid-generic 0003:093A:8001.0002: unknown main item tag 0x0 [ 603.734163][ T9700] hid-generic 0003:093A:8001.0002: hidraw0: USB HID v0.13 Device [HID 093a:8001] on usb-dummy_hcd.0-1/input0 [ 603.778087][ T9700] usb 1-1: USB disconnect, device number 42 [ 604.418315][ T9700] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 604.508329][ T9700] usb 1-1: Using ep0 maxpacket: 8 [ 604.628306][ T9700] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 604.653606][ T9700] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 604.678270][ T9700] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 604.707640][ T9700] usb 1-1: New USB device found, idVendor=093a, idProduct=8001, bcdDevice= 0.00 [ 604.728320][ T9700] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.745212][ T9700] usb 1-1: config 0 descriptor?? 09:57:10 executing program 0: timer_create(0x0, &(0x7f0000000300)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) futex(&(0x7f00000001c0), 0x8b, 0x0, 0x0, 0x0, 0x0) 09:57:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:10 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:10 executing program 2: sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:10 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/route\x00') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) [ 605.258241][ T9700] usbhid 1-1:0.0: can't add hid device: -71 [ 605.266930][ T9700] usbhid: probe of 1-1:0.0 failed with error -71 09:57:10 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:10 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 605.310613][ T9700] usb 1-1: USB disconnect, device number 43 09:57:10 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup2(r1, r0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000900)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) [ 605.431942][T19852] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:10 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 605.552455][T19860] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables 09:57:11 executing program 0: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) mmap(&(0x7f000055b000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 09:57:11 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:11 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:11 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') sendfile(r0, r1, &(0x7f0000000240)=0x202, 0x3f) 09:57:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:11 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:11 executing program 2: mknod(&(0x7f0000000200)='./bus\x00', 0x1000, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x129402, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x42602, 0x0) splice(r0, 0x0, r1, 0x0, 0x1001, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$unix(0x1, 0x3, 0x0) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) r6 = dup2(r5, r1) write$FUSE_IOCTL(r6, &(0x7f0000000000)={0x1b}, 0x20) [ 606.427705][T19899] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:11 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:12 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 606.751011][T19928] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:12 executing program 0: mknod(&(0x7f0000000200)='./bus\x00', 0x1000, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x129402, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x42602, 0x0) splice(r0, 0x0, r1, 0x0, 0x1001, 0x0) r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) creat(&(0x7f00000000c0)='./bus\x00', 0x0) r3 = dup2(r2, r1) write$FUSE_IOCTL(r3, &(0x7f0000000000)={0x1b}, 0x20) 09:57:12 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:12 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x2, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$unix(0x1, 0x3, 0x0) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) write$uinput_user_dev(r0, &(0x7f00000006c0)={'syz0\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 09:57:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:12 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:12 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:12 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 607.450937][T19952] input: syz0 as /devices/virtual/input/input10 09:57:12 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 607.538255][T19952] input: syz0 as /devices/virtual/input/input11 [ 607.578359][T19966] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:13 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88010, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x0) 09:57:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x1000000c8) fcntl$setpipe(r2, 0x407, 0x0) socket$netlink(0x10, 0x3, 0x0) write(r2, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x0, 0x0, 0x1}, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ba}, &(0x7f0000000080)={0x0, r4+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 09:57:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:13 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:13 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 607.895601][T19986] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:13 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r2) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:13 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:13 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:13 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) madvise(&(0x7f0000000000/0x1000)=nil, 0x600000000003000, 0x15) 09:57:13 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:14 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000005400)=[{{&(0x7f0000000300)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000001400)=[{&(0x7f0000000340)="9b658d5d800d27833f89262e34c8e860d18862f573f104c4752990289247a299017aee5c521265730b1319d78ea4deacb106b4fc05d0cfd0e7dfc85444acd944ab2608ac931cab1d3db870241e6cb4f2af781e305fe96830178030ee42d8a0ae20fd6185ae026128f39c72401ede797ef6d8bc9103d7a669719cefcb33719d0c923808e294812eaa710ab29aea282a865d2e704bc5b4f090ed7f803e5d2ab0a8d41a14ea558e28ebbd7cdc1850105bdab22b18f02bc9e84dafee1e7527d23aafc3a0e315836cb507fc7db35dcb15eb346dde1652e9c0518547fe8ae94f2c63cb1520fa529aa8f7e9f55d776d093cd598f0cb975c6ab3be44c186bbcfdccc963c261af45568e3576aac78ac99f9004e83a4e0fdfdb9793efa775f29cb7d5b4ef4362f105ac15dc71465e6b59d2ad787c6775fdf8eb2f9957f99a78abbb454f2d2ee484235dcd836ed6c6c907af2ea9d60a1b7c9642467c0be5ceb9f8849c96bd52d531c7eac5436b02e18e9756e25b9b411e027f996e3d39d4914380fb49af75d9bad4dd0b993646e45c5011a210bd961fa4d6b4086cbba653ca15475c02ebf9f57941138f36d29f6afc33ca8cf2754ffbcd3df0fa22dd7ad4bc6e142fafc55d0066e4207796aa96a0f2924110dc6d756db26c73c7aa8ebdc19649b2625c2b8b9fab97f1e031eec0c08ed35db3b4c4af856de876f516ecd957160d8a08939f6f0cab71f884339b5e1d93553f10e14c5b5bc958fd5da5f35ba69ee11ab7943e0785cbbba29024f571cea71bc0e36ef4d0489cbc4a8671d825b17be15d29ae3b01565d6f8140fe87906918b0680ae369954d19505ec6369552a73a87befffdf9638c52e144a714cebff48821ad451312a3c5d8f498f6fb118acdabf417cbc10bebb2fff3c790cfc56deb162ebc7b49347a86350a953a189634b4e0e1946c6fa50848802fafe5d31e8f71eadc573e174216e1876c571215c9e4177dfb17f8170d575fc1e588d120455cb49be07ff20747a4ba9c3ff45df1fd41b06fff55782abd2698fe4085bbda8525de6ccff854f504815e76a0544d3f3afd98c892c9305ebf51e136ac9ddfe7a5a8b124d7929b0e514a91be2a74b512b8664d0f7ab7bc448c489569fab12428f6631371c4bdcc164784d56730ea3ea53d59e1b745b0b3b99bb6225841e5e515e0777b98e2c1f0f707ca1e1fc3363c8ce2d3b8d4c5ae24d4473c06fc6eb6ed0bbd401a21f4275ef4e623b19c32ccec3b046625f714e972f9f26616b6eea0aed37c67d92905c6b5344d6361a0e8eef73a17bef863b1ea01ca76635f0a585862bd777d0b8df890b31645af13b51671e651ef044e2be350f3d4c4a4ec234f471c5580dcd5960551fa43a24e7552317ee70e6a29fdf82cebc9917d215f8f693b9d8438e1ae0081916625b0dcdb7fa248e27780e8ffe3b42bfb40ef0a0a9f9a3f9b2fdea5e9cc832fcba5aebb2f1f2796c0ad527a552f38f742506b51a175dea21b6fa96968df408b8419b9f9faf1ddb25ba2d6b7f95d243719e791d7207d69112c1d660de8c514f965885921141acf36fcd1ef378d7922eb659066047580184779c7db00671e13e69f712fa2f55fe9cc5cd05753df0b3cbbbb8cfc6bef7d4ec2e1d1acd30d41b8084877da3af2d301651286f93dd3ca862f74f045a3c0d13239ed8eca70d7a8cbccdd6b6fb37cbf692e9f08101ea7933ce88eac79d2020509bd96a501e38c7fc9287406889a7de0bc46422de04e88c9bdd123062f653e6929d23ebc7c55302cb4a824fe0c03566a24a34423c8edc28f94ee010b2e095d0b1f882c00f6f2c3cc4ae2334d57d08176e6bc556503e613e4e48b36c90cfe8d04a7f8c7060a0716359f2b0e8a0515fdd17a3c9418a159d95824c8b6414052e83b77999ce0d8b524c945893c1e78f05dd0c1a650570b0ed67b9e455824da4a57c0a8af2e927aa05c551bbdf9b6daf7c2aff4dd6a223e180fd1c5c02b2bb9c50cf0011de553336ad5a3b908d1f311d1d310677d782f3b9e9a52f26bb1e43e0c8344b8e67af2fe64c6b68c87167cba53c394076eb6c05283459d56f0a1249766bfeb66563a4c483a40abba9bed64d03b6e34d1e5f8ab1b37da91694c22667caf416c815b19ce95b9778e906315607991162748110c566b64b8f206b6629b516b1dbec29760cb90d47bcb1057f446ba41ce637d05ea0b05452ea72d3ec707e243f3d0ce0301d631e98c2936eecee9177250be839f07213ff80f431168cc8bab64a5571d07c0dcfa4f6a5af98afe771e1bc29a846a012dc9c8a8d8e540ca1b18839ff8005cc62f0cf4db599b59fb06e009697f67794c711ccfcf955c5e0e55187c7da142103d139b96e7406d59e9d515a4b6eab25cc0cc0b3cc7f9dac2e073da324f3c31839ade2d1463af5c67f41b054217528bb5b86a2a7bede9a1e2177c813fe3dbeb713691d0c9915983f661c0c79cb6a9a7c33681a027357d677618e9c0cfa8bd07b3c7957e287992a9b1b3fca17f7242d193e2030c69840dbe05636b143a62486135afd6c7331d84ced421c25ede2a86ed519f70da4867b8a39f047e18cc56c82103baebee91c4f7df91455f926024b0171030e224baa339fa69e4fe4e45eb8a90c24b73767014c3eb4666d88f01ceda0a613b99bacccf0f38fa962c706b16e222a06b08109d94f3cb288e11fbaa0a86a455b1da0510d9bfe4d22308056d0e11682e7f468823056ec05ad8037b065de7ede628ee7d64ff1c19239b2a280de02e745f4da9813ff61d8306e16964280310d291eaa5dcf38ff1f4b49cce656d12cff1aa48330a86c0f9a79ba8e27443dfe8a945a364a9d0ab5719af121b95d48cb7b79d1669fc75caee7639693acb93e0103a7fe2f334187b7c0e6ba5e1f924b43b394c86d067d3201084c4722dbed7ce69b72806025a1cd074756ff8c9290ec980dd17ade7ab1af4224490f3d4a986f128be19bed613c9333e33f207b1fee3cca60b20dec6ab9c4933ad1fca5e8f547d33ab9d18b6e82f622b7a5dd1b8439cc081616b2cdc6e3687ef573d41407e3ede93e80cab704d3f44b22292207055ff8ac889a63bf3b3914a109ea3bb3a7a662b81a07f5fbf4e877626c79cd68378106d6affaeb3233dd7bfe8a7079aa945fa986498757d07722a08eb5e4d2209fcf410136da8b0e79ab85d2b4befbb7cd7cedc7a494e1b64f2da1c2d47a5f0b16ee1f511f8e6693efb912118a0f38427c04cbf4f14886921a6b47f95b166ad436d1ac01193c55e000797b7d7e3f276bb3410873fe0f1b6b15c55ccc202ac40f35da2a3a9eaedb9d6cbeb66546ad730c055efa8615403a94e0ed0985b986d8ac494523408ec75bf2cfe8d5bdceff7eea93161269e39ed33eb303fa9f739007aee98f1acde694b73dfea05b420ffac1020966e13ade300ec0714d5ef3b7e6bab6a1cc506ffa7a2e89a021237145377e1b2d08aaf91d8ba9850be56cb447a83a2097065e0bc43ebe2c62f534b516d2e65558536fa67cc3b387df00cd6f8e33d341b146cdccb14f37d8da5071dd403ec6f2db3f77ab4792f72c6086468420d7ee7b0e9d5d044a8c88493980848ec782fb96bc7ccd9d30821c4d693eaad3a3c3c2dbc35a07b239e5221ea51acc1f2aca2d0116b702ba2a37e7b3b039799ac8c70c0dc1856e088da3924c1482d5f646dab8eb5472d8b5cff9e4263a7674280038ce2c6a4e297500e6a7d95c3d9cf1e950198465874626e78cf68e3357a095a3895e9e7dde59c5feac0cdabbe50402ecbbb2e39b6575b63f66f4dcdfcca7a2980f865492f5ffef0c580e8872208f823dc723054e10dfdb51956790c5345406b165b39d096ad20bac2b78133fcf79a685444d2315ded998c596ca2caf5817ec5af4ee6b8f255c85bd2f907a6a477ec3e36348da259e2f0c4c7b063caccf9c94066245cc51d3eb0046aa5132657427506f5b8a96217056780b3f877d32b0e2f00794ea3218c2527c981cb4502ae53d35441d6d563a6de1503a90b6994046a88204fdebccd058b93994b646605e360b2e59c37fd98aaf4c129c6f59e17ab644a970a6e6cfda73c3f743358cd4e04c87fe38387b4a3035431abe8678c144a337f80854245055128960633c6df708afd41ed4cbf412e0865257d51a18219f17b2242db0cae7bdc6a014641b03619b9632ee4f0b1c8cb28c7c142f46edef767ba6490815736d4b72516da2ac8837799af12306305046b31cd4b6aa80692b17396fed378cf236b230acc02d7dd3c8cd0a9b27e61cf6f8d2715f3ab6cbef02c7c83b35a99d19e9a6750e29877a04a75dcf41e2cb847e73d4fbcd098cef305d18d1296ef8a97c219d807c1bb6c96ce9726666f9c3edea43868769cf3f4ba39450f854cc68175f1f9d083992a0716990e9b223e9c0cbefc60c480400cb8ce2a6e7a4ba2c05473f8e77e8b3979e25b99262fe440b2c6c3ca34ba711f47a6083f6138a202bc2fb143ea538e87cffe0a51ddc11c361c235553b0757cdb4974af01e30814a9ce6e0d8b6974f8ee0fa67672ca3740df9ffe69c1e59957c700d49413ed710bf32261e3786dbdb027dfbd61f492c136d90992199d8f5919939fa993bbc8e193095ac64cecd250de2d362b65a24101b3c5ba8ea708e9c28e6ec26225ab39574ad34376d7089eed1616b92c4536123574b78fccda367fa86515fbfee0bcadbb2d6f2487f2288dda7067a340403702c9278aeb246cd9100761842b281f61c428a52c1edb2597a68e20d26ffd0c60edbcebb372fb1f184bdcc15850ea6ad166086462a4b06974099f8484aaa1dbf471b0ff529878fde60ffce60bfd625a2eb4345ee4b9f179f55659e24a9102fb0aedc50c0644930524eab8689220db679e6638494c75fad022694c191616adeab4e543cafa35f66ba6365e4612b4f5449e1e3e71e7d9fe6b576921d8dbfa69a1e218b5f0ef76ba16968bc1ef6c003739864ed630b75e4be72efeb7ef1fc766791436b62380560a177af537765b7ed7bd8fa3bc3406a0c73d12d553d3c4b072a83f549c763fc4053f922166ae690b180b4cadcc9a0538d703aeed94bf3f40b47258464ccd6dd2298c5d6a5b15db0fa9e2f1aaa9c80b03ba57d7fc2ad3645bf8549c327ddb239dde4aa2becc81cc3f1eed28dd7170464d5489a98facbf69c00134d0be6a16812aeca796c3b6701d43adb7bd819457eedd304b17be17cea1789430f1551a93eb2398a5b25dccf6e64f5b3c300a6311d287ca84fef57e419299477476398876d55934e740f6f98c15ded4c8593f30f68b5eb9ef5314b187b005008e6abdf27f24beadc89011ea4120720299131acab8bd1f37fdf0fa1a49af6a1a9917476b0c5ceab3af97a46b83289476685c2c5b6fe1fe639570efee257601e54a87b6f49bc3f50a9922bc2d1ae4a9549695b0608f9891b78d9d4fe18e7e167d1cae1dd4a5a3a7527492f807285ed8d4703b39d95628342f166ebe38784c06754c24036e7f8299aab3319a8a8995d671939df38d411eaa64e6d98fc4d34af88454ff5e5228f013179af951e4b2bb68a0bdd29bebd94b091d152561442e136d93e4ba86a91f43133a095b1f2f9be9c987f5f51a0a46a2c649204c308e9f66d34bbc29fcf61684cd96d2d0cbc6c6a27cf418ea7eadfb1b95b2b8e0e07b8e36c7bad94a0a2e838f044c9fff4ffabd75226f3f329f0ce7292628931ef9f424d2236d0d76d826c10d40145ce8b952ac7a8ac1b8ff5f90a78247cad618d3bd81a9d68f3b4d9fe75595e85a09dbcf35f0da7b467358b638dc75b25052025495091", 0x1000}, {&(0x7f0000001340)="6af4ba1400642b85e096f3f5d9eb550035b744e9bf3ef8e71634ae726ffb551f8b6f16d59ac324b9a0b962493f723c3f4ffe037651049c6cd98857e5f3a088eb0f82a69bd1513da0718303e3dee6303c102cbf85761c716c6889e1123f37fdb08f42f6949ab64957a7f70872f2dbd40859f544eb422fd6b020585f293f7e21e243862e53dd48100fbdf08c25ace85b064999b6d4c63e94740627d8b3086b3a1d4d744853f26083d497ca75088d1d47f685ade5", 0xb3}], 0x2}}, {{&(0x7f0000001440)={0x2, 0x4e23, @local}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001480)="d32f81ac1dbdaf0dbe0da643d6f9d17e9e9f958c7c50352570ae535b20f37e287c675f0b72f0bcd026fc3508e9ed86a7e9672a44fd7bd1e8d56e605eaf9b1315b256d9b137", 0x200014c5}, {&(0x7f0000001500)="c95b57b17e77e517a045e5f3e40b94823a8deb7a95e675ab6809b76a79f1615dece1fcb761dae1502514f580fc7cc89f9bbaa95ec6e4bbbe48c0b5a1ae2f", 0x3e}, {&(0x7f0000001540)="052f89e9f246158aa025ecca17756f9cebc445b7fa1ded7619bfec43ba9ce8fc6600cd7e01642dd75817dca8af438b7f8d33593097498fdc3c14dcdb0acac800f887a7985bc17b5a403d84967da8ba3dc0d4352eabfc2ebc45d5", 0x5a}], 0x3, &(0x7f0000001600)=[@ip_retopts={{0x0, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x0, 0x0, 0x3, 0x0, [{@loopback}, {}, {@broadcast}, {@multicast2}]}, @timestamp={0x44, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0]}, @timestamp_addr={0x44, 0x0, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@dev}, {@multicast2}, {@dev}, {@multicast2}, {@multicast2}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@local}, {@empty}, {@dev}]}, @timestamp_prespec={0x44, 0x0, 0x0, 0x3, 0x0, [{@private}, {@private}, {@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @generic={0x0, 0x0, "8a88a2c77c6c"}]}}}, @ip_retopts={{0x10}}, @ip_tos_u8={{0x11}}], 0x40}}, {{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000005580)="9ea681177e8e8255e46884b11ae739b29629ac0136989524db6eb6e02e3318da7f9d35067e64aa15b4e0c67f737b219938bbffa9615ec5fc6f1e4c0f1cdba7ce54e1eceb5a153c54e7012a8a055071aaad686476d61946edb162d63558b8d45aef4a5b6c6155ec09717a03721b3b954968a6d4beff6f9980964d052e41b148b49322adf4981092a8dd67172c927b250701ab9d1ca605723ed7bbb43362476420cdeb38b23a6743065a3c9fcc934ddcd8ce341eff32136fb589e2db810929bacce206601aada73d237ab5fdc8866bf5fc120ddca49dd6e147324e75a64680e401d135a59a461040ea23e3bcf98ea58fcecc73cd1527b0a63a2b734a652d4c6553dedfbb560e55bc5be8983364d106f9e9765db4285a548754d38308193d97376fd707d8ff5c568b144c58d615eca123d4aaa5996a0e685131bd9d47f0c470f6f2820e295f0711fad912217425c0548aae0d1e3d439dd88c226c8747107ee95b062de8f650f16b00bb99196c8ea0d1a936b7db2b5723c230ce59978ff8f218b85de804607e1cc653543ede0dbbcfefe0e050ed27dd7d8202d8bd67083c195c929b779d9662615eff8f2c4ed5741fa6020109ca523880b969a7343295b6a83cfc1f634dc2515963abb844661fef5de5348595e2ffe8c14502fe9fd5f63a4c1ce99db650ceb1d9cb82de76ef944a9ffec4ee2645390f2dbd2887f555c0c07dc07bbb7ad9ca0c7c8344452a6a4d9d70dad70c8bb80e40b1ef4a4205d2d68e4a10277aa16d122f0358ed20f5b38bf4893841956169e2ae23f904267e5487f7d022a2229933ae021bc4e5df5a4cbf9f60d26d65c416bceae658b4bfddf6475e61fbbd28548e35bbd11f2e718af03961f7b79bf22fd9e92ce88790dc2a4ffa9ac1b8ac28d3ece2a9bcced8e5ae2017027313b2f119e7adc2dce2c3c3728aed2a9777be35c23dd982f2bad7e9d9e8f20d8d8b074003dc146d7ca84bb1f203842d2cf300f14b6436b48e6dc2db2237a4b1f23e8565c5380cc1c1f3e341054a9461a0a69ac7a742d798f854ede066b70189b57224ea48546c75b64b0959992a22f692041f92da5ef8747770c383c49421540d5a994af099d9fd20eb38cd2806ec56c62aa7b913ecd3bce8ee13c5f8029a5cfa3f0d3a887d11af06e5a0206f6a5ad2746d3913ca070428bf64e3280a3a4e159c5ff16f966649d6b3c1fe1153a5b2edecc5264b457f6dca3fa2b49d57105b19645ae5338509b79010597401f5920a77f82f2773f908d94683749cdd350064e63be58d56ce6d57f1110eff9583f610db73690635ff4346b4d3d6bbd6e4e7b0ae7e2126cb53ff80765a7fdc437120f970f7e8913428fa2c05d97c63e5cb5e9124ffd529b7cd77bc5a76bf3b1c72b12f96c9aa9c6d6a26b6298815472220130564508186ebb5cf1f541afb2dab476ef41be5480d9b88dfb7ced3b5db36a86e9f419c9405285c2c97782de018f7b55a4bca900979fd98b2eb3361cba37d3347f5493cfab03c9c12d49401ebedb29aee3de779e3ddc48a572eeb7b88c3160f03b4f9d0395b5f58041631e5e8ebd97dcafaccd6181b6c496173c559f707297ba04222c7c3d2b10454c01eb98ae5b9702e9fa6298cd586a19838bae8fe7a69b5808793af3ac488dddbb7fc40889b1a31bcf83409de08268a7d6f72b6f7ee59e2429671ade0cfcb4bbb2d2d0d889698cc2c4611aa3b4a7a5a89bb529688f06634aa82f02893dac10e1227158c6a588d34c5f853ddabfefca3b02079284fa4ea3c89b3a3aa7c9cb55518e8930c4cd8baac0e3d9cdc0eb648288e51120ef2e407943a7c81a6ed8811779c4c33761f67cd392c9ccb349d86508c93e025e5f0bb3a2f590b3e08156f3e35a474ad26450da9c7c8a896f0d6c2587e73aacde9efcb536a9c77f35a9dcd2518f6cce53685e25c4131fa47feefcc35be50798ea2a96bb06e9f1f08266f620b06235f93b192c52f2f67f7094d6e7de59ed710a90dcc4fddbc0b8b99e637c65e04b3473e9f891ee9d31052fc00e94e8f8fe104776024b0a65480d29494fa4d9e8dd4532334b40941fe952f8336d42c154bb8866dcfc126eea92745aa6c906fd0831119ccac0a8ae5f93e217b1f4f07d4c9e758aa8a28478d8e98ac34386a01cd69faa2328728e527e04d64270db1b19bf89cccbc6ac822bda25cbdbbbe02da0948a904ac91ea3556278dab736a3722b00ba4a225afd904322bca519ba15e5453c749ee57e5210c2eeb5ff0d4e9a583d965eccefcc26e672ebccd2cf91776c177289ec8c5c8169b13c25eb75d3c67385504cfc49f9a12bb8acbe07296db0318296255c9a66ebaa1210ab969af129f6cfabef156c15f5410f87625b13304feab1af8736c1294fa7fe9ccfaf3047cc3fb50b5339ec2c663a02ded880a23355c49a793a613e95f4cfd2d714f4ca8adb06696ff009aad1a3bde84e241b8f746088531690cd740f7b57b971c48cd6f3641171068bccb01ca2673406680d2d1b5e4d8e4af81e499322643794a86cdb51241918c4ad96d582a7681c76a77be1207dc7cfc5726c9da450161eee9e86e68f6087d349303fc9b3481516a01aa7ed40645f830c332ba2e8f086738f7241d2e46a05bf803e8c216a7890b48b89f029b50855ad8f14d80db499a28143df9690808cdbfe9057ab0d6b7ad1d2f4d3fdf5d4bc578b0f151033bbf02dff4b768aba7336254a4bc437baf962af5d07a15f872c481dea19f329e7d066dfed8c11fbba109c657298da3405502604eea8644ee4da149e914478118d547a8c0e15fe7cf0813019207f80c34b593cbfc6bcd905772170fbc6cb95f934b3fdf6a0eecd94a0666c4ee24097ab5e50d469337a3a7e1b3a6fda01bc4b0fa6b8be90f4650b97cd3ba037368c6b3f844bee3cc97f91c1b62af60df1e609dfca10d33b7805c9afaf4e634f2c7b5de93999c6bef0a162e92daf866d90145accfa8a6bf674ba823259d240e19c1181bdc4457d796f5d1a3595699486dc5f2a51b493f8cb1eb951dc60f4c02215374be0aeaa36b57ca71fab5280ae2d708930a2641c1ed0345bcf9b24a956d7583559377b214c3340bbf09034d0588b51cedaa9a60d0a359e12f6beae217485a438e6e2f61eb6e9bbaa5ed18d318cb3e7fc85669086c9d7311483ea22ab5da9fede40c21b3e703338bc2d17eab0c2b2af45cc1b3a37035ec0725363f6912840a7a5e1020f2a050d8e1339e0d4f0411dee797768d4adf8d305f3296ab5e76a14e554e6373c1cf2b17fdce5addb22f03aa070ed99d5791bc113de646c4c81216f7df1efa4a17dcebb899c2159141fd6c665bd38c1e8a4e17030c53e39dc91b0f7641bd11ae9acf1affcecb7bf5db82fcf2c943fcb50f6a9a50e07b9e596b972ad4b79e60fe46bfc1531b635430ceecc9fe79793e994feb045a40b2df62ac3088166a0b8fa65bc3135705ef3bcdb98f8d9d38b60fc207bb7bfc2c30dc3849ed6080b905b0c142e9dbeb118032063b6772204c910e4978fb1483d8b40ff620a1d8b443f9782d21b589cdc150289cedef2d8a913fe747e1b5c7f7eaf46e79b20d60d0e738d7704ace6505671d1ea904eaf026a9acfd8e27609e289900ef3f17155b3b6c8bd7cc90aa2e77b7a420e44da85fb695d76738ba698f0d76e49e62f0b4c20aa213438f31228e28decd3db8dcd7ce83b03eb2468af747faa4730c1bf805eb9070d689712cd1e14fa6b4349744c6bb2b3bf1b77d3983df604f87484eafdef564b97d3b4173f337324afd970009cb774935559b010b797741b0b55d481603de90b4570dd735bbdb0f706f45ba5b120a895c17db374c1a2b5e002814d8f2c7a84fb55493531ade5271ced08933d1925a26735f20f900ce9bc7812f4742533d89c6950a9bf9ece353dff4d36937010379e0474e20baee0fb9ce8aba0372315a65b1df25b69a5ca5e9d2b7f4f7bb7f3ac37dbe92d33740ed274635d20700c14c4534b417db5e7995fb58cd8719c358e253db04c2f4df382d1e40c0f5464b9927474d9aa1f81a20be9d1bcf4862496f1cdfb76764c7e600660f954d150da7cb60e248e2c15fa5e6dacf282d42815b1f0ae3d328e664d451b90141813c60930ee614117a9e64794c649adc2faa64fa7eb389fc73931b92d22f04741990c25f131fc25767309fb2def7321103c5479e46836a3a64407697254dbee762540d0ed66b894c466ec576066619f92a7c1def5beeba7192b20aa3beb52f33ed6c29f5cbfc6712c4d35d67b9c122b62ad65f162f1c3c023fd4a4ebe4f03d9491d43515688919e4ecd7f47b7e0266bfbdc588bd01bff89e68eee8bd55d7a11603942c41a9e0ba7c826e5415211cd939c767d94368336d92c5c260535a8e18d40cdc7e3a64319797d57cf01695c1fadf90e892333bc7b2d98c81e9dad0e7b6880f3dc11457cfedc6ef3fd411b5666c76b36cbe1191bb868bf5df4f8605840269291d8298717b45505effb2f47e8031b8e5a221ad3b6e9ca9e8e1d71fe3db7211c0ce0d55af41be2c10b6224cb56057e24256489e37e1a3739619762aa926f1d68510e03fa33214da11eeb2a368079d649b97eb52d49296c43efeecfef9e5c7698172cbcdce505374eecdf37e96f5e87930846d32c042459c6860d569e03103d26c871f76190dadf05a4cabd9a6bf00ad03d78e9127721276fbc80e4196aa6067e8d29e7a85aa0eaef3fb42029ba8496fe68cc7fed304062edba36855e3bde35b690faa2c81f2fa039d61bb4d37ad6d0da77613803ddd11dfe6f537df254f8f859a945bc48ea17992fe431c457fb9ba6d7c06f9404e1a4cab59c27715ffdcada249bb6d7f5ed7f03ba3d03ec91b01ddd0f143e0db7ac5574a1353dfeb229dc0f1ae2cedbbd583bc374be1fcf7de80f6415922177c728ef82591d79d23b3c5f6a5f750fe14ff192a8535f5be5c04794e1e19066c004987053cc176c2045c6a481ea1fb2afa38e9a31163a377386394c1f713e56d4980584cc7070960c5ae9a6a0109f2e38152839aadcd0712b36012430798b32565fa83481131d0e4d12764a7620211e564fcb1be59e4c03e15a8afa48ae306c2f9693f1ca160fe9e01b8cadb36dc0f8193fa3a16ca01390a221705730e31c825d948bdf439d7414ca03e7441ffe1dd8b7b0a57c2fdb6db71b6e18c0e4d4a23515c838640e181e600721d20cfbd01a847a2210996cf1aaed79832d916740a23fed6b3cc69b6fe0424985834d5eaac707d440c125d2dc6036974ac1d7d51da41602883875c49b835bbccdf9408067f1b376e4b5f55e76465e952891f3ba912b66190d086a41f65857bc3e107e3783c9c9ede7c8fd7643c746a41848e232ec1c2a86669d5938cf33ac35a14d5a682c5203b1c8b3f845d7d2a561626067dad5852911a62f5f730c64332bcd951e9c81879f3c9970e5e5a00e3734dd9c4c842f9ee63baf79276fc57d0bf38fb701825fdaed39049bdb30b6e537c34f7a0440bbb4a4242d540d67e2ad7a2eb541bd8e096503f3ee7f5ae4f86831bf2603e2245d6706eb3ee1dcdbdc6c51c076042f3f61fe89dd607923433ddc3e99c1a6690b64ac8a71aa6273872728203bb5616347f83b44f7fc8adcf0717b9515c45c5417d60c0f0ba221ef14322fee28fc33ca217e53505efcafd195b8cd57a3b869a01850c785c8588980baea9db7be92f36c185647f36c067c0c148f0a34e97c5bed7d5bb1c7819a4d4d9ebb71b5f8dde4480d15bae7e7de9250cdf6eef32a1db0b1700a4dd9cadaa836415341b4d09db1cac75fd566690348c7b2c25", 0x1000}, {&(0x7f00000026c0)="36287003ce847a3d519d4b1fd0c2e8d0b722e3693e23e89ba49aa3d99fcf0923cdbc672b0b6af854e89684bb15cf192bcf61a24dfe9ecb", 0x37}, {&(0x7f0000002700)="eda4863d8a02fe97227194bcb639c23007e01f6b54425707a02557bcd56a65ac76b27e04dac4b704ccd7fce1e10715233495327bc5a267f59d6dc5cc5ba155bdf23aac7da51bc0ca246648a98d983dbde7a748645a8fd187c4235bec3cfb11e41ca81e94b5c31bd289ec3a369289750a", 0x70}, {&(0x7f0000002780)="8c47985b5658022e541a7d8f1f67265d8174adc245abcca86356ea8cd176bf4c153ba7cc9aa884453961842c0101a0ee21900baa5b955a12bcd70105466ec51429", 0xfffffe23}], 0x4}}, {{&(0x7f0000002840)={0x2, 0x0, @private}, 0x10, &(0x7f00000028c0)=[{&(0x7f0000002880)="17d8ace0b2a149813e1aa1aca06d63f7cd290187933b036c5fda50a42ce68a52703727971362291df8733f2d4c468683936df302e56b", 0x36}], 0x1, &(0x7f0000002940)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast2}}}], 0x40}}, {{&(0x7f0000002980)={0x2, 0x0, @private}, 0x10, &(0x7f0000004c40)=[{&(0x7f00000029c0)="c81ddebcd1753e714814309d978b55090e607bab1c9f552be684d5c13dd8b52ee3eb620006d77f1e7d88150474c88273fd9cac26a6a25947c9b3e976edc04d19865e1e148db51d9dfaa64b226768434709da7d4dbcfbc31ea2b0e7a801d9949f7d1d059e0408cb438f39f231b35eac5e2749c6359cfaadef90efbc9e0c8470f03b788c23d96989ffa989b47e451c6754fd1d67b1ed735c4b18e31be1fd09b5e9f8d2bc1fa4c01e014a2c4b3974cfa4d090064ad7c5f247e2c17881e7e2d5a12d9072204951", 0xc5}, {&(0x7f0000002ac0)="d9265425b91160645f1b09b72e22d30e6fc5f4cab8f1dac21b79a3d5edbf479b5daace5ce7e5fd12e2a24c01358e4942caa97c9defa9015266bbf3d92b120ab093d80b8d36deb5d8c8020720cdb5bd417e69cfa273939ada36bba5124685177d78a1e4d47793dc739281424a274ec2400e640f12c2596c766874f533cc1fcc4d8684c1aa59f012d71d11891abff03d0f2fa18bbf13b11b37c8db8b13266d6e403151dacf5a1da35651224380f889339108df53ae9eb7751d5533bb8796628099557758103f4d0773b103ac51b2697a9c53ac8c534d32ba8c03dba11b2b81a76080adfb9220b4283e9ff95c0d4bf409c2687d9ae804fdca9fb49aaa9200535d28eb82daa024a92254137a9d5ae92c3570d3f73446cfb6fc463dbb1a26821330cd71a9d264054a142c24bc24110aaf339e0a42986e8962b2eeabb24a5a7c07a82c4f0c7bb1b7a810de40bcfc62d904ca5b9bbef8fa96482eab11261cbd1fb92d5c26d85f698736f039e316dab031971fafa6826a63ea103254df821e115017942a0eb641cef5531f2ae516e3361975c2295458fc555b18b5dbf4fbcd5b8ffd618523603f234b69bb2a984486a8b37c9954c4061218a7104c8742b4224a5778a7b01a1de4c876212a72b9015a622aefa94a4c3fed45d08c678dd2cf173907cf0675439fcef4bb917ac36781285e17eea049116855fd6bb453a55ca5986115173798fc5aae4d47b15bf2e97ad0468cad43ee17a721e624949a5dcca09e77c3722cdefa88757963360af963a56c0899de5e49b18c8ad06dba340dffe1dcc9d129b17dcb557c0c3d2d3342f4f5890f4dc4e96aa5d0f45e8758d5a05161064eb4a03ba482f0e4b20cf6ac8ec71ade4ae0f3c79c221aa2185b62f90bb387ebc77078327c5a75df5148e72314f62c8353a099595fd38b533178f7a685e5d8f00e49242656015fe5323310f07eddfc1c9b104d3fe0eff302b2b6e543f1e53e56cd2ecaf911f6a9da8aab8483df0884fe4a981ab8b614292fa621e29893e7af352682f63d30ce0de94735e363849e5be9d72944df3516ce5fe2a5d7c8429ef2944ecb852ed29beb37b01b0f0ba5c89f2590ea48a83f7850084d05bccfb126a40266a90c4799666fb860342c084b6179f250e03e0f808a87dcc3ac1dc30dd405c1978a403fdff6ac1faa8596f9d4065cee28bedaec19fa663e810908cce8dd9e888a63abecd5ed80701808aaace91aeebbf07be9110f9bb636b368083cea49e240605e10c03946f57ea8636f8f1ec8d899f677a3173cbff2e368b4fad5cec64086005a48c6a86b4f3d0ad989d5e741e23bca121380c214f95a7b7b62bc01a5f9b93b543eaa65b84e5d8ae8a61e2707bfef87644e7aa094600cc59bddd8636227964e612c44c76c56f825fa400c7eaacae64f9c451f9288cb624460ebbe57806cb679d58bca039556f1aa4b61016186259b47ca64daf3d9ae04dfc068964d59eae97d0992f9c35d5c187f6e302f88b380072d56535694d853b589ed9bbada1b78b2fa20e6b35220597b985426e02a8ffd63d8862b8a50474caa8b5fd83c56799fbd033ff573e873a8b3853265fab662aee51437a699047d0f6795ada207798ab8657f62a7c80c9711309aea7202a090b5eada3fbc5a71c6d0c5ec63977c8effa4a16a202821e3923cfe2196e83dc9c45050d4c444b36b795fadc463ae2926484830ef6a4eb802b2f8ac667228f0831c8344992e1cdacc805b67b8ece2b1d1aff2865f0096cad41573b255acbef2cf8fe67a36e7bb8c1752c087711ca1c5f2579ad92f73c39b21f26efd965550699c549c08c6c7146bb9f69808a8908f52e69fddf2c912c476d09db438af6444479fd257358297c1480eec8d03396107c31637e8a78923948325a1c29bea6c511f58350450dc3eff1cca217f3b216f1d697f1d234c2f5db4fd253c7ffcc59a6a7e04f69f30a84ce835ec387cf6b9410117205a65148f217f3f0074356f9bc1b6ee68f27c0946bd7227539373d4ddb7ad80d7a5514d751a7e9c501ee57b4b835d6b83eaedcd60450d421c49d0bd082963d01b684cdab37fb119a0ebe978b66e0f9844150438acd97c5d54b9e9ac146eae123a665de4a2aaef5521c1fe04ca277b0079aa48e9fd0318d38ac6f9dc664f818db90f16e6d57fae63f8668fca60faf18807d59264ec43f385b01b4ce978f911520f960dd75c04717924085322f14eafb75aa58e6457178c640a31a979d48d3ca7a9c668a696afdc89b564e5b2fd7a6e856de11d3744ce43260cf00407fbd62ba99fc5eb7e25680902b220132a8782717ef0a4b86a179337a8d6d4405ebc2d30b8d7efdf1d393a45ac924851fb64e9718acaa162926be27813185329bf5d367b9109e1a576292c70c447ac0e0b280398d810d40929d3a0a4cfe39cc970db23bfb3e522a8f00d55b8f6b6c5fd56ef6e231933c94d61125a19b597af527e2659768822fc7b839b53a188f566ea839687714fa2ef5137245f05611bf187eb6761a40aff1e4cb3092624fc65c6c51a724f8d4b52095feaab1a3219dd5814542e0f2318d1500681cf3afbf637a8c7b25ca0e9946f93daa70678df3ef9806f0c0ed30080664c2cee65eee2617a7ee3fe25927f0b3790419f8e523bf3db75eb56ce9e4061dc07ba4dab076a64187aee9b5c4c3fc8fd3ccdb24539d4c2f94a28bbba16d5581ecd97817cdb0a08458a0df0c20075cf8a2f2462b5fb835398204b8b5d6cac87c2b349ebb600669db4daef142cae56d4c60e3182b529493be5c7e8307b456c17f633213887889dca0b62998e0b45a2c4a98452503cf68ba52e32bbb797f185447499dedc82919a1929cc1fee40dd47df7a9f06c1410d7bf41b683ac73b440848f4f33dc651a2fb5580016dd26ec4cd27f5ececacf8166840463684cd43d620a9b49ee4136a5c33d305c6d0cac33da7672dd588b25b4b9850b02055dc210bb323fbcc777d52f6ce01fff8843a338ad37a2aaf362af17ec16c28735a4a4ea71f391b4d76171f3cb6335a6b404c51c02748366f6ca6909e8d1a80646466946d9e4f5e0a132ab7b7b3f9ca4c6d1a0a69cd2ffeac32ef9909401439ef04e17dffa81f96f3d5bb11918438b77ed24905ccf11a69e0ea8db9f926728eb9e1eaea5757f69ab28d56eabe2bfb5bf8f16fb3ecc45dbcae9e38cbbf30749f4cc155bc3bfd79b389a28c8a81a21ded802e1fa0097b4fe6d62b4abffaa4b26d528c7c24bb6e51c11f152fedb1d2c3a12a7463cbd31c181dfd1d1066f671dff2497148f62e77b24a9dddfa01b10c1e05438c743b67ef54720100f66e8311cb825845f7233ac6c964a8592305fcd48db69aa4eb64925a56134c039cdd5757eaf387e4ec9cd894d39977624051167a2733ed8dcd99dcf372437b3822315256938b6ebf6e5b74d8f8983df03be18c95c4c34717c0077e020ee239b21aa397f5ac793a587ced0aea347c2b9b97dd7b6bba931cee2a73fd0bdfafd792630d4d8460ada3d5a1e7462dce21242d9595235e3fec7c543e362a2054326765d290bf81244684b4ac868845e22a54301b14d6c776ffac3d8456310b88a9d8eb57870ed53b3d390b8c8c4d913e0230c1e24a2598598c5c66b82a7b90345ff3a2cb5837ecb88a895befa938ea124c3e35a49804c17d428bd87d8e98f321379ded19f08c563b51c0fa2465c0ac64ed51de8387089d3a97a24685d46b1941686a6a9a3181f0f0f5f162df2f6cda4e495112553ed9add8eb605a53b0690089c085235a56b957c05db7bbd0a3ba85a710278ea37e65255c595c3983ac02dc06ce20ef4c8779dc45e5182438cbbba2fdda5ab705107198f5a5fe748c06c18515e3b2558d159fe8932ded663cd19336262c26eeb2a0c380dfcbeeef26610f8e643d8ecabe34223edea451e3e8abd5797f5f46921d8a43b84c71b39ebe1654b7438f5c43c92454ea0065038dba83fe50a17b7e93fde80b468db9108211587e67fa1eedbe7bdb709726126e46511082712ae7ec498c8a843248b17cf90edc6e95a7c1ea770163c97960ca03e094b88c12a6aad929789b92aa43bb7fe09b2de110923a199b9e7e2bba0a8d241e6a4142bcda617e9a584c0344911b6a552db34c85f84c6661794cb0b89f215da95081281c4a279d7f240c63d85d04ea2cf638930ef8a9111dfc279030a8b49f535dbd72cc41af2844f5485c0693e08a0388ca2511b549def6945d685b8b7c8aea10659b951e8c45f2a6a390c61c80baba0019c5057aa165482004f7560c4e8b5c4b9b3a0826a22ecaac4bcae70126bb11eb67aee35bb8126035b47ff03286ca2f8bc90188336e2af32145900e7e1d532d01b88fdd00790ee2a14a6d6bf4308fb16a57864c891e4c83539f3aaf84a366ad7c7b30d6a4924dbfda4c0ba979cc652880962150bffbf1058bd72a40780c078736c6c414bb7f9630b08671cee87cc70b6ce8bf1f12c2fcfbe5c316844767f4dc49e6d1771bcd034af38f39bbce1b7659ff659d5fd137820bfa7d0d2efa2af9da38e9744a53e814b770b1629f2a1eff0e91b7e4f7fb498894a505c4cbc84afa2528c8d6b335ac19c37677394cfc84426933f4a5745b065b34346d0a4047ecd6dd9b7a652555a3afa04960fa5024d43c8b5eba9e6d16a13008c7852a53b068870e094d7840d647917a5225270fcd194af3dda609abbdb56f1771a74d749531fb57364d4e176ce5c4b709c02e233b6b8390ff95efb50a2668c08365ca4c37e220b51279e5ea8a17e90ab876dd1954d5864f5851f5af36eb246a491d05571b2c6a233fd44d65e01b3ebb2adfc22ba57b9ac20b3416669039139319bccdfe88f8ffd864eb50b93e008078d6565b3d97b6ad45eccb58fc5e081790d478c2816c4a1484366dfb4520bcae846ec4f66ef9fe0b8e93c4fb1bf42c118d53035ca65baafe9a3c73c7763214e42612d0bfcf58ec6965676a85b114b346711079bbca6766d9701c807a9dc1c168d580e526aa62a495275ec496b04cf223d4acad3957540e0032c3f1c8971728bf2d3058b6d30750bce5cb7b1ab9f0ff8b87c3ae2cbbf0571dd2bd02b7bef49cab0474da03d9f01f1c0cbcd2e26ca4b1d86b5b99874aa4f62684a9c59b69576f6e88c57abcd79ac23f6b514c810c8db9e19655825ede400fe772b606355068484b5a1ec80d38dee65cf6ec405d81d40a0f5f01baed4048f9a99b7a9a1216df9e1cb4dd8627c12e17aa6930ea37d9d88a83d4171106e0e0fe632ac11ca2fd8eabc8f1dce0223b4ed273951b58beba4012c23a5c99046f7b0086425457d9b69a8b5dc213c4d1442322b66b83fb93da392e0fcaea295506364dc8b34b39e2a07f18fe3a00493589e6dec0d8d6badf4cd543cd63538e1321d45c7ece11d30ee99861aa94860f4c6375541d92eaa7e8c4e09fbc6432f4237e1d0276e4aea22f4f6509c201fefcfb293f32c150c7637712c550d0e0717f1b4ac5c7fdb88621f73710535221cb55eaab1ee081843f4832b20a8878360ef0cd6c3f22d048b9c98d58531f3433bb7d922bf88a02c418c0b2f206d85fbd016c3ca369d93d93433b58c96699c2191f2fde29accc89a93069501c3d475f9f19a8d35ea44fccbde216d5c2f1c2943b4bf52a5ab6674dbb7cb6ccd8e8b316110ee1373d68b8f5b36969be9ed67eceec191ec4aaeb15c391776bbe69f0ae1f767ee0c2593d22fb1a56d4b5d2dabaa6e6204666ecbde392b57fa43541a996a8d2b2c2cba1d4fb62f746d1ff000884c83b2749fd0c1fe0eb11920cef0316aaeefd97e2b5a70e74", 0x1000}, {&(0x7f0000003ac0)="b11e1ad8c5c6", 0x6}, {&(0x7f0000003b00)="c37c6a8767dd4f33534403ac7bd27bbac7639019a3ded0410138d42e2650c598297dee5bef5b7c1cd1442a3428ffce05ad3fba1f13457607df49dacab5a88ec4c3d5bdfc089cc4d3827d57dfa6f7e2e8388282155dc0c7d07ea78eb2dcd49704452dc386e5fa6526a7fc7b3f041db3a77a821fd250336eccd3a78cacd0251ad57f6e21e4ba1e0a6422627cd258eabea9d46b699dd904c2b1073521340d35da1c191523c4afe2f3c6ea93a9e6ded0a7075f0ca394b13e2c89829d080d62fcfca6a2f170e78b2c048ead8d5c5e8fbef8262647ea200e54d222a1c3ec718884b2d4fe1a7448907e4f048b4012cabe24d42cb978", 0xf2}, {&(0x7f0000003c00)="3f696bc38a8e736c01c26827d8cac4e073569a8c5849e88fb1f88af9f9c9333ab31631", 0x23}, {&(0x7f0000003c40)="01e67c1cb043ad4151f17998b08ed67ca29179dfd9b9feda6c29002f8a066aa5d5c8af0e1b692393d8b1fded5ecbc0e9972ee89db242e0d733e1b63ef323e88719e1a5f3dd1278b5436625233fe344f75f934e54b24e0bf5c03e6b1c5d5eb750cd60d0739d529863a1578f7ca17ede2f05e2de15e842bf90f22d73e797bc7681b006146850d4ccf66c62f2c474a40e0d81f10ea117bf83ef6158f21d4c8f502c6c00fdff86300cd82d3ee2a87ca6bfe568ad7ca5d00546403da56e43da519f50f199dab42380dcae38dc8a0a9efb897603839766ea1266d269fbf9e70da362bee1b7d84398d6a48dd1379aab27d4b438adeaebe285c264fbc6de37470b6c6613f0cfaff75f77b6dd5ce8ba574b727d6904d4993fe75218a8a448384a98b0965a44ddb9c3dce6d9dfc57ebc0d1e8e1d1493d25f91c3c377988232b7af0c79a485b06763db602ead683f1030e99138269402ec5d5fba40a291582137672478b8721daf59e67d303d67e41cba88eea188eb78cc2fd521dc0db876e6cd975ceb59a8e5ae71a2d8bd00bb988ef1476a15145628a7e9fca0d256e2532c2ac2431b32c0e9568813e7458209d45bbd19c5480b8f3089b3a4790950df2861acae7b23326bb68dc752243e262afb5bafd3663dcd72a8dc5783888ee979883d9e3b12d31cbd84385db38000352b824cefc0d1a04d499cb15fe0a2a579393e0f63242dc5ddc19aaae7928476334c87f3e3c5f599c8c5a2aec7d51da661d6ebb0badcf90f5feef189876e3d01c6603822973cd6d8c3611968b2e57c54f37f0205e827d0a81c91819595c8b89c8e3b78f588513b65c28c15615feed45af7e0a3f22762bd6494287a7f080da36782f383d1bae7f5fbf45a04978f32a07c0aaa90e54b458f58465db328db4a3e4470e66973d42c631cd5f0d7ce4b23e5b995339d4ecce56a529c2d37cd9bc70e19889a48795069a68813925437aa3b62f23a434840771b777c98d8f001fd51f7126cf136b8dd4d2c5953374d94a3af94e4ce19576f434790dcbe7d78bc44a858548455dc7b0113df20e09dae92d9747304ef9783746a3b5022ccb9499ab0e511af7da77721b7e0caecab456f1750b797cab770f1f636be1794e9ba5e7d62ea56fa5599b276bb59d78286627189f07180a3d4305c3209a4e03997a418f2ab4bbc21e2c5b79cb00ffc85e0ca7b6d771a8a1d98541aaf3d94bea278b25bc459bf658a3854c85d4a72d53acd99fc13beef60bc10263bbb1b53988c553937bd5a6b18795bd0294cf26ad4ad6dda3013ba9e0eb6ddf2182122e0a507a285573ba9ac519222d444ce385e1d91e69f19942d5608b1aae0bc80e075e15efb3141ad1e286b9f591f5f03c965bcff6811a520d71e2d05cae2d804503939850138e6be377b6d95a067a749b6ae5ca433e62562b9e57baf37d882063d452f12e1caf337a6c1b9f60ec4f2418e2f835bb1fd43fd3f2aee618ea60824cf3204fd5761d2366974f5bef5b2cca1c99cfbe4069296b601eb783f74ded651b2cd2cf3400a9acf3d7171b6cf567c4bf3db452d82345578d24ef0365a21d41bc1ddd5d9477b7562fffb90bd6a1f48fd75322d86671b61239a7665c7612405833944823529bf228382fbf1271c4849d2f8f22c5bed6fa2eaa3d6c00cf85dd61174c312f03eee6fc6db733b9cf155e8a1735d456894b7e7b7297d064972c5c76b30f5c2b2b9611e22a2d0be8aa42db27668d670d6b8ffc8d1dfbea4764aea04ab4859bd035d1c39806b16639eeb3456ac31b3560e76d80731e11c3502c83db6732e2100f9d26ab4c029c8fe03498051d270e4ce42a435029d7308b3f4395604695c05ac1b34a2ff404e373d5b53c55ee672fc8b5735a5f675e6fe59c4d84d2210e85979b9627f4fda5e5940fd955059d86492ee0d90ee9d7444b075614d52cbe78743fd12e6ccce065ee3fe6dddd2428bfb8cca801eb692c51a97c6482e5c167ebc8cc61741c698c40df170ba61139ac0dc10c608979b4813f4029fc657797b5277d82bc30006614e365ff7a3d1b0fa86217148f3bbb95be6e06590d3f10b0526363100be1bf07c40768f083f9d3b2212de06308f4bb575dd11038cceb0e0e9cdc90062c610f0bd223cf838ff477337f6151c062add8e2ff31f79cc40900456788cd7bbf893ce13b0dd33ae57d70d0beed14cb2e799ecffe117317aa9e3050032475242c974e6e221c6dfa80d139959cecf1905142cdac2d65f7c3c083e2bcaae20ab828d901b632df15493f92b7f96d9be44feaca087e109c0d90877d51757971e93a4cfd884264335fea78325409459160a9faf1029c90d314d458c14e6f712beff8921e1f1edfb3a0f56bbfbfafde01bb771cdaad77c9aaf8630e49938644c8e09030613326a868466b96e1dd4c56e2ebd05aef7557e339d269552c4a6cbbc64f64a8f6e311c5be27123faf339097b5864b867d97d1317b6dc566963a2bf5b56613b5a4f6e38f7d8032aa916f9b3e1c0f65c4f35b3da61f9fd05315d1d84acb9280d44194d540b665b15be9679a6c9d6d23f4fb07a863d2ee47c211c9e793be494ff6b48b80ea2b2d5bb1fd7957c6908b729fac93db7c2df6a55f2f81744a2278d1c6231665a2decc31a273c94d7fb6276b9f866974c454a27575c36e2f3c5fabf3ed01755480bd1bedc52f726e9c77becd64905da229a4ce9f2e1da29a9f05fc226d3510f6a18456ea8985272cc690e4956bec6d767d3f993d42e081d0be53a9471d34cf9b2dbf3ef83c635f210c9de7c1794f5b1a7af36fac706c1e9bb4cb12bcfec7ac65cdc179b9473240731c6482e76694501f636f3a8b951570ab8c5081f7cf92d724120082797b77dfd639b6b1d6ad3f597822df978ca8222924c2abaebb95c55960111c1f0a0d7e158a4a51d021bc9fe75333470f72f06c99c9fdcfbd6905b402cbbfccc36231a5d3fb0584214234a21bd9520a53ea36cffc063456a6a7e39eb8760f4bb186a9d652f0e59bf2eb7faf160597aa7b903ab2b920d64d21d6f4dc77a472a78f97f2e6941d1c511ada6d7bc17375f3c4c67c057f8583119bdb64b30e7fce879f5f7067a33f8790964d753ae14e5ca948176e6c41c21ec1590d7e7da2a0558288d8cffae9ff6c92a3841125b2e0272b5fb6758dd8c892f5d834cef191cf4ddadde7eed475643d25651dadf1644d48d295d28a8591b19efc5d150575a32fd30464964b44c54ead37d79ec26d1a90cf1a7390c30efe24af2a46f237d06601e0694b3e7e756e7007be8bf99b1b2d4ca9e375643647dac14099b68918afa1bd016a694f22240d317f840b43e6ad8534472d9239f87bc1c9a07b97d6e72b959b46e24d0e8ba66b2a2243bc6bab3ecc6e859f1c149c7bbeadbc781cd72d147456cc0d5bc779a24d25ce437126d1fc84db7760ff51a9bcce37db5591119ef90cbb9e934f86b3e56d36161e942b87f88e8aadb52cee7ef1dbed51f0626c708b90941d28daea9b37a9b178363ce893d7e266f4f807fe9c3e2a164f18969095867a339d431914d5e7fc753041c34cd51ca3bb641c79fbf5817f046a2957d242cef805c19fcd2f57a1b268527391c90162fc206f7c41a786cd2583a2468ee4d391f838500e12aff412200ab286ebb04192ead0f55015cb9a9d11234b2a6b7ab14770fb0e23accca686caf725c3812d1d78cf152c3be5fe6492cf8992017bdad6bdd19744c9970da1d8420b806242350640a3b87aee7ee520b4cb3dd5c0ff523104aeed7a94a91982a1f5f8ff9ca9d9671467b7adcb704c34136c4ae58bbc86dad4c834a84ac330f78db7d3bbfca7d5c3aac25eb5f28d7656affba19cbcb677ca306e8dc65f3bd6c4d1f2c18954ebe20b8691383e88b9159d5468800eaa1d21c50b7c651e848ffad5304b366769f3040c6709f0275209852a556d8f96dc2d27ffe39c6242f36bea6398b0f6950066cd0d240d54bf09a73b8b9963d139ab810036a40341b2f84511a260cc921655ca901a86721f63afb4882ddceac2f08acbbab1d36238bbd337f4901ff14e58b038097c1584b9cda3f62752383859f382d886a2c0a8922980d2314329d17cb179a04e37f15e90b1b85a6a0caffce125d7648a156c528421b61ced6a9f34c2ec51ba9a6d5e4158d0e008df616d734692b615b27918d17912071a92703154ebdef0cf932450090f523a74cbacb957584f53d39ef159461930f2f1191cc1da1de5592861a6969ef42ce273d842738faf39962c18f67fed5d459a5032b7ea7a36c37fc0ef2e49e6e3c60dd629b79368269c087b81fd0912a89376e8bd7a879b839e2b07a5108e6e3a277fe1eadc3f8612f7077cd758adc82a7d99f43263355aec17669414e8291b0839bae6d14fcc870bbabce6502684ba0f627cc49a702a421b14b3d7a0d7559ec65525df2d760f146b67a0828ac8642b56499ac35dd914a09add855be9f99ee1181e6b38590e68ad73b3405e73d02039be9ed4585e8c3caaaf781197a62cf04d47e43781b78a7bb27fed57dc7be1ee495f7c7dbcbf562c54a90a13d3233b383dfda4f8057f254fbae6ed5acba650f5f75dd8f9381693fec4d7ca9198e9efa501c0f7bfe821cde7ffafdee4bb596655841988c5fbf68a487c7f3be37f932d5e278b28b5e6844624355fb27ff69bb3e68e8f2e993ecdb76f77242343de3f3ccf67c89b10fd3f5d662928305492d1e58f1c34996346a6cccef10f77d2e9785df9e5f6b336af9196dbb5698624985920549e299cb9a5bc019b02ee65adb0f2b73084e1616c01eeffeda9d8f731dbc78463b7d1c9b10032c636f5b97bce6d9fbed5b8ea6ff0c65ef73ce5da365e95928dfce09400537cdac9cb0ac3d98de078fa524f9d5e535c862b66ffab3a43cc49898f38f91b1c3c11c77bba0b202561489166a8170372a50ef79e76582be2aa85f3d3da578e773948a906bc7c508d990397af96a906235344b680efeaaf2f1bae5632393387149d42b102aaec01997f28a7a7ae550991a56d63fd8f0f355195e8bc0ed73992435856c59b00045072032aebccf5d0c9a354eb870ec7c687f6d2cf8872d8a8cb9c3a0a0127841e8158b64978847339170d3b892a4c7e3aa593ebdff84b572b910369678c010278e94703c6a30748643762e36d5f79b1aee6d13fae0bd9d918684a197c768b6147f3fee6fc45e29ddf41bbabec724c59ecc0e8a5c64d76f03674543339844218fd40da637dbb99051a5ee734cca740c6b580bfee16fdb451a21a12fddcb06d70300f01e4939f18558e1eea49b210ebe721bbb2a039bcbcccf1a1d6c07e13983953dd87cc9414e4fbe8c2c6d037b1568a7fccbef17923d15e357d6e71ef71612057fc36d538ae937a1d6b08cc17ce73729833de156106f1072ad2b6410b89c89699231874d120ea0c7c3197b27da67081ed5f2c285420d31aceda01b9e8da4bd6825810e0b2749a33d058a3cdf7f1f0d762f33ca21c9efc9e0c0f1303b5d196cbba1e1537193e1fd68fe17797bf9bc160b4f8efd2c7ad219676fd6630aaccd6add4e2c5106c6d63927439558976e2afb3a19c96c0cc7b62173742886268bb634bc1bfaa6103b0237da36d23f5ca0549bb9f21e93393c259c291d404a34657ba2f2c6331a2a54782a5c31e1c01edba5a4679464ad9690756fa1f4f2f2d0ff906a552e029425f0f65972cf27825b7bb09727fa2731a5a90f588fc4c4fa199f2bc2a53fdad27fbcb736ebc98d9f4ad46710c6aabc8806ec7d79c9529a71a8393888ea2bda526a6c7bf180aad87c538aa0010c27bcd9e78b50b418", 0x1000}], 0x6, &(0x7f0000004cc0)=[@ip_ttl], 0x20}}, {{&(0x7f0000004d00), 0x10, &(0x7f0000005280)=[{&(0x7f0000004d40)="90c725559c44d51979db47067b360a5f10bb40de318055968c339de5d5a9bc5b136fc0ace94a302501a5241b7a9949d25dbc594a8ef460c6e00635f8aae66be350a42d03950ee9b3e347e118ca539ade165ab8a594f175f0eb6d69b71db07b294e635afd69b1abdfa04c76202c01959160da2efae7f109b0e1d378878792b924a683d371f5ba5363bdaeb1b9f4c42f3663b95ef8fc5ffac1b7125b1ba09d406b34a15e0d5f3961fd7e3710c58dab971ab03ebb425b02d2588cf96a6b51ac8856b6c805c2f771d65bb8f73592b7", 0xcd}, {&(0x7f0000004e40)="a556dded36394a0c9d16e05d8d0d353fe5a3851b35da0f40441c392a1b1fed2b9a16c715391620d099f741cc7d1aa0222cc96ac6dda7ecb48b3a11db4e27d3520a711d36c5acb78244deeb00a2059f9c91980953edd14819b0085a774dddc8924dd5f503b91af61dc51c43b1c038026e546bc78093323166501ce5b518b85d9a171bc6f7f35eeeaaa513833f32360e3cc06acb4b879159730764e9627333bccbb74b8f", 0xa3}, {&(0x7f0000004f00)="181bb6035623ed96dee3bdb1e0f5d021184c453a6be7b282ccd3ed13909b28172dc78c43d43d7028814b3009c99afb333a3093f66ffb6f3b57328ac7da9b32fb637f3dc96c7540309e5d4dca6810ba865e04394c174611f5131dba635f95386713ca4eaac73422214dd9a53a7bcde490ab19331f725b0e24342f6616482e2a8d69d3", 0x82}, {&(0x7f0000004fc0)="d856ddc42d056d9684cd6f01e95d394115348de04bdeb4cf564456703f4efde34a13d711ff2c5cdb8ab1b62d615bc13276a1a412c659", 0x36}, {&(0x7f0000005000)="a4a1eaf7505f0e12be7cabef42d0d1f63f32dd05409a844b4d62a05d85905f37cb710de0b5af84d55fe785ed623d71623cc8776885ec1afe753c961ff80048fcccdd27e5a6a44abe0c308ecf3a78f8781f00a819c0db1fd1bc36683c9f16fc6fe931e7f9527b3316cd1d661d781b1725a911ca110f6e5c9f900a0798a5e8af5d8b7124259efcae8caceb65a595e4c4434cdedb04", 0x94}, {&(0x7f00000050c0)="9876d6c2fe387bc54f01c43640d7b2d49fd8cb1ab9a18ed5ffff8bcad078ff63bbf85257b0920432782dde516209000000f84e8f69d1c523a7688c8be80b1504c384edf8756bc1aff2869fc78ee2c8a492c1bde49714e3ff010000000000008f9a42bd7ab6560a4a12c3fbc2ca783b1ebf84d6e3f76ade86b56eb3e22f148a892a32aba8450509e50a0c600277fc82670165ee84cd27ef573cdeb825991bc78ad3fd3339905e7f74360ff44bbc4671edbd0315d928b7015436cd14f7d8ee011c979bd4c3dca5307bb193151d6e36048ddf09bea5bca8679790a11b98371638304bce2bb87e383e120a", 0xe9}, {&(0x7f00000051c0)="6f2492ad8ed69f47c802703436eee5e42b8a875f22bf69b61cf125ba94c665fa920722d7d72e55ba80b0187096711a107c7a42998621a59e07cd3129fe6c7d5357134d3cd3e47a9d88ba5b9e2eac680fe4599b8aaa4f50801930ab6056a3cc0bc8b1778a44f4224b4640d4d26a78e5a301dbfa0eb587d5da9ffb7479af2fdbe400d4fdb7b2bc8f9720f1d2d72ea26e15f6eaeb972ce3b806490db30db043d886e66e4b63e008f7d9aeb29c8db27a0e4a60b03d979b8f45396282f746", 0xbc}], 0x7, &(0x7f0000005300)=[@ip_ttl={{0x14}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @private}}}, @ip_ttl={{0x14}}, @ip_ttl={{0x14}}, @ip_pktinfo={{0xfffffdb4, 0x0, 0x8, {0x0, @rand_addr, @empty}}}, @ip_retopts={{0x64, 0x0, 0x7, {[@generic={0x0, 0xd, "903254181bbba9a14fd2fb"}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@dev}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@dev}, {}, {@private}, {@remote}, {}, {@multicast2}]}]}}}], 0xf0}}], 0x6, 0x0) 09:57:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:14 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:14 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:14 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff080d0000000200001f0100000019010ac9130001000180000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) 09:57:14 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:14 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}, 0x100}], 0x1, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x8983, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x4000085) prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000140)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x807a}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 09:57:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) dup3(r0, r1, 0x0) 09:57:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:14 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:14 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 609.131294][T20072] fuse: Bad value for 'fd' 09:57:14 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:14 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:14 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 609.411478][T20091] binder: BINDER_SET_CONTEXT_MGR already set [ 609.417488][T20091] binder: 20089:20091 ioctl 40046207 0 returned -16 09:57:14 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:15 executing program 0: mknod(&(0x7f0000000200)='./bus\x00', 0x1000, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x129402, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x42602, 0x0) splice(r0, 0x0, r1, 0x0, 0x1001, 0x0) r2 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) r3 = dup2(r2, r1) write$FUSE_IOCTL(r3, &(0x7f0000000000)={0x1b}, 0x20) 09:57:15 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 609.888987][T20120] fuse: Bad value for 'fd' 09:57:15 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x4}], 0x1, 0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:15 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:15 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:15 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:15 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:15 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:15 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2}, 0x0) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x1000000c8) fcntl$setpipe(r2, 0x407, 0x0) socket$netlink(0x10, 0x3, 0x0) write(r2, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) sched_setattr(0x0, &(0x7f0000000400)={0x38}, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ba}, &(0x7f0000000080)={0x0, r4+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 09:57:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:15 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:15 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:15 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:15 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:16 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:16 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 09:57:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:16 executing program 0: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000d80)=[{{&(0x7f0000000300)=@l2tp={0x2, 0x0, @private}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000380)=""/161, 0xa1}, {&(0x7f0000000580)=""/242, 0xf2}], 0x2}, 0x2}, {{&(0x7f0000000680)=@xdp, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000700)=""/153, 0x99}, {&(0x7f00000007c0)=""/187, 0xbb}, {&(0x7f0000000440)=""/68, 0x44}], 0x3, &(0x7f0000000900)=""/8, 0x8}, 0x3f}, {{&(0x7f0000000940)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000c80)=[{&(0x7f00000009c0)=""/222, 0xde}, {&(0x7f0000000ac0)=""/40, 0x28}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000000b00)=""/83, 0x53}, {&(0x7f0000000f00)=""/156, 0x9c}], 0x5, &(0x7f0000000bc0)=""/131, 0x83}, 0x1}], 0x3, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r4, r5, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:57:16 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:16 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:16 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:16 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 611.452104][ T27] audit: type=1804 audit(1589882236.792:173): pid=20226 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir916120310/syzkaller.zZ82Gp/326/file0/bus" dev="loop0" ino=40 res=1 09:57:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 611.510919][ T27] audit: type=1804 audit(1589882236.852:174): pid=20232 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir916120310/syzkaller.zZ82Gp/326/file0/bus" dev="loop0" ino=40 res=1 09:57:17 executing program 4: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r3, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:17 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 09:57:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "eaffffff090000000000000000000000000053"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xfffd) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) dup3(r4, r1, 0x0) 09:57:17 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:17 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 612.221356][T12872] attempt to access beyond end of device [ 612.227158][T12872] loop0: rw=1, want=2565, limit=63 [ 612.311037][T12872] attempt to access beyond end of device [ 612.316813][T12872] loop0: rw=1, want=4613, limit=63 [ 612.334963][T12872] attempt to access beyond end of device 09:57:17 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 612.365694][T12872] loop0: rw=1, want=6661, limit=63 [ 612.390135][T12872] attempt to access beyond end of device [ 612.419305][T12872] loop0: rw=1, want=7261, limit=63 09:57:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:17 executing program 4: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r4, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:18 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 09:57:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:18 executing program 4: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:18 executing program 4: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:18 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "eaffffff090000000000000000000000000053"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xfffd) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) dup3(r4, r1, 0x0) 09:57:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:18 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:18 executing program 4: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:19 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:19 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:19 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:19 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:19 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 613.913503][T20346] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 09:57:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000d80)=[{{&(0x7f0000000300)=@l2tp={0x2, 0x0, @private}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000380)=""/161, 0xa1}, {&(0x7f0000000fc0)=""/252, 0xfc}, {&(0x7f0000000580)=""/242, 0xf2}], 0x3}, 0x2}, {{&(0x7f0000000680)=@xdp, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000700)=""/153, 0x99}, {&(0x7f00000007c0)=""/187, 0xbb}, {&(0x7f0000000440)=""/68, 0x44}], 0x3, &(0x7f0000000900)=""/8, 0x8}, 0x3f}, {{&(0x7f0000000940)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000c80)=[{&(0x7f00000009c0)=""/222, 0xde}, {&(0x7f0000000ac0)=""/40, 0x28}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000000b00)=""/83, 0x53}, {&(0x7f0000000f00)=""/156, 0x9c}], 0x5, &(0x7f0000000bc0)=""/131, 0x83}, 0x1}, {{&(0x7f0000000e80)=@alg, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000d00)=""/34, 0x22}], 0x1, &(0x7f0000002880)=""/4096, 0x1000}, 0x2}], 0x4, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:57:19 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:19 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 614.413742][ T27] audit: type=1804 audit(1589882239.752:175): pid=20387 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir916120310/syzkaller.zZ82Gp/329/file0/bus" dev="loop0" ino=41 res=1 [ 614.521075][T20375] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 614.649314][ T27] audit: type=1804 audit(1589882239.802:176): pid=20391 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir916120310/syzkaller.zZ82Gp/329/file0/bus" dev="loop0" ino=41 res=1 09:57:20 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:20 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:20 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:20 executing program 0: r0 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r2, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x1f4, 0x0, 0x0) 09:57:20 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 615.189084][T12872] attempt to access beyond end of device [ 615.194785][T12872] loop0: rw=1, want=3137, limit=63 [ 615.252218][T12872] attempt to access beyond end of device [ 615.267050][T12872] loop0: rw=1, want=5185, limit=63 09:57:20 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 615.339335][T12872] attempt to access beyond end of device [ 615.344991][T12872] loop0: rw=1, want=7233, limit=63 09:57:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 615.422201][T12872] attempt to access beyond end of device [ 615.436976][T12872] loop0: rw=1, want=9281, limit=63 [ 615.470981][T12872] attempt to access beyond end of device [ 615.476633][T12872] loop0: rw=1, want=11329, limit=63 09:57:20 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 615.531496][T12872] attempt to access beyond end of device [ 615.558981][T12872] loop0: rw=1, want=13377, limit=63 [ 615.601468][T12872] attempt to access beyond end of device [ 615.650172][T12872] loop0: rw=1, want=16889, limit=63 09:57:21 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 615.684850][T12872] attempt to access beyond end of device [ 615.717021][T12872] loop0: rw=1, want=20985, limit=63 09:57:21 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 615.810015][T12872] attempt to access beyond end of device [ 615.815691][T12872] loop0: rw=1, want=25081, limit=63 09:57:21 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 615.864895][T12872] attempt to access beyond end of device 09:57:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 615.927057][T12872] loop0: rw=1, want=25953, limit=63 09:57:21 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) close(r0) 09:57:21 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='syz_tun\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$unix(0x1, 0x3, 0x0) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) listen(r0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x1, 0x4) bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4c22}, 0x1c) listen(r4, 0x0) 09:57:21 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:22 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:22 executing program 1: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x80, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:22 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000005400)=[{{&(0x7f00000001c0)={0x2, 0x4e23, @local}, 0x10, 0x0}}, {{&(0x7f0000001440)={0x2, 0x4e23, @local}, 0x10, 0x0, 0x0, &(0x7f0000001600)=[@ip_retopts={{0x10}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xffffff81}}], 0x28}}], 0x2, 0x0) 09:57:22 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) fadvise64(r0, 0x0, 0x0, 0x3) 09:57:22 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:22 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:22 executing program 1: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x80, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) [ 617.124814][T20510] binder_alloc: 20505: binder_alloc_buf, no vma 09:57:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:22 executing program 0: r0 = socket$inet(0x2, 0x2, 0x2000000088) bind(r0, &(0x7f0000000180)=@in={0x2, 0x4e20, @remote}, 0x80) setsockopt$inet_udp_int(r0, 0x11, 0xa, &(0x7f0000000000)=0x1, 0x4) sendto$inet(r0, &(0x7f0000000200)='X', 0x1, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) 09:57:22 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:22 executing program 1: fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x80, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:22 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:22 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:22 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:23 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:23 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:23 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:23 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x2800) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:23 executing program 1: socketpair$unix(0x1, 0x2, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x80, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 618.131606][T20548] binder_alloc: 20542: binder_alloc_buf, no vma 09:57:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000d80)=[{{&(0x7f0000000300)=@l2tp={0x2, 0x0, @private}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000380)=""/161, 0xa1}, {&(0x7f0000000fc0)=""/252, 0xfc}, {&(0x7f0000000580)=""/242, 0xf2}], 0x3}, 0x2}, {{&(0x7f0000000680)=@xdp, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000700)=""/153, 0x99}, {&(0x7f00000007c0)=""/187, 0xbb}, {&(0x7f0000000440)=""/68, 0x44}], 0x3, &(0x7f0000000900)=""/8, 0x8}, 0x3f}, {{&(0x7f0000000940)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000c80)=[{&(0x7f00000009c0)=""/222, 0xde}, {&(0x7f0000000ac0)=""/40, 0x28}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000000b00)=""/83, 0x53}, {&(0x7f0000000f00)=""/156, 0x9c}], 0x5, &(0x7f0000000bc0)=""/131, 0x83}, 0x1}, {{&(0x7f0000000e80)=@alg, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000d00)=""/34, 0x22}], 0x1, &(0x7f0000002880)=""/4096, 0x1000}, 0x2}], 0x4, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x5, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000000200)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x80, 0x0) sendfile(r5, r6, 0x0, 0x8400fffffffa) creat(&(0x7f0000000100)='./bus\x00', 0xa0) 09:57:25 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) 09:57:25 executing program 1: socketpair$unix(0x1, 0x2, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x80, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:57:25 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x6, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x1, 0x0, &(0x7f0000000140)="0e"}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0xd, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440000000000063404001"], 0x0, 0x0, 0x0}) 09:57:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)=ANY=[@ANYBLOB="c3e3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000000)="0f22270fc76ca7baa00066ed66b91e0100000f320f20d8b135200000000f20d80f22d8f30fbcf80f3581d90c0066f2ba5f57160fc77c01", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000140)={0x0, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @xdp, @ipx={0x4, 0x0, 0x0, "a87620abc9c6"}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 620.522741][T20581] binder_alloc: 20569: binder_alloc_buf, no vma 09:57:25 executing program 1: socketpair$unix(0x1, 0x2, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x8) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x80, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) 09:57:26 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8090, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r5, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r5, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0xffffffffffffffff, 0x0, 0x0) [ 620.693901][ T27] audit: type=1804 audit(1589882246.033:177): pid=20587 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir916120310/syzkaller.zZ82Gp/336/file0/bus" dev="loop0" ino=42 res=1 [ 620.765569][T20587] ================================================================== [ 620.773711][T20587] BUG: KCSAN: data-race in __do_page_cache_readahead / truncate_setsize [ 620.782024][T20587] [ 620.784368][T20587] write to 0xffff888120ffe4c0 of 8 bytes by task 20593 on cpu 0: [ 620.792120][T20587] truncate_setsize+0x34/0x80 [ 620.796800][T20587] fat_setattr+0x7c5/0x810 [ 620.801232][T20587] notify_change+0x82b/0xad0 [ 620.805827][T20587] do_truncate+0xf9/0x180 [ 620.810158][T20587] path_openat+0x1e51/0x23d0 [ 620.814752][T20587] do_filp_open+0x11e/0x1b0 [ 620.819258][T20587] do_sys_openat2+0x52e/0x680 [ 620.824917][T20587] do_sys_open+0xa2/0x110 [ 620.829256][T20587] __x64_sys_creat+0x42/0x60 [ 620.833854][T20587] do_syscall_64+0xc7/0x3b0 [ 620.838365][T20587] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 620.844243][T20587] [ 620.846574][T20587] read to 0xffff888120ffe4c0 of 8 bytes by task 20587 on cpu 1: [ 620.854207][T20587] __do_page_cache_readahead+0x80/0x380 [ 620.859755][T20587] ondemand_readahead+0x369/0x730 [ 620.864798][T20587] page_cache_sync_readahead+0x1b0/0x1e0 [ 620.870435][T20587] generic_file_read_iter+0xf24/0x18c0 [ 620.875903][T20587] generic_file_splice_read+0x2df/0x470 [ 620.881493][T20587] do_splice_to+0xc7/0x100 [ 620.885920][T20587] splice_direct_to_actor+0x1b9/0x540 [ 620.891294][T20587] do_splice_direct+0x152/0x1d0 [ 620.896149][T20587] do_sendfile+0x380/0x800 [ 620.900565][T20587] __x64_sys_sendfile64+0x121/0x140 [ 620.905762][T20587] do_syscall_64+0xc7/0x3b0 [ 620.910265][T20587] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 620.916145][T20587] [ 620.918474][T20587] Reported by Kernel Concurrency Sanitizer on: [ 620.924631][T20587] CPU: 1 PID: 20587 Comm: syz-executor.0 Not tainted 5.7.0-rc1-syzkaller #0 [ 620.933292][T20587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.944467][T20587] ================================================================== [ 620.952528][T20587] Kernel panic - not syncing: panic_on_warn set ... [ 620.959121][T20587] CPU: 1 PID: 20587 Comm: syz-executor.0 Not tainted 5.7.0-rc1-syzkaller #0 [ 620.967779][T20587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.977828][T20587] Call Trace: [ 620.981140][T20587] dump_stack+0x11d/0x187 [ 620.985563][T20587] panic+0x210/0x640 [ 620.989464][T20587] ? vprintk_func+0x89/0x13a [ 620.994057][T20587] kcsan_report.cold+0xc/0x1a [ 620.998745][T20587] kcsan_setup_watchpoint+0x3fb/0x440 [ 621.004125][T20587] __do_page_cache_readahead+0x80/0x380 [ 621.009693][T20587] ? xas_descend+0xab/0x110 [ 621.014202][T20587] ? __rcu_read_unlock+0x77/0x390 [ 621.019233][T20587] ondemand_readahead+0x369/0x730 [ 621.024277][T20587] page_cache_sync_readahead+0x1b0/0x1e0 [ 621.029911][T20587] generic_file_read_iter+0xf24/0x18c0 [ 621.035389][T20587] generic_file_splice_read+0x2df/0x470 [ 621.040940][T20587] ? add_to_pipe+0x1b0/0x1b0 [ 621.045533][T20587] do_splice_to+0xc7/0x100 [ 621.049957][T20587] splice_direct_to_actor+0x1b9/0x540 [ 621.055340][T20587] ? generic_pipe_buf_nosteal+0x20/0x20 [ 621.060901][T20587] do_splice_direct+0x152/0x1d0 [ 621.065758][T20587] do_sendfile+0x380/0x800 [ 621.070185][T20587] __x64_sys_sendfile64+0x121/0x140 [ 621.075401][T20587] do_syscall_64+0xc7/0x3b0 [ 621.079912][T20587] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 621.085798][T20587] RIP: 0033:0x45ca29 [ 621.089698][T20587] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 621.110255][T20587] RSP: 002b:00007f4626636c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 621.118665][T20587] RAX: ffffffffffffffda RBX: 00000000004fc540 RCX: 000000000045ca29 [ 621.126637][T20587] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 621.134716][T20587] RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000 [ 621.142693][T20587] R10: 00008400fffffffa R11: 0000000000000246 R12: 00000000ffffffff [ 621.150660][T20587] R13: 00000000000008dc R14: 00000000004cba16 R15: 00007f46266376d4 [ 621.160028][T20587] Kernel Offset: disabled [ 621.168849][T20587] Rebooting in 86400 seconds..