dce8f3f391e741ea5e95b3b9847366bf8196fc8500a263601257d86ad58bf7c82e120688d48746eb7c5f9b858375bc794a6271b4fcd5da734e329c420e6bb92a8ff61c2269732ab8d31d1403182d12726ba7439461801d59dac438724ec56c3253a207f9fc611c2285751a443004b5e6b6d7b2d53a091beec3b3d0199a5d6c924301b9cf0058bf446cca713c1680e0737a1d32d433abb9aa379149d1fabe4af6a18c03c7ee898ceb748b291ae5e2ef96bb1b61acac7584ce0b64a202f8fc19ffd89f79d0d766eaf0b2e0e3ec6bcbc209441fe356027680712fa40a685b0e21fa7998bbf12dc2ead48f13d708958491281806c198be9f5212e2ca02bbc814dd344ac8894fbe002defc79ee2e80e1ca2af9525d0a8dc133d97eeb3f23d6d1ee8361129e4055997dc43d2e46de7a1b7668f2c670566204f7e06cfba8768e29e8b08203f335c916afa8bbcd8e32e88c35a5f34b1cff4920a560d74e3790420cfcd3805c29bf336f82c4e925df5b00fb4ef91b0e402c7cc4e7b7d6803728d7c454ee37b4bd045ad6304ef198bd90722475ded25bae2c4faa7224f31abfe0763980aaf3bcc56ae2e5b64371a5a89cf2c547708fc0ed10e0b5610c97c723124362fbb4f25c8ffcec1c9077c1beaa6638917c1dee5ddc37c7588851184b5f2c325dad9d151deb45af83cbbdad1d7df8417e4d3da61c0c2ffa6bc7b1c33e701212b8d570708b29cb0de5fbf6a9cae9568d8815d39c6e69ce5279bf1de5e56a5231a5db0cabbcec6505f739700b20c4eb100da4bdcbccbed61578028e23152e49e4f65fb96622a1063bca528fccb51e0e705c3316e27c788c9a231d1741921dad602f1d6364727a560dbd4f4b5a3279dfd77878f4fce01489b9599593fa56ac8cb3b077d1ea3b76dd64e1239f7dc0488f60239be9846ec00cd1b87d75321b5cee772db72ece442dd4c38255ff56d46ae1635760a75567f60b72f4cb53ffb52ccd8949887caaa0407ce702879953e96b76229ec157127d79d3ad8dcb7ca30eb0340c1f5aa05e09eadc4d435cdf1dcf5f20943054d53ef84b2e806b2e6f36b1aa8da4361db75676487b18832a8efa75d01e6031b231322695e4825632dcace3fb08e64f18035d83fb6744c118ca3bf424210eedc67f4ea9f25c8c6e0e4c7a5bc74aac021d4c57477bd1b234254b8f5095b7a23e08e149c23c2cf030eb70bc7cd0ca9fbe2f87c36b01647cad0219813fb0ae8f2a5a06c5b17d08174196ce36996650b1c60bea078b307a23371dc2b2313516a82a296a985a91d8d26cd1908b2636c6a948e41dfd7794891381512942c04e457abcc3aa69db33770568e32d4d9e64acee602ae0f38f17296b05b9a479df103dc8d842937afaccbd31ceba5e199b02433a877cf91bcf71d4b9eddccd15609f226871ee3d0c0c363a76bf785ff9cdafd55a14eb5891f4532e1446ae9014df5ead42eba69d7833973930799fb2562d9823816be6a48db223820122de048b574a239a626d066139cbb2cfcd1231059b20567ebc7aeb9d29ff91e0482bab69e85418b8e94fc3585367763d89e5e889ff72a87077be896c739d3a12ec27854b95d35e52a581cbe62d3953ee3bbae7fefb91e2546a3705c3b22682ff50b191eefb74765e5683c7b6c65155e225b540e7e08b2a0d07e38f9d4960cda334fcae45a924b712ec6fc69a76042ebc3098a2cb506dbe648820382cd421412444b44d6fb76e4c15675517c11818d0830099a40b265bd3ee30aa2cdee1d831ae655e381e521a7276d6710167dbdc538d27530ee8625f06501f90bc7139d0f9bcccbedf2454af132cbacc30b0880fd622df9a9e5541ace7f6db58514db8b07e3bb802f3abb193cab242b309220795c10fdcaf81033b9b4632e512bb105c0609061c9c2ff064bbb496d391b9d3d858800d0eb7526d0475f84ed6a09639a0de80096808e05e5a1de2ea22b8e0a002682f9055b8c46946aeb9ad7aa8ef4fe1847e14f6f5e6dc131ca0c01ad985bfb61ea2e10d9d3bfda64610787ba2db0f2298039a076144a17da82d5815e93d51c97650fe8eb5a91b2673b465427423319bea80cbbe4a29e27bfeece8ce8ee5f9a9dc4882bb02eae6c608200221416c9301923c07a0d35be5303d03fe179b428760cabaae8005e95e5528c3bb5af46e78fc64efd4ee5095cf36b7c9c323ca0a87a4a0e662aff9fc6d98f19d73479bcfcfd7b17aebdc74046d757f65c0396ec35c1a75f23cf6062c8ebe04de422f4bced8a3ec4fbedca9b4f1926df3c821121eb746868cc87e7c85fd903a15d9723c23be37066cc6bbaecc31cbb1c8d3e57418d9c0da0f09991a5f1df67daf4ed0d746a2d39469427e5a441bb37a392c0a811a291ba4543b2737fb71fc699b5d4b0666afbf47fefb1ca8f72441bf0f09b83f0b2e76a8d58d8fffeb3414261895069f55a0fef3994d1614014efe74c659f70e5a506affc8bc86964915745e43471fc442a8102cdb99445cf1e65b4c567695e8f832f4578451cce1bb4c606a4a0be1a7388bf83e6def9b2e4b82730c4bb02b218ee48d2b11206d812bf62ce51c41e35be6eeb8f5c52b16ed69b3dbd51704d86f6ce7d8a8348b75808f2ac9496d967a664da5244c24579b2e248ea9207ba4b320a3aaa4f7797701db822740a8be0368dd934898403349874d90daaca356d0a5a2ecabbe0d293c515a040ddeb3a8a42c46b1d18a4f15b71c8cc610b1b13ff201d9f95e38a49435f1ff5d8fb709bd2e3eb591662f24aa60d75728603db0f07eeef4ea4ef83f550db26f160baa4a0dd5aa5e78abfcf6a23d96605e455207003b5df74f58091e93eef5ea8d47edb8223102e65e4be4d914cfa26d725c32252e6e209573f8b6c31dd936704a982c7bb4d22960f82adb07f19bc3019338e48dc26fe51ef8f1f2493cec954449620637718e245e532acf1df6cf6a877397f519cdead0d95580cb0188803e01c42fbbfbe7385645027e7a04bfe55ed175cf67dd477531bcfdbe7fdeeaa45d748c89b77cebd69921a9a00f94cc57d7a7aac8df0a6be1cd636547e97ea2d34373bb39dc4a26ae7c6572b46d38e905b065c7798d4473e212ff92cc577c7c0bcd391b84158ff35f3dc0b29d4a885370dfb6e0ffedaac1de405d7cd7ecabfd28dd6d54c89a439a62ab12b31155650600ac8ea0d1cd731df359c33849860c004b57f58e44c30145d112a4aa22ec726102393a0630b226d42cc21d0f69e039144bf7adef7ec5dd72797497453340b5be2a823da48c572b857d01249f7ed3a095718bbe45b75efd22c90f3abff7f58b865300968337e6dc81789c8eaece1a87ca7d65a3ace7f64860edaf237165ada6aaccdd2fe82f7c12727d214e7806d5fe668cd71a1de629b1d9291c6a48e5fcddce85d2a9070f85f33d16f8280636db20b539e8f3adc7adfb5c5f4db4421e3dbea9b9b0ad27871ee34eff1de95d5b6ca1b46e964f9080c2eadaee4850a4c7187bd41739e1c7c4b49134a68fe17b5794b3ff655c61de31a8abbe3aabd3a615281ff574767e47f17bf114301597ce612e7ea1575ab09c7f8566174a3a0ba4c2889bb31cd82e163ff5f2f357bb0bf2e2c780b8530196b9bd3a7f4512e253733e9e8aa9fba3100e1d3fc65c617e6ee64d6295b3709998394ec655013fdb89c09c7575ee2bd1d9f3a7be6f3880c05e92c906897a8c4d9dee70f0091d845eeaca93a73f477ceae80fdf1d24b68183232c2838cb7fd14d17c814ab20e49bee2979430ec78a299e6a52f273ec21ce38156c4b3f39ca53ca2c0b1d3", 0x1000}, {&(0x7f0000001800)="1655b42c544d1f02fc16c8b92e17bd62d2893351d2fb63ee7cb84dce383062b95341057c7502c8713400c0f085e0a501cab460f1495f320319bb66b7f319067ddd829917afc611bc71cf72abd3c048d8b9e111b9f93caf338e821b8243b929f90a5985c2baa078461bd123a19b409582a39dcd7fc3f04977055e3a23bcff95231286da93d6b2af18809e286a7680c4d85606f3b5fda8bb38768f7e8a860ca29078421703ba268a65fff3a7a06b1e4485af313c3469875c14621601ec6a904404b256a718f3b679bb3c643dea097c435dfa16e54aaccbb7b3f1aca66c5ac9f9e2b28c8566cddf6e6020ee1a42f4020adf5b07d984cf3943905d7e411a1ffa6b520f8f80d51d6b58ccafa5d63f1e9b8700de014196d5d0f5f55d36e5471eb426985509a08e2b3ca830c07a3b448f5f5735ce3bc172dc5b6a95e3d5df228ba37236c76f42c0be2548902da92b5f1627ea75ff5de507cabb1ab04cabaced8b89863db3fe03f594e3d84b3e61fb8c7077a91ad79f2e3b8cd6e761aa15da2fcf49ef7907ade93e078131bc1621db856ccf4afd21293c54de16a905df9e8242f531636f9691684537fcff02a05a0e95499850a4e9f4292aeba53cff1108baa0f6cc92e826697d65bd24b829964379014b9ac5c0b57184d491fe3ca9d4a7001191fdce72823149ce33576b71e5f28e7968bf9010c8a0f15c90291677faa48307a844150897f811a0dc2e1c01aefdb8bc0112827757f9bc103eb4141ca68d8ce540af74cdef8baa7b09c947c3a4dd33d61a691d3eca87cc231ae33abd023cfc85f79ea8161765d0f25f55fe037b880506614ebf56b71e34f5b35acb8432ed5bffcf8e3d01cbb48a3a54e9bd16c61465da0448ec58c6e64fd5f1f8d154038b3033bcd330fd5cdc1ca43d55471b626a056010754aba2e689f339e39844a787cd9cf9f724d277fbb41ec1af0d21ad4514956033e091d50a84a6181e6308e85bbdc514f72915afe6eb6e3cb63eb58d134a956e08c4e3685f4e94156079cbd88d1673501e0bdd74790055b874017bc48fd12769156d6257975e74677ee8fe100637c15860b4f0853e0a4ac831b8f156aa144ee25eccac539d42c7a2838427f17afe9234d451734ceff11afc7b8705081e3779562830c6ee3d5d65747c17d39704a4a8d9f134cd0cb50ed9a0288435aac1c7ff088027d031ef1eaa02ca2e65c82bca32400cca0cfe538f351610b277b29082d799a568f1c030d4b5f0a49de1b4dab5c848f2ae1416166757a12992892cf3fcfc0931409fe381e4ff800a8ea2bf1428d910382ab122970285d59e6c9b1f4a4dcf0f68ae84d8565c20ba734a01fc6813fd5df897bbc1c539ddf4559316ef081474dc8f98d68fa2caa43b9b2c5956dab6479a0cf0556e46f33f0c288c4b2df6357d3054bdddf0183e5e4713046f75bca4007a8f5c66cb6e1bb1e4376f12f3c0ef8c5add6b038fc7c0b8f51c01aa01e25413bbbb8d5f12fb63aea9fe161d8c291b134bd1206cda653d4a2ae036144f882f4099230f68ea02ca309aeb232622bffc4b34d2f241570bcad7ec319003dff2f2327359d0a15fb2f92c7ce48a394593a79a4378244f8c8a14832067528cd08b5ee6d280f237ea8ad885428520d83f9808176eeac69abc82e8a8f5e4c572bcfcbc5c65e3b2a21640910ae4efeab66b3f648eedfc3d963305e66dbb7256bfc9f4fa3ab7e338cb4010f9f16f5654b67332c5b441dcce241a36b298ed716ae35f920b50421f9f6e94516d0e89801ce2800730b74eeea8934be83a3d22a46d33d2fb832f64652735d9a4270ffd4444a1a49a5204445b112161400423d05740476ea186048383f31aea7b360d6f33d18ebd4c87c22c709ef5be518f790f23c9eeaaa2ac6b2157aea4d5dacaf5be3c6c0aa420af9855f69556f0487721bf83d9433c5a8144abf9c3777f614683099522f6bdf441e4914006244ea28aabaff10c7bb43425ec6ea4eb713f8da510fea77c5aab0804a50f0347d07537e05d015a68b7dcd430e218a3a7d34fcb6c88d18a1a703484ebb4dc8dc3f49124fa93d51345a2d23561a48bb7f92bf9b24b0c8e7dfa09405ccc93e020d508fc14c6ea960d480981390b0eb6eff0d43a819e63b2800a97d74c9e048192af82f08940fd090832cbf6a8d040ff69afdb3a5e7e0fcb9f4f8c7e10ba828812f9ff9c25c4e17347563119c887a00cec06e2e6ab2df879737e2f5f732662941c6a72bdb52f71a89b8d2869638421cf1cd60d3ca1909ba18b6ee7e4d01fdccfef359ebd04290208b2abe1b758212a17b26d60b50c0a6b691e96dd041be6ec12070d534f401a4baf0b4f24d902180d902e9f192fb24134a9b61e98a4cf5771cd9f01b5e67cc7d00134cbbbe2da48add80e7c31d33f788b3834808b77c91f75c50ae50edf0a9358ba619dfa6326b75f0ebd3f23b78a4167785f5c8b3689cfb52cb00785b61e457b63e10aca84af339f14d268cf83d49a197fc6d57791994069f98d8abd67132a844877f2b784839903f84444b5c3919435dcf3ce9e0b5b37ce3d2d0fe2d110cc3982124f0981785b7275c0de3a1086173437c80dd973ef8cc98ccb002129a9341b69e456cdc15ac37872238b0ed41ac3b8f1b57e1d2faa2ad30077b021e576deb3401ebf31e367ff7441f7250f42e40426565d64507c095c757538d3ceb0c93fdab2a965f58e8a207a700511e7de755d797f709a0c7160d4348e3f145d7aaf3b405863a4b93b413a88c96c43d790a162761c7d3f6fec8262aea47d656c8a5a61280f1177bce5f91dbb7f88826460259dacfddd584bfeb50b589f04e17dc64235f16884db00cf5c763e6a083147036b3f4412e04bb5d2995442a26ca2de077421ab73d88ea24bd28b690d9150ca78d39bfc1e62e8373c60387581bc38d5eabe2569491296a0c36d0fb3763658f9a52c1d4ab78c1b9f564e0c3b934ad9ca4ee760bd317fc19f027efe33b97daf4ab2b81cf69b647c2e1a6f6f550b11b68b881517ccb1348164c5ffeb1a4cb042fa706386aa428f9b3d529dfa87873bf6b12517d5877dac9e8e18f3a969518c1bca79deb1a94e20d8b578b4fcb486da87dfacfde6f604fc99037005829351643c40ff0b4adcdbc75b89995b2e0a67ff0af0ebc9b37b28b85ee6b81dbc8a6101de1a7884b5ca4695ee8bd8dce53fc27cebc1a48a613cb83cf2314e06b29b772e2e01300776efb7772d8fd016de33cd7bce17b3cb4b3078ee9c2e8", 0x8f8}], 0x9, &(0x7f0000000600)=[@sndrcv={0x2c}], 0x2c}, 0x0)

04:46:42 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="280000008400000004000000064000000000", @ANYRES8=r0], 0x6c}, 0x0)

04:46:42 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 21)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:42 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7, &(0x7f0000000000), &(0x7f00000000c0)=0x88)

04:46:42 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x4a, &(0x7f0000000200)="3cfd8056713934cff38e60a8cf4522ad4ebb4addd503551b650d7136960f19031d5145eaa1c35a5c16f0a53b8952f10415c84178ca586e6b855bd759d656dc1dc4434101ad0961536e89f421727a59ed34af3606c7de8467c5b473e2ed221e9f9007a8eab9498b58d2807494cb40f100c5ce2145a3cadbc3821c9e994d6bb5c567c7e5d6b8a7bf9f61cbe6eb61a32504c55677d1125186b5", 0x98)

04:46:42 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000200)={0x10}, 0x10)
connect$inet(r0, &(0x7f0000000900)={0x48}, 0x10)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x19, &(0x7f0000000080), 0x8)

04:46:42 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000000180)=ANY=[], 0x8)

[ 2747.087207][T23266] FAULT_INJECTION: forcing a failure.
[ 2747.087207][T23266] name failslab, interval 1, probability 0, space 0, times 0
[ 2747.108226][T23266] CPU: 0 PID: 23266 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2747.118702][T23266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2747.128781][T23266] Call Trace:
[ 2747.132076][T23266]  <TASK>
[ 2747.135015][T23266]  dump_stack_lvl+0x125/0x1b0
[ 2747.139716][T23266]  should_fail_ex+0x496/0x5b0
[ 2747.144413][T23266]  should_failslab+0x9/0x20
[ 2747.148929][T23266]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2747.154419][T23266]  ? kstrdup_const+0x5f/0x70
[ 2747.159034][T23266]  ? kstrdup_const+0x5f/0x70
[ 2747.163664][T23266]  __kmalloc_node_track_caller+0x50/0x100
[ 2747.169403][T23266]  kstrdup+0x3c/0x70
[ 2747.173327][T23266]  kstrdup_const+0x5f/0x70
[ 2747.177771][T23266]  kvasprintf_const+0x10b/0x190
[ 2747.182647][T23266]  kobject_set_name_vargs+0x5a/0x130
[ 2747.188043][T23266]  kobject_init_and_add+0xe8/0x190
[ 2747.193179][T23266]  ? kobject_create_and_add+0xf0/0xf0
[ 2747.198578][T23266]  ? lockdep_init_map_type+0x16d/0x7c0
[ 2747.204074][T23266]  ? __raw_spin_lock_init+0x3a/0x110
[ 2747.209392][T23266]  bus_add_driver+0x186/0x630
[ 2747.214096][T23266]  driver_register+0x15c/0x4a0
[ 2747.218888][T23266]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2747.225072][T23266]  raw_ioctl+0x172f/0x2b80
[ 2747.229512][T23266]  ? raw_open+0x510/0x510
[ 2747.233856][T23266]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2747.238813][T23266]  ? raw_open+0x510/0x510
[ 2747.243160][T23266]  __x64_sys_ioctl+0x18f/0x210
[ 2747.247944][T23266]  do_syscall_64+0x38/0xb0
[ 2747.252381][T23266]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2747.258296][T23266] RIP: 0033:0x7f410aa7c84b
[ 2747.262741][T23266] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2747.282379][T23266] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2747.290807][T23266] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2747.298790][T23266] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2747.306770][T23266] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2747.314753][T23266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2747.322735][T23266] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2747.330734][T23266]  </TASK>
[ 2747.333930][    C0] vkms_vblank_simulate: vblank timer overrun
04:46:43 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000180)={0x1, 0x5})
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)={0x1, 0x0, [{0x0, 0x0, 0x0}]})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000240)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000500)={0x1, 0x1, &(0x7f0000000380)=""/217, &(0x7f0000000700)=""/70, &(0x7f0000000780)=""/90})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240)=ANY=[], 0x3af4701e)

04:46:43 executing program 2:
r0 = socket(0x11, 0x3, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={0x0}}, 0x0)

04:46:43 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:43 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000400)={0x8, 0x10004}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x40000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000040)=[{&(0x7f00000000c0)="39000000130009470cbb65e1c3e4ffff06000000010000004500000025000000190004000400ad000200000000000006040000000000000000", 0x39}], 0x1)

[ 2747.365157][T23266] kobject: can not set name properly!
04:46:43 executing program 1:
r0 = add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, r0)
add_key$fscrypt_v1(&(0x7f0000000000), 0x0, &(0x7f0000000140)={0x0, "9fd3935641071ff1e9fe37611c20c9029ad0b3b23ff2ad7e370995886d0cc3083bfbb683e0b27015fc77cdd5ad8b9f6b733db603e7a8f79f48331556d87034c9"}, 0x48, r1)
r2 = add_key$keyring(&(0x7f00000002c0), 0x0, 0x0, 0x0, 0xfffffffffffffff9)
request_key(&(0x7f0000000340)='rxrpc\x00', &(0x7f0000000380)={'syz', 0x2}, &(0x7f00000003c0)='\xd6-%\x00', 0xfffffffffffffffb)
keyctl$unlink(0x9, r1, 0x0)
keyctl$negate(0xd, r1, 0x40, r2)
request_key(0x0, &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)='+\x02.\x00', r1)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000840), &(0x7f0000000880)={'enc=', 'raw', ' hash=', {'tgr160-generic\x00'}}, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f00000006c0), &(0x7f0000000700)={'fscrypt:', @auto=[0x56, 0x30, 0x62, 0x64, 0x57, 0x33, 0x35, 0x32, 0x32, 0x63, 0x38, 0x38, 0x36, 0x34, 0x63, 0x61]}, &(0x7f0000000740)={0x0, "a6243699713ed77dc3907d69144bf30b4b7f51e4592079b512de4f94c2da96a7da9c4d28c94d90c5e959becc6d0518abff50c1fd74ea7cc0074475c6778ee008", 0x21}, 0x48, 0xffffffffffffffff)
syz_usb_connect$uac1(0x3, 0xfe, &(0x7f0000000400)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xec, 0x3, 0x1, 0x2, 0x80, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0xfc}, [@selector_unit={0xb, 0x24, 0x5, 0x4, 0xf8, "b84a8981bd0e"}, @mixer_unit={0x7, 0x24, 0x4, 0x5, 0x4, "a419"}, @output_terminal={0x9, 0x24, 0x3, 0x3, 0x100, 0x1, 0x6}, @processing_unit={0x9, 0x24, 0x7, 0x4, 0x6, 0x4, "c50d"}, @processing_unit={0xb, 0x24, 0x7, 0x5, 0x0, 0x0, "122186ea"}, @processing_unit={0xa, 0x24, 0x7, 0x3, 0x6, 0x1, '\f\bv'}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x3, 0x1, 0x3f, 0x80, "0805"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x9, 0x3, 0xe0, 0x1, "", "741f"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x0, 0x4, 0x7, 0x0, "20517731b960d8"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x8, 0x1, 0xff, 0x5}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x80, 0x0, 0x7f, 0x1, "6ce19c79e02d6d05"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x3f, 0x1f, 0x1, {0x7, 0x25, 0x1, 0x81, 0x7f, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x4a, 0x2, 0x3f, 0x3, "18"}, @as_header={0x7, 0x24, 0x1, 0x9, 0x0, 0x1001}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xfc, 0x3, 0x8d, 0x0, '+'}]}, {{0x9, 0x5, 0x82, 0x9, 0x38, 0x1, 0x0, 0x5, {0x7, 0x25, 0x1, 0x1, 0x4, 0xffff}}}}}}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x201, 0x0, 0x2, 0x2, 0x10, 0x81}, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x2, [{0x5a, &(0x7f00000005c0)=@string={0x5a, 0x3, "05ebdf73b9979b51a94c97381b1a1864cd71c2b1ccfaf55052b99c2324894580baf497848329ec13bdfebfaeebd73532b6581735facf79d7c3d213fbf476a90012f6b0c87487f21f0ac0b9dee59cdcf7618622b715a6d163"}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x2c01}}]})

[ 2747.426329][T23266] UDC core: USB Raw Gadget: driver registration failed: -12
04:46:43 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000540)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
sched_setparam(0x0, &(0x7f0000000180))
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000001c0)=0x9c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=ANY=[], 0x10}, {0x0}, {0x0}, {0x0, 0x44}, {0x0}, {&(0x7f0000000f00)=ANY=[@ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32], 0x204}, {&(0x7f0000000900)=ANY=[@ANYBLOB="280142002600040025bd7000fcdbdf251601428081016bb3fd5566154a33b4dc79575f3840fe543b82e4aa63abae4b80448e8e3bcbbd5dd498a0ef8d803cfe45fd737268d852fe4b055bb643f96c4145cdccfdebf41a26525246775dda4e1637778e98d940cd12df4e42179eebbb9da63843ba62faf8abfc1fa68115e5d2e1778d513de4e2693f3201320d342659c466d5105e7a86b5534b00000000b43c63d64c37b5866d5d32c7bcecb60c296accf8f3a2a2aa94fdfc55385c84079a5d652b1aaf8cf57a1c63cde1c977a0e507874ef481ace18df2d62f511aefd9b38e2676a7bbc43821de5d8e5ce95295a28aa5a015750ada3326bd04c1db0a858c465172d6750256b19b2e0ad03dcf6db2ebddd6a296e7d4a83bdf2567e5494171e86179143f91374a2f0000"], 0x128}, {&(0x7f00000012c0)={0x37c, 0x3a, 0x400, 0x70bd27, 0x25dfdbfe, "", [@typed={0x8, 0x34, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x9}, @nested={0x25a, 0x2b, 0x0, 0x1, [@generic="6eb0bb36a529383ec4f8417fb4ca4ccc77475a3acb98e8eb81108fe0b3244ec8c379fe6a48a47af4785e0929532018979173d1c5c88b5d862d8152ff1ed27996164438421a312dba41344de10eef44fdbe743e0097fd7498f3cdfb6a27865a16d6fb460f081a578c60acb1e6da918ffab9bb65f6d8a0ac3df4ea01229367589e772f4e0b3de40dac2959ec869e78e5840d72431327398314e5865cda90d2872b6f140df6358ec5388d5c28c7abb73624086d4d9d3ec8e4bad3b4ed1ff57aaed9319628622024da6c8e5c4de1413b2663e681832e1d9bc061935e04b257789141511ba0ebb6a238819c7206b7fad81ab9566a180669a8cfb20f04d3a4e610380d596c40709a7fc84cf96698524d3db55a0ea91232848f897b44e6813c9a7e54aa9295aafd11e15afd2d8b8a07a6ed797a9375026a7f150cab0539c568adf489fbe0eb2c1cd0c83069633c981c51fd5a3d1710c684a426d917d97531061216ec3a45537b1f016ef4cc037f028c7da621e7e56a1ce204cf", @typed={0x8, 0x6, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="2cec0df4b79c75e9a093a372d043000905d18118c2ea30498fc6029465011c7e2a1ad1f4f47338eac746acff42c497f9f6452cbce59b807c7155ce176ad82928a7c33380d640743478061461d5ab0c4b1fafc331906c8e781c77c546ac31409294546cc4d3e0472eb9295447ca822ff391d37f12ae60e0397b7f1ee832ee43df4b6de2f960c4246f47a73ebb24a555eed05d014486c563a0c25e6500e29957e615f3b245dfff0172a11daec1e5dd36ac7181998812433152f3a374d67a98c01469b81804c2143d8a291dcc3e5986e47e02a4cf7fa2b47c51"]}, @nested={0x4b, 0x6a, 0x0, 0x1, [@generic="5d7d657ae52f6e2bda60b05d588b51abc4f98053693780be3b7bb2325b3a68712c8cefe70c1b9c62739d38a180fcd09303f5e516874882664508bb62f24525", @typed={0x8, 0x8b, 0x0, 0x0, @pid}]}, @typed={0x8, 0x2a, 0x0, 0x0, @pid=r0}, @generic="56effffc7cfa7e1eeff5cd07a8d69ca0f709a8da167b6bf516a128f27afa0486d4e131de685cd5bcd4a15b30341915134a027ab40fa2606219b13085fe9011470add282508891004686456c142bd5c6129018a860bf8fc0d663a91faad444398967ef64cbd9d3b58b65452705e58a44eeb94761a1185f06cb0886f473221d052c5e95f81bec0ec1c2d80e082812ebdf1b5a932bb3a260a31915a6e79132dd08ca55345", @typed={0x4, 0x60}]}, 0x37c}], 0x8}, 0x48d1)
sched_setscheduler(0x0, 0x0, 0x0)
r5 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000600)=0xffffffffffffffff, 0x4)
sendfile(0xffffffffffffffff, r5, &(0x7f0000000640)=0x2, 0x7)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10)
r6 = getpid()
syz_open_procfs$namespace(r6, &(0x7f00000004c0)='ns/time\x00')
sched_setscheduler(r6, 0x1, &(0x7f0000001700))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x200000000000000, 0x0, 0x8}, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000d40)=ANY=[@ANYBLOB="21000000370200000100"/24, @ANYRES32=0x0, @ANYBLOB="01005be3125e7a86e86a20d7ac3bf3c1fd98c9c995070716e9dc579be4f064c2f81b416033189828864d8e61137190194bfc45dabe708faa5325e93b4d4e860c05dca2d3581be8c873d26f8c889951c74d2c37c93db41e5ecc7104d9f3339abdcd8c5092c9eb8e"], 0x1f)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x18100}, 0x1c)
sched_setattr(0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000040)=""/50, 0xfffffe72}, {&(0x7f0000000240)=""/52, 0x34}, {&(0x7f0000000780)=""/129, 0x80}, {&(0x7f0000000300)=""/68, 0x44}, {&(0x7f0000000380)=""/121, 0x79}, {&(0x7f0000000400)=""/183, 0xb7}], 0x6}, 0x40000110)

[ 2747.472697][T23266] misc raw-gadget: fail, usb_gadget_register_driver returned -12
[ 2747.738195][T23293] netlink: 'syz-executor.5': attribute type 4 has an invalid length.
04:46:43 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 22)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

[ 2748.180390][T23305] FAULT_INJECTION: forcing a failure.
[ 2748.180390][T23305] name failslab, interval 1, probability 0, space 0, times 0
[ 2748.220774][T23305] CPU: 0 PID: 23305 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2748.231257][T23305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2748.241349][T23305] Call Trace:
[ 2748.244657][T23305]  <TASK>
[ 2748.247621][T23305]  dump_stack_lvl+0x125/0x1b0
[ 2748.252347][T23305]  should_fail_ex+0x496/0x5b0
[ 2748.257076][T23305]  should_failslab+0x9/0x20
[ 2748.261613][T23305]  kmem_cache_alloc+0x334/0x3b0
[ 2748.266524][T23305]  ? kstrdup+0x5c/0x70
[ 2748.270646][T23305]  __kernfs_new_node+0xd3/0x890
[ 2748.275568][T23305]  ? kernfs_path_from_node+0x60/0x60
[ 2748.280918][T23305]  kernfs_create_dir_ns+0x9a/0x210
[ 2748.286250][T23305]  sysfs_create_dir_ns+0x13b/0x2a0
[ 2748.291413][T23305]  ? sysfs_create_mount_point+0xb0/0xb0
[ 2748.297002][T23305]  ? spin_bug+0x1d0/0x1d0
[ 2748.301393][T23305]  ? do_raw_spin_unlock+0x173/0x230
[ 2748.306650][T23305]  kobject_add_internal+0x2c8/0x960
[ 2748.311904][T23305]  kobject_init_and_add+0x11c/0x190
[ 2748.317153][T23305]  ? kobject_create_and_add+0xf0/0xf0
[ 2748.322576][T23305]  ? lockdep_init_map_type+0x16d/0x7c0
[ 2748.328083][T23305]  ? __raw_spin_lock_init+0x3a/0x110
[ 2748.333425][T23305]  bus_add_driver+0x186/0x630
[ 2748.338149][T23305]  driver_register+0x15c/0x4a0
[ 2748.342962][T23305]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2748.349170][T23305]  raw_ioctl+0x172f/0x2b80
[ 2748.353627][T23305]  ? raw_open+0x510/0x510
[ 2748.357996][T23305]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2748.362981][T23305]  ? raw_open+0x510/0x510
[ 2748.367350][T23305]  __x64_sys_ioctl+0x18f/0x210
[ 2748.372154][T23305]  do_syscall_64+0x38/0xb0
[ 2748.376611][T23305]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2748.382548][T23305] RIP: 0033:0x7f410aa7c84b
[ 2748.387001][T23305] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2748.406652][T23305] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2748.415100][T23305] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2748.423099][T23305] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2748.431100][T23305] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2748.439096][T23305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2748.447096][T23305] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2748.455119][T23305]  </TASK>
[ 2748.458216][    C0] vkms_vblank_simulate: vblank timer overrun
04:46:44 executing program 4:
syz_usb_connect$uac1(0x0, 0x7a, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x68, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@output_terminal={0x9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)

[ 2748.541005][T23305] kobject: kobject_add_internal failed for raw-gadget.2 (error: -12 parent: drivers)
04:46:44 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2748.641204][T23305] UDC core: USB Raw Gadget: driver registration failed: -12
[ 2748.672652][T23305] misc raw-gadget: fail, usb_gadget_register_driver returned -12
[ 2749.051787][T23327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2749.081957][T23327] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:46:45 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 23)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

[ 2749.326270][T23331] FAULT_INJECTION: forcing a failure.
[ 2749.326270][T23331] name failslab, interval 1, probability 0, space 0, times 0
[ 2749.357149][T23331] CPU: 1 PID: 23331 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2749.367649][T23331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2749.377736][T23331] Call Trace:
[ 2749.381047][T23331]  <TASK>
[ 2749.384018][T23331]  dump_stack_lvl+0x125/0x1b0
[ 2749.388759][T23331]  should_fail_ex+0x496/0x5b0
[ 2749.393488][T23331]  should_failslab+0x9/0x20
[ 2749.398033][T23331]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2749.403547][T23331]  ? kstrdup_const+0x5f/0x70
[ 2749.408206][T23331]  ? kstrdup_const+0x5f/0x70
[ 2749.412852][T23331]  __kmalloc_node_track_caller+0x50/0x100
[ 2749.418613][T23331]  kstrdup+0x3c/0x70
[ 2749.422546][T23331]  kstrdup_const+0x5f/0x70
[ 2749.426998][T23331]  __kernfs_new_node+0x9c/0x890
[ 2749.431874][T23331]  ? kernfs_path_from_node+0x60/0x60
[ 2749.437187][T23331]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2749.442589][T23331]  ? trace_contention_end+0xd6/0x100
[ 2749.447905][T23331]  ? lock_acquire+0x1ae/0x510
[ 2749.452619][T23331]  ? find_held_lock+0x2d/0x110
[ 2749.457421][T23331]  ? sysfs_do_create_link_sd+0x82/0x140
[ 2749.463002][T23331]  kernfs_new_node+0x94/0x110
[ 2749.467716][T23331]  kernfs_create_link+0xcc/0x230
[ 2749.472682][T23331]  sysfs_do_create_link_sd+0x90/0x140
[ 2749.478083][T23331]  sysfs_create_link+0x61/0xc0
[ 2749.482873][T23331]  driver_sysfs_add+0x91/0x2c0
[ 2749.487669][T23331]  really_probe+0x13f/0xc90
[ 2749.492208][T23331]  __driver_probe_device+0x1de/0x4b0
[ 2749.497520][T23331]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2749.503349][T23331]  driver_probe_device+0x4c/0x1a0
[ 2749.508403][T23331]  __driver_attach+0x274/0x570
[ 2749.513200][T23331]  ? __device_attach_driver+0x300/0x300
[ 2749.518791][T23331]  bus_for_each_dev+0x13c/0x1d0
[ 2749.523672][T23331]  ? bus_remove_file+0x50/0x50
[ 2749.528468][T23331]  bus_add_driver+0x2e9/0x630
[ 2749.533436][T23331]  driver_register+0x15c/0x4a0
[ 2749.538228][T23331]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2749.544431][T23331]  raw_ioctl+0x172f/0x2b80
[ 2749.548885][T23331]  ? raw_open+0x510/0x510
[ 2749.553238][T23331]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2749.558201][T23331]  ? raw_open+0x510/0x510
[ 2749.562554][T23331]  __x64_sys_ioctl+0x18f/0x210
[ 2749.567342][T23331]  do_syscall_64+0x38/0xb0
[ 2749.571795][T23331]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2749.577739][T23331] RIP: 0033:0x7f410aa7c84b
[ 2749.582227][T23331] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2749.601873][T23331] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2749.610310][T23331] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2749.618296][T23331] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2749.626285][T23331] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2749.634275][T23331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2749.642256][T23331] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2749.650522][T23331]  </TASK>
04:46:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2749.841474][T23331] really_probe: driver_sysfs_add(gadget.0) failed
[ 2749.855458][T23331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2749.901751][T23331] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:46:45 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x7, &(0x7f0000000000)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x4}, @initr0, @btf_id, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}], &(0x7f0000000140)='GPL\x00'}, 0x90)

04:46:46 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001700)=@bpf_lsm={0x3, 0x3, &(0x7f00000014c0)=@framed={{}, [], {0x95, 0x6}}, &(0x7f0000001500)='GPL\x00'}, 0x90)

04:46:46 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000540)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
sched_setparam(0x0, &(0x7f0000000180))
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000001c0)=0x9c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=ANY=[], 0x10}, {0x0}, {0x0}, {0x0, 0x44}, {0x0}, {&(0x7f0000000f00)=ANY=[@ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32], 0x204}, {&(0x7f0000000900)=ANY=[@ANYBLOB="280142002600040025bd7000fcdbdf251601428081016bb3fd5566154a33b4dc79575f3840fe543b82e4aa63abae4b80448e8e3bcbbd5dd498a0ef8d803cfe45fd737268d852fe4b055bb643f96c4145cdccfdebf41a26525246775dda4e1637778e98d940cd12df4e42179eebbb9da63843ba62faf8abfc1fa68115e5d2e1778d513de4e2693f3201320d342659c466d5105e7a86b5534b00000000b43c63d64c37b5866d5d32c7bcecb60c296accf8f3a2a2aa94fdfc55385c84079a5d652b1aaf8cf57a1c63cde1c977a0e507874ef481ace18df2d62f511aefd9b38e2676a7bbc43821de5d8e5ce95295a28aa5a015750ada3326bd04c1db0a858c465172d6750256b19b2e0ad03dcf6db2ebddd6a296e7d4a83bdf2567e5494171e86179143f91374a2f0000"], 0x128}, {&(0x7f00000012c0)={0x37c, 0x3a, 0x400, 0x70bd27, 0x25dfdbfe, "", [@typed={0x8, 0x34, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x9}, @nested={0x25a, 0x2b, 0x0, 0x1, [@generic="6eb0bb36a529383ec4f8417fb4ca4ccc77475a3acb98e8eb81108fe0b3244ec8c379fe6a48a47af4785e0929532018979173d1c5c88b5d862d8152ff1ed27996164438421a312dba41344de10eef44fdbe743e0097fd7498f3cdfb6a27865a16d6fb460f081a578c60acb1e6da918ffab9bb65f6d8a0ac3df4ea01229367589e772f4e0b3de40dac2959ec869e78e5840d72431327398314e5865cda90d2872b6f140df6358ec5388d5c28c7abb73624086d4d9d3ec8e4bad3b4ed1ff57aaed9319628622024da6c8e5c4de1413b2663e681832e1d9bc061935e04b257789141511ba0ebb6a238819c7206b7fad81ab9566a180669a8cfb20f04d3a4e610380d596c40709a7fc84cf96698524d3db55a0ea91232848f897b44e6813c9a7e54aa9295aafd11e15afd2d8b8a07a6ed797a9375026a7f150cab0539c568adf489fbe0eb2c1cd0c83069633c981c51fd5a3d1710c684a426d917d97531061216ec3a45537b1f016ef4cc037f028c7da621e7e56a1ce204cf", @typed={0x8, 0x6, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="2cec0df4b79c75e9a093a372d043000905d18118c2ea30498fc6029465011c7e2a1ad1f4f47338eac746acff42c497f9f6452cbce59b807c7155ce176ad82928a7c33380d640743478061461d5ab0c4b1fafc331906c8e781c77c546ac31409294546cc4d3e0472eb9295447ca822ff391d37f12ae60e0397b7f1ee832ee43df4b6de2f960c4246f47a73ebb24a555eed05d014486c563a0c25e6500e29957e615f3b245dfff0172a11daec1e5dd36ac7181998812433152f3a374d67a98c01469b81804c2143d8a291dcc3e5986e47e02a4cf7fa2b47c51"]}, @nested={0x4b, 0x6a, 0x0, 0x1, [@generic="5d7d657ae52f6e2bda60b05d588b51abc4f98053693780be3b7bb2325b3a68712c8cefe70c1b9c62739d38a180fcd09303f5e516874882664508bb62f24525", @typed={0x8, 0x8b, 0x0, 0x0, @pid}]}, @typed={0x8, 0x2a, 0x0, 0x0, @pid=r0}, @generic="56effffc7cfa7e1eeff5cd07a8d69ca0f709a8da167b6bf516a128f27afa0486d4e131de685cd5bcd4a15b30341915134a027ab40fa2606219b13085fe9011470add282508891004686456c142bd5c6129018a860bf8fc0d663a91faad444398967ef64cbd9d3b58b65452705e58a44eeb94761a1185f06cb0886f473221d052c5e95f81bec0ec1c2d80e082812ebdf1b5a932bb3a260a31915a6e79132dd08ca55345", @typed={0x4, 0x60}]}, 0x37c}], 0x8}, 0x48d1)
sched_setscheduler(0x0, 0x0, 0x0)
r5 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000600)=0xffffffffffffffff, 0x4)
sendfile(0xffffffffffffffff, r5, &(0x7f0000000640)=0x2, 0x7)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10)
r6 = getpid()
syz_open_procfs$namespace(r6, &(0x7f00000004c0)='ns/time\x00')
sched_setscheduler(r6, 0x1, &(0x7f0000001700))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x200000000000000, 0x0, 0x8}, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000d40)=ANY=[@ANYBLOB="21000000370200000100"/24, @ANYRES32=0x0, @ANYBLOB="01005be3125e7a86e86a20d7ac3bf3c1fd98c9c995070716e9dc579be4f064c2f81b416033189828864d8e61137190194bfc45dabe708faa5325e93b4d4e860c05dca2d3581be8c873d26f8c889951c74d2c37c93db41e5ecc7104d9f3339abdcd8c5092c9eb8e"], 0x1f)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x18100}, 0x1c)
sched_setattr(0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000040)=""/50, 0xfffffe72}, {&(0x7f0000000240)=""/52, 0x34}, {&(0x7f0000000780)=""/129, 0x80}, {&(0x7f0000000300)=""/68, 0x44}, {&(0x7f0000000380)=""/121, 0x79}, {&(0x7f0000000400)=""/183, 0xb7}], 0x6}, 0x40000110)

04:46:46 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001700)=@bpf_lsm={0x3, 0x3, &(0x7f00000014c0)=@framed={{0x18, 0x0, 0x0, 0x6a00}}, &(0x7f0000001500)='GPL\x00'}, 0x90)

04:46:46 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@func={0x6}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x2b}, 0x20)

04:46:46 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 24)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:46 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x4, 0xe5, &(0x7f00000000c0)=""/229}, 0x90)

04:46:46 executing program 1:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001700)=@bpf_lsm={0x1d, 0x3, &(0x7f00000014c0)=@framed, &(0x7f0000001500)='GPL\x00', 0x6}, 0x90)

04:46:46 executing program 4:
bpf$BPF_PROG_DETACH(0xf, &(0x7f0000000440)={@ifindex, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id=0xffffffffffffffff}, 0x20)

04:46:46 executing program 1:
socketpair(0x25, 0x5, 0x40, &(0x7f0000000000))

04:46:46 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000700)="9bbe6e2672ad08cf10fa883c409760db39e4a7c86bc150466aac33d0a0950f90d460dba8be2002341aac4e5d2b1d74758269a79b314d7997fcc97fb28b2fddddaa3e74d32c072040679d39d810703481be72bc008e19f74e779dae99e8f385ea31f8f8ca2f35e6078e7325bd3f6884c8260ed064da0cf6cb79e14f810079fe6a9b92eebb4fad6a04ce80e534fd98ace63d41cdf21e37a0f5dbc5f582486ac87e01ed4ae461b223ec239b9cf866d0067113014e660f623d08f9257864927f32be0331389ccef652352967ad2a2e6cef8b79a77aac45aae8f015046928f699461d26a7992c9eb4c94e9e4490dc08ebb3e3c00415cbc3dde3c85141345c7081d9d1db687bfb3b710ba3c92ae315428f90dbae758512f0d81aea9bb609a09feb9716715c74a5da981cde226141aa9405f25e7fec44d41a5a4afb959138ac8ea7519b4721d35761b0ba00b88d6b36604574148c5a43789ca839d93bf8735fe94648ba6508c85b45cdcff9928f02e860280286eb5a6c232bf88b04a5407fa06928cdc0a80d7dc54f89a7a3c37daefba00e907e8a86a455b1bb55d851729c05ab59e8bc28512c300eca99422a2b86533d4b165e240f513e2b72ce8c42750845038a9af3920edc23eb157ff057790b50673d8a77a16a96c5d21fc16ab0617fdd0bad6ab0eba6bafaad4d2bebecfdb5657306417b177d5029d72598b59888ac71ef2807963da6d7d6cf323306b4a405bcdb3fceb9c3b67c128202b4ac14df787e3d16ef0c94e2ea6d04aa4049303ee6e6c739be9db199cf66ae41cc4e3de96109d7127355bbcd8c3b3eff08a089a9ce55a539d6e7c869f1e1c1cee5983a7ad9a4042fd60fd2fa80b525a57749d4c434b4f64922819e0dd0341d961339a6c65fa37d6fb8d6e7c7022b442d2ca5b0f49dabbede9d4f2a4fa9af12c920a46c42303a2a7deb3bbdff59d05dd1fcbc758a4bad75e0dba72fe451bb4a061911dfd8c56f46c33547561dda807412795c00683248ae8853c1026373b72fe2e0f9d1a6fa0cca65a826099025e5723c2490eb96957d76b894a7f2b899d8314d4307b0e17ffed03c8443696162b2dbfb12bc5035811242f5991a978b0de7380c3b2c2c2c08983c0dfed1ebfb524b09d438de14c209a6eb2ca169b40f8f3017ec9a554e9967dd7f0e57e5454bc56e1a788f6b93cec56af48bf53459d198501821c85ae1bd053ed77e0bb25044652d52cd72afc31d901c33940b8484580d718e40901300dd65d4a08d6094de13b2aacc3974369be770f3a870ce37c32b9b1c858e29c236e9a02b520f79e471fda70a60cdcad931d779907f9e9177950077f67996ab37b4e9e934f4bd9a41aff84097881a00aba0e2c12597494a21a2c3400578ff161e9d7f099c707b49fccf8028c340d785a37780a19b1a5ae433acade5d7a1c7157502889b40d75e74bcf81ee9a7a2cb906d323735bd4ae69aa953ba9f8d24aa875531597b859ddde92c2974aef8fcb8fc92a6377d6fd6c7849f3c81c0246bcb3fe83f939f145456dd8d0f6e093c7d43d8875304ffdbe4c1896e6296749c93b32d28f43f40b592fc2132da31a767834b277cfee77ae17ea537ce68cd57e7300779868e3c9ccd3222a0a0676fc5111cce89c052e7c42c0d5f2b112dae7a60ec9988b21ffcf048051cc58a045066d91c8e2fb26b053f456529f7424e62df69d8466504540b7c7dc056ae647216b69d9cf1e07ffce99edf7e163f384e7f2c5d2d9c53a67100853e954f2031e8a4ee8532a5a5c7123b2ac77a0ecb734b782f3b8c617cf2e5a7bacc190595a132067e42a89d848bff4d351120b305a4a14ada34adbcdd6f46f7a67b807f2ef1c62d3a149f9e0787bd64a1290ef19eec909d2bdedaddb2ce38a14447d47fed8e30626733618f5c2b7ed41015cce9fdcf46a9463b89c14a8869d202cf176804f3cfc4485098a6707e5e755182aa2c16b9bde718e073be7853a9077fb6ee7c7623c9bb1860bc68e58d4897e388f9d48b55aff69fddfeb724d85abac5433b6444705df31c94d87c051b80e567e5d4fb501e5b9da07ffbe4e81070714416c370db4786b49031374bf52922e427af11ccda33bd7f8744dd2c04e15d61bd3f6ddeaa1e4c002af997a2d2ee8de2f32eae6387e35d84c174145b67dcb0b2677dd7f4f23c70f3829008573aaeca5f383a6aab7d2ba2a9fcf7d953d53975e98129cfbaf4b49de1e1624ead687d52071d3ec5cba1d0b50732b314b6bca407c60012a457ed6d6cb8606cb65f802a4fda3c5fa2b8b2993c153909fb77045eb31a15e87341a5f6ed2f50e9071a2e7dbf9e904cb6b21158ad6f526dfa20fba2d7d9fbef609458402d6ce0159870511e8b2776567d731cb3a48ae0832cfb502421e7ac38ded6619bc3b9321d20d63e77dc5a95a904c5d2a707d190b04805a5f95ac19af9e1f52e2b4f020523ca2260e7f8ea52c2bcfb3e4414de9cc039b0d18365bfb25ad2b26c41a28291a31367ec57c9218eca9e99f0d8ccc66016931f54f2eb7e2bf94a73ed8c34c45ddd02430ed3e2f0f8cca7ce36419f505c5bd66e5b8fb946dcf9911910f041584798e9bad2d12213c9ff400ef34334ca3f0fffa253da7dd745b28de6fc8a74a48c6558b97dcfe0328e7b2070ca39e59cf3ecce325266d10aa65664385ae5a0ba58e2a67f0304abe82b359b79e64740c764fea6e4897475661a11cce4a4d786e884f20b01a7b906790209e0fe81e8dd594abaf24b3f8abfd06e4ad56b024c150cbd41128826cff932fd7921dba6a7440af4bcde6b5ea74adf29ad1209b8a26c50222856b983036fac444525f8aeeb1367e278e243760aee78a1413f331e07ff2d3f58281e3e191b4847ac2f5e081c38415f905a384047118e64c92fe20a4dcbe95b3993983ad5d75264fff59a924929d44459c1eb537e442607bb3c8316bdf62f8193a6cb977e73e1f6eec56b4ccd70c89d24c5ed9b3033df5237deeb2d40435ec4d6b1d191e1bd7105f41614c95a0e3518a0c1bf962e8247b0656f13ad3b2c682cfc4409e01dc609451101e263fc8e9cb232357cb878ee2d12faf08f2e8328222ab2ac0e61db7b92a4dfdc6eb45adeb99b98a8c8a6af80078ca761ce6ceda13dc6011a73758f64fc2f110388053e624f15b8b917e7dae90f1a71bbc7d294d795f4fbd60ce91e45db2ce06023626612bebd1d48525b5bdc6a9ca4d97e39dc58f37d7be93362023164ce1fb55be6c392dfb06b5479436001c880258391f9ccd56b5f806699af1da1a738698e0289111f5b99a43f38929596714c46f523c6e14b2ef80f7c22d34b6897e8c3b77ac72b9b92f0bb44774ffd3d263cc8a132adef4f026cb18cb1456451c1aaf0d1cec3fa06a47557f506c47c5fe86b506704a1fe1f6c131be3d092781f7a145734a6554d8b89c3036a9f989a63a203d62a11d3a454d6359bec084ddb8bb72d5209e4d2624d6731295500e9dfb3c14532c5d9f829fe6b1ff452269786e10e82ac172c07528a952a94336dda47990a5294495d6da5f9bb31bc38bc1b92c21545b5eaa20e135c3b939bdf60815e855fecf8c404fbe84e96b1c91ef00c61d5df747da35b671736a3ad6fc729bd21d2a0afa48ab7a8fccf4f21c3f47b493d92fe42a20129383ed6c9273decc540fafccb544a7247a4f5614184f05dc33b0141dab6713fa40fd9492ea7db52f22dc1c40ad927f7d582c658daea18d983916a4584d26b26a94ee631af92c6e9ccf856f3b58ad9d3db1b8fe362dd08f030dc9bcfc4e860eafa4dcad363c5d407374ed79e263650da4a644b7d0d1c6ace021e0c7c5990c94277de436df2fbfa89883880bbdeef0b3d362416c1123ee3fbe6e1a650b9b55c478f33075f170ce0b3e8541ace9274f2bfc56734bab7916e9d148aa051de1b5476ac59fc42abed6738f03409c0d50f35451825373586ee3faa413cfdf1293fc867795fdaa2ea2e5991c59f8c686187d54b0f480855fca4c8e33cb8221e02b1b32c8ff50a4be508dadadb55324cad6ffd69d3bd10d3cbc5fe49d5e486d528abb46ed4adb6b41f5ecc42b81e186cde7f90f0788067ccc6a9900fb4f55e2692298e83dd9814a609463f921ce39233c6aa55fc207524519030f95f98e99afd2b1e19db5ded3beb7c061c4082c5720c1b0add83b1db99f8cb7241f7da83b76f86eaedcba27600dd6dc961e11dff5b32b82232fcef662e46d9a387acceed8a4265cfc0d901302bba366934eabf62418fbc0a1d60e88d53737233f0b046607494e2e9a8991412f3bd7ebafc0e35afed4354b546664951aed27747da7085ccc0c1ed28191a187b739f67b0443f9320f0be365b05a15fa25d46c1de8080294b819beb0d9e015362d39e8090d835bd83522c7196fa119a35eec67ca14097f56e18489162599f78e6194c6766a55fcb3369e6c12170b96abdfc4c65e87dbc4f19f3f8e05b22eb5790b60a7a3670baccd6c8ffd636b4452bd96864c7cc3abadb5a76917569ab7e355e4cee79cd1cbfa093e6655276916180534e7c6f6c63df7c83074dc28d4981928a25c7a0a7c534249c47c148aee1c24e69cedbc786a2e4738845e0042448db4bd598ded8a08c54a525e040cd3fa29cf591148d983e5a64c65b3205771cf517aeb261b739463a27ff1dfe9acb32c4f2fe5f8f01dae888ff2d422b47d41df7bd458dbea1cd72d163a906879fb1f966503f2e3c85dd4bac2a213a71aa7492a395d566017552a29269d54319130fdecd6369881d8a30ef2eecbf5ed53048c60ca76b96779ab4e3d931ccff2eed57c7a872c5af1c9f3ba711e79cc82493258a88e9184560e77bbf79425cdb82557fb6a6323460e5b2af4219ad72eff5cab08963433b36244d6ca2a6160f0ea6230072d37e3b463217b37717f2a326680f1106e4660f36076ddb3caf1bfe94f0e5cd537dc202fa57eb7031b6792a83c2daead632bf5b630fd8210618bfc805bb0c8a592168506f27280ed200253d3f230c5fe61bff89307c9093b57fdc2a39674d0f55a0a6f347ab2c2a7b3e15abb68c8585b8fe6668fe3dfcca3ccaa6fe8874e469061ae72474d49744551e9f503348ec6e71d367816ae973ef11356c8d62c92db492f38b2328da73a84253d8c949d8fbfdb778e2765d469b452dfe649bada129e68e2c56f81969efe28e535ffd8dc11c1571e1c0ee394e84507fe7a4088c865bee2b2be88b768b21c6fc3fa38ede766e631eb8fa9507fe65438778d631c41b6660ab9bfd792afca1eead3a9c84285638865a124b6554929a7e59d7e2260d0c2a3081c04f240c836d5659f8fe35f28dd140f03ed552b905d121e1eb8350f28298119e1c5d98c3c7d7", 0xec1}], 0x1, &(0x7f0000000380)=ANY=[@ANYBLOB="0801"], 0x108}, 0x0)

[ 2750.901022][T28690] usb 1-1: new high-speed USB device number 61 using dummy_hcd
04:46:46 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000c40)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_pressure(r0, &(0x7f0000000000)='cpu.pressure\x00', 0x2, 0x0)

04:46:46 executing program 1:
r0 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x40085)

04:46:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2751.271080][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2751.461492][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2751.474604][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2751.496763][T28690] usb 1-1: Product: syz
[ 2751.507901][T28690] usb 1-1: Manufacturer: syz
[ 2751.541029][T28690] usb 1-1: SerialNumber: syz
04:46:48 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000540)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
sched_setparam(0x0, &(0x7f0000000180))
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000001c0)=0x9c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=ANY=[], 0x10}, {0x0}, {0x0}, {0x0, 0x44}, {0x0}, {&(0x7f0000000f00)=ANY=[@ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32], 0x204}, {&(0x7f0000000900)=ANY=[@ANYBLOB="280142002600040025bd7000fcdbdf251601428081016bb3fd5566154a33b4dc79575f3840fe543b82e4aa63abae4b80448e8e3bcbbd5dd498a0ef8d803cfe45fd737268d852fe4b055bb643f96c4145cdccfdebf41a26525246775dda4e1637778e98d940cd12df4e42179eebbb9da63843ba62faf8abfc1fa68115e5d2e1778d513de4e2693f3201320d342659c466d5105e7a86b5534b00000000b43c63d64c37b5866d5d32c7bcecb60c296accf8f3a2a2aa94fdfc55385c84079a5d652b1aaf8cf57a1c63cde1c977a0e507874ef481ace18df2d62f511aefd9b38e2676a7bbc43821de5d8e5ce95295a28aa5a015750ada3326bd04c1db0a858c465172d6750256b19b2e0ad03dcf6db2ebddd6a296e7d4a83bdf2567e5494171e86179143f91374a2f0000"], 0x128}, {&(0x7f00000012c0)={0x37c, 0x3a, 0x400, 0x70bd27, 0x25dfdbfe, "", [@typed={0x8, 0x34, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x9}, @nested={0x25a, 0x2b, 0x0, 0x1, [@generic="6eb0bb36a529383ec4f8417fb4ca4ccc77475a3acb98e8eb81108fe0b3244ec8c379fe6a48a47af4785e0929532018979173d1c5c88b5d862d8152ff1ed27996164438421a312dba41344de10eef44fdbe743e0097fd7498f3cdfb6a27865a16d6fb460f081a578c60acb1e6da918ffab9bb65f6d8a0ac3df4ea01229367589e772f4e0b3de40dac2959ec869e78e5840d72431327398314e5865cda90d2872b6f140df6358ec5388d5c28c7abb73624086d4d9d3ec8e4bad3b4ed1ff57aaed9319628622024da6c8e5c4de1413b2663e681832e1d9bc061935e04b257789141511ba0ebb6a238819c7206b7fad81ab9566a180669a8cfb20f04d3a4e610380d596c40709a7fc84cf96698524d3db55a0ea91232848f897b44e6813c9a7e54aa9295aafd11e15afd2d8b8a07a6ed797a9375026a7f150cab0539c568adf489fbe0eb2c1cd0c83069633c981c51fd5a3d1710c684a426d917d97531061216ec3a45537b1f016ef4cc037f028c7da621e7e56a1ce204cf", @typed={0x8, 0x6, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="2cec0df4b79c75e9a093a372d043000905d18118c2ea30498fc6029465011c7e2a1ad1f4f47338eac746acff42c497f9f6452cbce59b807c7155ce176ad82928a7c33380d640743478061461d5ab0c4b1fafc331906c8e781c77c546ac31409294546cc4d3e0472eb9295447ca822ff391d37f12ae60e0397b7f1ee832ee43df4b6de2f960c4246f47a73ebb24a555eed05d014486c563a0c25e6500e29957e615f3b245dfff0172a11daec1e5dd36ac7181998812433152f3a374d67a98c01469b81804c2143d8a291dcc3e5986e47e02a4cf7fa2b47c51"]}, @nested={0x4b, 0x6a, 0x0, 0x1, [@generic="5d7d657ae52f6e2bda60b05d588b51abc4f98053693780be3b7bb2325b3a68712c8cefe70c1b9c62739d38a180fcd09303f5e516874882664508bb62f24525", @typed={0x8, 0x8b, 0x0, 0x0, @pid}]}, @typed={0x8, 0x2a, 0x0, 0x0, @pid=r0}, @generic="56effffc7cfa7e1eeff5cd07a8d69ca0f709a8da167b6bf516a128f27afa0486d4e131de685cd5bcd4a15b30341915134a027ab40fa2606219b13085fe9011470add282508891004686456c142bd5c6129018a860bf8fc0d663a91faad444398967ef64cbd9d3b58b65452705e58a44eeb94761a1185f06cb0886f473221d052c5e95f81bec0ec1c2d80e082812ebdf1b5a932bb3a260a31915a6e79132dd08ca55345", @typed={0x4, 0x60}]}, 0x37c}], 0x8}, 0x48d1)
sched_setscheduler(0x0, 0x0, 0x0)
r5 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000600)=0xffffffffffffffff, 0x4)
sendfile(0xffffffffffffffff, r5, &(0x7f0000000640)=0x2, 0x7)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10)
r6 = getpid()
syz_open_procfs$namespace(r6, &(0x7f00000004c0)='ns/time\x00')
sched_setscheduler(r6, 0x1, &(0x7f0000001700))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x200000000000000, 0x0, 0x8}, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000d40)=ANY=[@ANYBLOB="21000000370200000100"/24, @ANYRES32=0x0, @ANYBLOB="01005be3125e7a86e86a20d7ac3bf3c1fd98c9c995070716e9dc579be4f064c2f81b416033189828864d8e61137190194bfc45dabe708faa5325e93b4d4e860c05dca2d3581be8c873d26f8c889951c74d2c37c93db41e5ecc7104d9f3339abdcd8c5092c9eb8e"], 0x1f)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x18100}, 0x1c)
sched_setattr(0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000040)=""/50, 0xfffffe72}, {&(0x7f0000000240)=""/52, 0x34}, {&(0x7f0000000780)=""/129, 0x80}, {&(0x7f0000000300)=""/68, 0x44}, {&(0x7f0000000380)=""/121, 0x79}, {&(0x7f0000000400)=""/183, 0xb7}], 0x6}, 0x40000110)

04:46:48 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002500)={<r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000002b80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002b40)=[@rights={{0x10}}], 0x10}, 0x480c0)

04:46:48 executing program 1:
syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, &(0x7f0000000340)={0x0, 0x0, 0x23, &(0x7f0000000100)={0x5, 0xf, 0x23, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x0, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "8790aac5e625a5885e82ed7a8a3e91e4"}]}, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]})

[ 2752.701200][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2752.707694][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2752.741096][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2753.124332][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2753.167854][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2753.215301][T28690] usb 1-1: USB disconnect, device number 61
[ 2753.235830][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:46:49 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x48)

04:46:49 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:49 executing program 5:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004081)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

04:46:49 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 25)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:49 executing program 4:
sendmsg(0xffffffffffffffff, 0x0, 0x59ee29f6dcd788a2)

[ 2753.750320][T23428] FAULT_INJECTION: forcing a failure.
[ 2753.750320][T23428] name failslab, interval 1, probability 0, space 0, times 0
[ 2753.788167][T23428] CPU: 0 PID: 23428 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2753.798646][T23428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2753.808720][T23428] Call Trace:
[ 2753.812009][T23428]  <TASK>
[ 2753.814964][T23428]  dump_stack_lvl+0x125/0x1b0
[ 2753.819666][T23428]  should_fail_ex+0x496/0x5b0
[ 2753.824364][T23428]  should_failslab+0x9/0x20
[ 2753.828883][T23428]  kmem_cache_alloc+0x334/0x3b0
[ 2753.833764][T23428]  ? kstrdup+0x5c/0x70
[ 2753.837861][T23428]  __kernfs_new_node+0xd3/0x890
[ 2753.842738][T23428]  ? kernfs_path_from_node+0x60/0x60
[ 2753.848054][T23428]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2753.853449][T23428]  ? trace_contention_end+0xd6/0x100
[ 2753.858806][T23428]  ? lock_acquire+0x1ae/0x510
[ 2753.863512][T23428]  ? find_held_lock+0x2d/0x110
[ 2753.868301][T23428]  ? sysfs_do_create_link_sd+0x82/0x140
[ 2753.873875][T23428]  kernfs_new_node+0x94/0x110
[ 2753.878595][T23428]  kernfs_create_link+0xcc/0x230
[ 2753.883580][T23428]  sysfs_do_create_link_sd+0x90/0x140
[ 2753.888983][T23428]  sysfs_create_link+0x61/0xc0
[ 2753.893774][T23428]  driver_sysfs_add+0x91/0x2c0
[ 2753.898568][T23428]  really_probe+0x13f/0xc90
[ 2753.903102][T23428]  __driver_probe_device+0x1de/0x4b0
[ 2753.908413][T23428]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2753.914251][T23428]  driver_probe_device+0x4c/0x1a0
[ 2753.919326][T23428]  __driver_attach+0x274/0x570
[ 2753.924135][T23428]  ? __device_attach_driver+0x300/0x300
[ 2753.929716][T23428]  bus_for_each_dev+0x13c/0x1d0
[ 2753.934601][T23428]  ? bus_remove_file+0x50/0x50
[ 2753.939399][T23428]  bus_add_driver+0x2e9/0x630
[ 2753.944108][T23428]  driver_register+0x15c/0x4a0
[ 2753.948916][T23428]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2753.955107][T23428]  raw_ioctl+0x172f/0x2b80
[ 2753.959550][T23428]  ? raw_open+0x510/0x510
[ 2753.963912][T23428]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2753.968877][T23428]  ? raw_open+0x510/0x510
[ 2753.973224][T23428]  __x64_sys_ioctl+0x18f/0x210
[ 2753.978010][T23428]  do_syscall_64+0x38/0xb0
[ 2753.982451][T23428]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2753.988368][T23428] RIP: 0033:0x7f410aa7c84b
[ 2753.992802][T23428] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2754.012433][T23428] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2754.020866][T23428] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2754.028850][T23428] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2754.036849][T23428] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2754.044835][T23428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2754.052818][T23428] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2754.060820][T23428]  </TASK>
[ 2754.063995][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2754.071340][T23428] really_probe: driver_sysfs_add(gadget.0) failed
[ 2754.078391][T23428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:46:49 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x2, &(0x7f0000000000)=@raw=[@btf_id], &(0x7f0000000080)='syzkaller\x00'}, 0x90)

[ 2754.096070][T23428] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:46:50 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000640)={<r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000700)='6', 0x1}], 0x1}, 0x0)

04:46:50 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x105, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xe)

04:46:50 executing program 4:
r0 = socket(0x1c, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0x40, &(0x7f0000000080)='vegas\x00', 0x6)

04:46:50 executing program 5:
socket$inet6_sctp(0x1c, 0x1, 0x84)
socket$inet_sctp(0x2, 0x1, 0x84)
dup2(0xffffffffffffffff, 0xffffffffffffffff)

04:46:50 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:51 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x1c, 0x1c, 0x2}, 0x1c)

04:46:51 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000540)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
sched_setparam(0x0, &(0x7f0000000180))
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f00000001c0)=0x9c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000001c0)=ANY=[], 0x10}, {0x0}, {0x0}, {0x0, 0x44}, {0x0}, {&(0x7f0000000f00)=ANY=[@ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32], 0x204}, {&(0x7f0000000900)=ANY=[@ANYBLOB="280142002600040025bd7000fcdbdf251601428081016bb3fd5566154a33b4dc79575f3840fe543b82e4aa63abae4b80448e8e3bcbbd5dd498a0ef8d803cfe45fd737268d852fe4b055bb643f96c4145cdccfdebf41a26525246775dda4e1637778e98d940cd12df4e42179eebbb9da63843ba62faf8abfc1fa68115e5d2e1778d513de4e2693f3201320d342659c466d5105e7a86b5534b00000000b43c63d64c37b5866d5d32c7bcecb60c296accf8f3a2a2aa94fdfc55385c84079a5d652b1aaf8cf57a1c63cde1c977a0e507874ef481ace18df2d62f511aefd9b38e2676a7bbc43821de5d8e5ce95295a28aa5a015750ada3326bd04c1db0a858c465172d6750256b19b2e0ad03dcf6db2ebddd6a296e7d4a83bdf2567e5494171e86179143f91374a2f0000"], 0x128}, {&(0x7f00000012c0)={0x37c, 0x3a, 0x400, 0x70bd27, 0x25dfdbfe, "", [@typed={0x8, 0x34, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0xc, 0x0, 0x0, 0x0, @u64=0x9}, @nested={0x25a, 0x2b, 0x0, 0x1, [@generic="6eb0bb36a529383ec4f8417fb4ca4ccc77475a3acb98e8eb81108fe0b3244ec8c379fe6a48a47af4785e0929532018979173d1c5c88b5d862d8152ff1ed27996164438421a312dba41344de10eef44fdbe743e0097fd7498f3cdfb6a27865a16d6fb460f081a578c60acb1e6da918ffab9bb65f6d8a0ac3df4ea01229367589e772f4e0b3de40dac2959ec869e78e5840d72431327398314e5865cda90d2872b6f140df6358ec5388d5c28c7abb73624086d4d9d3ec8e4bad3b4ed1ff57aaed9319628622024da6c8e5c4de1413b2663e681832e1d9bc061935e04b257789141511ba0ebb6a238819c7206b7fad81ab9566a180669a8cfb20f04d3a4e610380d596c40709a7fc84cf96698524d3db55a0ea91232848f897b44e6813c9a7e54aa9295aafd11e15afd2d8b8a07a6ed797a9375026a7f150cab0539c568adf489fbe0eb2c1cd0c83069633c981c51fd5a3d1710c684a426d917d97531061216ec3a45537b1f016ef4cc037f028c7da621e7e56a1ce204cf", @typed={0x8, 0x6, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="2cec0df4b79c75e9a093a372d043000905d18118c2ea30498fc6029465011c7e2a1ad1f4f47338eac746acff42c497f9f6452cbce59b807c7155ce176ad82928a7c33380d640743478061461d5ab0c4b1fafc331906c8e781c77c546ac31409294546cc4d3e0472eb9295447ca822ff391d37f12ae60e0397b7f1ee832ee43df4b6de2f960c4246f47a73ebb24a555eed05d014486c563a0c25e6500e29957e615f3b245dfff0172a11daec1e5dd36ac7181998812433152f3a374d67a98c01469b81804c2143d8a291dcc3e5986e47e02a4cf7fa2b47c51"]}, @nested={0x4b, 0x6a, 0x0, 0x1, [@generic="5d7d657ae52f6e2bda60b05d588b51abc4f98053693780be3b7bb2325b3a68712c8cefe70c1b9c62739d38a180fcd09303f5e516874882664508bb62f24525", @typed={0x8, 0x8b, 0x0, 0x0, @pid}]}, @typed={0x8, 0x2a, 0x0, 0x0, @pid=r0}, @generic="56effffc7cfa7e1eeff5cd07a8d69ca0f709a8da167b6bf516a128f27afa0486d4e131de685cd5bcd4a15b30341915134a027ab40fa2606219b13085fe9011470add282508891004686456c142bd5c6129018a860bf8fc0d663a91faad444398967ef64cbd9d3b58b65452705e58a44eeb94761a1185f06cb0886f473221d052c5e95f81bec0ec1c2d80e082812ebdf1b5a932bb3a260a31915a6e79132dd08ca55345", @typed={0x4, 0x60}]}, 0x37c}], 0x8}, 0x48d1)
sched_setscheduler(0x0, 0x0, 0x0)
r5 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000600)=0xffffffffffffffff, 0x4)
sendfile(0xffffffffffffffff, r5, &(0x7f0000000640)=0x2, 0x7)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff, 0x4, r1}, 0x10)
r6 = getpid()
syz_open_procfs$namespace(r6, &(0x7f00000004c0)='ns/time\x00')
sched_setscheduler(r6, 0x1, &(0x7f0000001700))
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x200000000000000, 0x0, 0x8}, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000d40)=ANY=[@ANYBLOB="21000000370200000100"/24, @ANYRES32=0x0, @ANYBLOB="01005be3125e7a86e86a20d7ac3bf3c1fd98c9c995070716e9dc579be4f064c2f81b416033189828864d8e61137190194bfc45dabe708faa5325e93b4d4e860c05dca2d3581be8c873d26f8c889951c74d2c37c93db41e5ecc7104d9f3339abdcd8c5092c9eb8e"], 0x1f)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x18100}, 0x1c)
sched_setattr(0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000040)=""/50, 0xfffffe72}, {&(0x7f0000000240)=""/52, 0x34}, {&(0x7f0000000780)=""/129, 0x80}, {&(0x7f0000000300)=""/68, 0x44}, {&(0x7f0000000380)=""/121, 0x79}, {&(0x7f0000000400)=""/183, 0xb7}], 0x6}, 0x40000110)

04:46:51 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r1, r0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x103, &(0x7f0000000100), &(0x7f0000000140)=0x8)

04:46:51 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 26)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:51 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
connect$inet6(r0, &(0x7f0000000540)={0x1c, 0x1c, 0x3}, 0x1c)

04:46:51 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2755.630293][T23481] FAULT_INJECTION: forcing a failure.
[ 2755.630293][T23481] name failslab, interval 1, probability 0, space 0, times 0
[ 2755.695413][T23481] CPU: 1 PID: 23481 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2755.705904][T23481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2755.715994][T23481] Call Trace:
[ 2755.719314][T23481]  <TASK>
[ 2755.722282][T23481]  dump_stack_lvl+0x125/0x1b0
[ 2755.727023][T23481]  should_fail_ex+0x496/0x5b0
[ 2755.731753][T23481]  should_failslab+0x9/0x20
[ 2755.736311][T23481]  kmem_cache_alloc+0x334/0x3b0
[ 2755.741226][T23481]  ? kstrdup+0x5c/0x70
[ 2755.745373][T23481]  __kernfs_new_node+0xd3/0x890
[ 2755.750276][T23481]  ? kernfs_path_from_node+0x60/0x60
[ 2755.755618][T23481]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2755.761048][T23481]  ? trace_contention_end+0xd6/0x100
[ 2755.766395][T23481]  ? lock_acquire+0x1ae/0x510
[ 2755.771126][T23481]  ? find_held_lock+0x2d/0x110
[ 2755.775962][T23481]  ? sysfs_do_create_link_sd+0x82/0x140
[ 2755.781569][T23481]  kernfs_new_node+0x94/0x110
[ 2755.786334][T23481]  kernfs_create_link+0xcc/0x230
[ 2755.791328][T23481]  sysfs_do_create_link_sd+0x90/0x140
[ 2755.796757][T23481]  sysfs_create_link+0x61/0xc0
[ 2755.801576][T23481]  driver_sysfs_add+0x91/0x2c0
[ 2755.806399][T23481]  really_probe+0x13f/0xc90
[ 2755.810960][T23481]  __driver_probe_device+0x1de/0x4b0
[ 2755.816351][T23481]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2755.822203][T23481]  driver_probe_device+0x4c/0x1a0
[ 2755.827285][T23481]  __driver_attach+0x274/0x570
[ 2755.832111][T23481]  ? __device_attach_driver+0x300/0x300
[ 2755.837711][T23481]  bus_for_each_dev+0x13c/0x1d0
[ 2755.842607][T23481]  ? bus_remove_file+0x50/0x50
[ 2755.847428][T23481]  bus_add_driver+0x2e9/0x630
[ 2755.852243][T23481]  driver_register+0x15c/0x4a0
[ 2755.857062][T23481]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2755.863275][T23481]  raw_ioctl+0x172f/0x2b80
[ 2755.867746][T23481]  ? raw_open+0x510/0x510
[ 2755.872121][T23481]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2755.877101][T23481]  ? raw_open+0x510/0x510
[ 2755.881466][T23481]  __x64_sys_ioctl+0x18f/0x210
[ 2755.886267][T23481]  do_syscall_64+0x38/0xb0
[ 2755.890727][T23481]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2755.896670][T23481] RIP: 0033:0x7f410aa7c84b
[ 2755.901120][T23481] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2755.920768][T23481] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2755.929221][T23481] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2755.937246][T23481] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
04:46:51 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x10, 0x2}, 0x10)

[ 2755.945257][T23481] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2755.953271][T23481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2755.961283][T23481] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2755.969318][T23481]  </TASK>
04:46:51 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000000c0), &(0x7f0000000000)=0x4)

04:46:51 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000380)={0x1c, 0x1c, 0x2}, 0x1c)

04:46:51 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r1, &(0x7f0000000140)={0x10, 0x2}, 0x10)
dup2(r1, r0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x1c, 0x1c, 0x3}, 0x1c)

[ 2756.072036][T23481] really_probe: driver_sysfs_add(gadget.0) failed
[ 2756.089109][T23481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2756.117631][T23481] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:46:52 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x1}, 0x1c)

04:46:52 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:52 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup2(r0, r0)
sendto$inet6(r1, &(0x7f0000000140)="dd", 0x1, 0x0, &(0x7f0000000200)={0x1c, 0x1c, 0x3}, 0x1c)

04:46:53 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 27)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:53 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000800)={0x0, r1})

04:46:53 executing program 1:
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="454eff236bbaadf352a3730b357f3b7993fc1b8e066f"], 0x15)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xfdffffff, {}, {}, @raw32}], 0xffc8)

04:46:53 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4004ae86, &(0x7f0000000040))

04:46:53 executing program 2:
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="454eff236bbaadf352a3730b357f3b7993fc1b8e066f"], 0x15)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32}], 0xffc8)

[ 2757.324316][T23539] FAULT_INJECTION: forcing a failure.
[ 2757.324316][T23539] name failslab, interval 1, probability 0, space 0, times 0
[ 2757.337941][T23539] CPU: 1 PID: 23539 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2757.348394][T23539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2757.358501][T23539] Call Trace:
[ 2757.361806][T23539]  <TASK>
[ 2757.364761][T23539]  dump_stack_lvl+0xd9/0x1b0
[ 2757.369408][T23539]  should_fail_ex+0x496/0x5b0
[ 2757.374137][T23539]  should_failslab+0x9/0x20
[ 2757.378678][T23539]  __kmem_cache_alloc_node+0x6b/0x340
[ 2757.384100][T23539]  ? gadget_bind+0x470/0x8c0
[ 2757.388770][T23539]  ? __kasan_kmalloc+0xa2/0xb0
[ 2757.393573][T23539]  kmalloc_trace+0x25/0xe0
[ 2757.398043][T23539]  gadget_bind+0x470/0x8c0
[ 2757.402491][T23539]  ? dummy_set_selfpowered+0x1c0/0x1c0
[ 2757.407962][T23539]  gadget_bind_driver+0x260/0x8e0
[ 2757.413019][T23539]  ? soft_connect_store+0x520/0x520
[ 2757.418257][T23539]  really_probe+0x234/0xc90
[ 2757.422794][T23539]  __driver_probe_device+0x1de/0x4b0
[ 2757.428099][T23539]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2757.433934][T23539]  driver_probe_device+0x4c/0x1a0
[ 2757.438987][T23539]  __driver_attach+0x274/0x570
[ 2757.443776][T23539]  ? __device_attach_driver+0x300/0x300
[ 2757.449343][T23539]  bus_for_each_dev+0x13c/0x1d0
[ 2757.454249][T23539]  ? bus_remove_file+0x50/0x50
[ 2757.459041][T23539]  bus_add_driver+0x2e9/0x630
[ 2757.463742][T23539]  driver_register+0x15c/0x4a0
[ 2757.468531][T23539]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2757.474714][T23539]  raw_ioctl+0x172f/0x2b80
[ 2757.479162][T23539]  ? raw_open+0x510/0x510
[ 2757.483511][T23539]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2757.488474][T23539]  ? raw_open+0x510/0x510
[ 2757.492842][T23539]  __x64_sys_ioctl+0x18f/0x210
[ 2757.497625][T23539]  do_syscall_64+0x38/0xb0
[ 2757.502069][T23539]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2757.507992][T23539] RIP: 0033:0x7f410aa7c84b
[ 2757.512419][T23539] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2757.532044][T23539] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2757.540476][T23539] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2757.548455][T23539] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2757.556435][T23539] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2757.564421][T23539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2757.572401][T23539] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2757.580400][T23539]  </TASK>
[ 2757.625813][T23539] raw-gadget.1 gadget.0: failed to queue event
[ 2757.632417][T23539] udc dummy_udc.0: failed to start USB Raw Gadget: -12
[ 2757.650936][T23539] raw-gadget.1: probe of gadget.0 failed with error -12
04:46:53 executing program 2:
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x8247c6000, 0x5)
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4)

04:46:53 executing program 5:
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x4800, 0x0)

[ 2757.673972][T23539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2757.707263][T23539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:46:53 executing program 2:
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
flock(r0, 0x12)
flock(r0, 0x1)

04:46:53 executing program 5:
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x0)

04:46:53 executing program 1:
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
poll(&(0x7f0000000080)=[{0xffffffffffffff9c}, {r0, 0x1}, {}], 0x3, 0x7)

04:46:53 executing program 4:
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd60100100004ec439cd020000000000000000000000000001fe80"], 0x0)

04:46:53 executing program 2:
syz_emit_ethernet(0x32, &(0x7f0000000280)={@local, @local, @val, {@ipv4}}, 0x0)

04:46:54 executing program 5:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/schedstat\x00', 0x0, 0x0)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001180)=""/4088, 0xff8}], 0x1, 0x58, 0x0, 0x0)

04:46:54 executing program 1:
syz_emit_ethernet(0x4a, &(0x7f0000000100)={@broadcast, @local, @val, {@ipv6}}, 0x0)

04:46:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:54 executing program 2:
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@broadcast, @local, @val, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @empty, @multicast2, @random="576b1f1058c2", @broadcast}}}}, 0x0)

04:46:54 executing program 4:
munmap(&(0x7f0000001000/0x1000)=nil, 0x1000)
pipe2(&(0x7f0000000300), 0x0)

04:46:54 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 28)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:54 executing program 2:
readv(0xffffffffffffffff, &(0x7f0000001a40)=[{0x0}], 0x1)

[ 2758.384578][T23572] FAULT_INJECTION: forcing a failure.
[ 2758.384578][T23572] name failslab, interval 1, probability 0, space 0, times 0
[ 2758.422799][T23572] CPU: 0 PID: 23572 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2758.433294][T23572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2758.443391][T23572] Call Trace:
[ 2758.446704][T23572]  <TASK>
[ 2758.449668][T23572]  dump_stack_lvl+0x125/0x1b0
[ 2758.454393][T23572]  should_fail_ex+0x496/0x5b0
[ 2758.459115][T23572]  should_failslab+0x9/0x20
[ 2758.463661][T23572]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2758.469183][T23572]  ? dummy_alloc_request+0x93/0x180
[ 2758.474444][T23572]  kmalloc_trace+0x25/0xe0
[ 2758.478917][T23572]  dummy_alloc_request+0x93/0x180
04:46:54 executing program 1:
syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @local, @val, {@arp={0x806, @generic={0x0, 0x0, 0x6, 0x0, 0x0, @local, "", @remote, "f1dacfca5845c46adf8538fc9d438f9c"}}}}, 0x0)

04:46:54 executing program 5:
madvise(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0)
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0)

[ 2758.483988][T23572]  usb_ep_alloc_request+0x61/0x250
[ 2758.489168][T23572]  gadget_bind+0xeb/0x8c0
[ 2758.493552][T23572]  ? dummy_set_selfpowered+0x1c0/0x1c0
[ 2758.499052][T23572]  gadget_bind_driver+0x260/0x8e0
[ 2758.504136][T23572]  ? soft_connect_store+0x520/0x520
[ 2758.509393][T23572]  really_probe+0x234/0xc90
[ 2758.513960][T23572]  __driver_probe_device+0x1de/0x4b0
[ 2758.519301][T23572]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2758.525255][T23572]  driver_probe_device+0x4c/0x1a0
[ 2758.530340][T23572]  __driver_attach+0x274/0x570
04:46:54 executing program 4:
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
pipe(&(0x7f0000000280)={<r1=>0xffffffffffffffff})
poll(&(0x7f0000000080)=[{r0, 0x1}, {r1}], 0x2, 0x7)

[ 2758.535169][T23572]  ? __device_attach_driver+0x300/0x300
[ 2758.540768][T23572]  bus_for_each_dev+0x13c/0x1d0
[ 2758.545665][T23572]  ? bus_remove_file+0x50/0x50
[ 2758.550488][T23572]  bus_add_driver+0x2e9/0x630
[ 2758.555225][T23572]  driver_register+0x15c/0x4a0
[ 2758.560105][T23572]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2758.566332][T23572]  raw_ioctl+0x172f/0x2b80
[ 2758.570817][T23572]  ? raw_open+0x510/0x510
[ 2758.575199][T23572]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2758.580193][T23572]  ? raw_open+0x510/0x510
[ 2758.584569][T23572]  __x64_sys_ioctl+0x18f/0x210
[ 2758.589393][T23572]  do_syscall_64+0x38/0xb0
[ 2758.593868][T23572]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2758.599818][T23572] RIP: 0033:0x7f410aa7c84b
[ 2758.604282][T23572] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2758.623940][T23572] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
04:46:54 executing program 4:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8970, &(0x7f00000000c0)={'wlan0\x00'})

[ 2758.632403][T23572] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2758.640417][T23572] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2758.648441][T23572] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2758.656464][T23572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2758.664491][T23572] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2758.672525][T23572]  </TASK>
[ 2758.675623][    C0] vkms_vblank_simulate: vblank timer overrun
04:46:54 executing program 2:
socketpair(0x2, 0x0, 0x5, 0x0)

04:46:54 executing program 1:
socketpair(0x18, 0x1, 0x6, 0x0)

04:46:54 executing program 5:
readv(0xffffffffffffff9c, &(0x7f0000000000), 0x9)

[ 2758.801086][T23572] raw-gadget.1 gadget.0: usb_ep_alloc_request failed
[ 2758.825876][T23572] udc dummy_udc.0: failed to start USB Raw Gadget: -12
[ 2758.847257][T23572] raw-gadget.1: probe of gadget.0 failed with error -12
[ 2758.882741][T23572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2758.914568][T23572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:46:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:54 executing program 2:
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
pipe(&(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup2(r1, r0)

04:46:54 executing program 1:
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x1011, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000000000/0x4000)=nil, 0x4000)

04:46:55 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 29)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:55 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000016c0))
select(0x1f, &(0x7f0000000000), &(0x7f0000000040)={0x8}, 0x0, 0x0)

04:46:55 executing program 5:
syz_emit_ethernet(0x42, &(0x7f0000000000)={@local, @remote, @val, {@ipv4}}, 0x0)

04:46:55 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000dc0)={0x0, 0x0, 0x0}, 0x1)

04:46:55 executing program 2:
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xd)

04:46:55 executing program 2:
mlock(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

04:46:55 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x40)

[ 2759.575975][T23618] FAULT_INJECTION: forcing a failure.
[ 2759.575975][T23618] name failslab, interval 1, probability 0, space 0, times 0
[ 2759.631930][T23618] CPU: 0 PID: 23618 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2759.642428][T23618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2759.652524][T23618] Call Trace:
[ 2759.655830][T23618]  <TASK>
[ 2759.658787][T23618]  dump_stack_lvl+0x125/0x1b0
[ 2759.663513][T23618]  should_fail_ex+0x496/0x5b0
[ 2759.668247][T23618]  should_failslab+0x9/0x20
[ 2759.672794][T23618]  __kmem_cache_alloc_node+0x2f7/0x340
04:46:55 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000040)="0c672dddac6c9adc950a7baddcaca6f28235264280d19c1ca16540d9b9d35ffc0333b6ac73fa655d82a8ffe2d0daaf68af061ad1b5da68e7dcc2a61a2bb35b9570384da2ba2c4a0067baab8d55a4810886bbb4ce58bc5e492091ed40b50334f95df116885f1f6f27918d04f4b743caa2fe162e3ecabf10e65615ee7f93c440ceb402805404936dd48529005b0a64898f139a381c85c64e2d0682c14863fdd758e2f96582aa218bb6f8c1b7ef161980c7f2f28b098123073a", 0xb8}, {&(0x7f0000000100)="fc03e798ca3b2443e16449884b3ac057afc00eba0b993472382f60512e28b16eed03ce7460d9565186a4009041b0eb", 0x2f}, {&(0x7f0000000140)="502cdeecde", 0x5}, {&(0x7f0000000180)="9660de59be4a38b234aa62ff5d96bf75f470a5407e9ea47f89afb9faed03dd7b925066262733baa60bbbf5c0fccf1b4de1e4579e76835957394b513d861c1bfa6bc96e8ff11ad37a69f034c1e226c23eff516d8482c8c00cff05d23aebac6a5267f7cd6acf29b42da7c42796928d8630c1add876f1fefa69dc39ee99a097b855609b958512b684122773819df2e3bcb6e7f4a5e7103faa42907f63", 0x9b}, {&(0x7f0000000440)="1a4bd7ffd25d9f8f35c45ef23f534a5f1c4f6d809190bc0099f17b13b5be2ebc104b8397223ff16b2292476eb257db94ea360aa6c261513cbf46f91f59412e141450465882afcc3a42a5ccf1cc359812306b70ea16040a7c2c27d08384021c51c309cbdcd11d26f2588e0477827c8a0deea0fd16a3a83449efd06d7daf0060046cef6f80333b89244d04275c3b9acbeae61291985b78d5204e180dcad65d44d6bc0b2c8d77b6efe92f4f77d141a421f02f9fa7da37e4125746ea29b31bd764bc754700ebe485434be2874a8e74272f8b3395c5798aebc8ec26486122a23f7bac715999c191038ff084eb242e0bd3391803456621f0903fa880fbef42be26d7798727d290c66a76054c0f326bac9477718b36b33fb893e6ebd0cd610f49788e80d7ab7b68479046ae93bcb04bae0f08053e439d2e5ced924c262fd9abf6fbac1595bdd4fea03cec1ac4085b7708f5297de82c8ad8bbeda1b034ea5cd4016afa37bfa243f60ce32bc2c8e08b60898fa47ad18cb7aaf4e5ed3295c7b01aa22baba0382b345916b3898e64dbc312156236578c7a396c19c31b2e93a810e700de25f6dc3384161927eb0202cdbf9453d6ba277a6521a2a8ad19bcf0d6b6a67a693b2377c2eaf9d53582a53ea77e2fa855d5c43adba7c20a189e85901900a6590da0bd9a0330324fa567a60e43b46cff812e1c08d51b2309b50b49d5c8a6998e4e2a62cedf82e0570de891319b5e7146df059867bb8745ac9fcc605ef6c7a3b344222425c4165c762556f08d15f86a9526dbc911599f31f2212834beaba6be4951eb14252473c73204b24a288c5dadc67606b73fadaaf4b98ca804edcd74773044da43c8bf2b5d365b7cd77593dd9b274cc917862c23d587c9e3c4b343f3401eb74cb5c65524d9e9e6510fc5dd3663727dc096d643d1f6bb67ef49d55efa1c5343764aa8d2d2bb1be5fe5dd45f99dd1d98f056624d1d9a1b23a4182ad250439670277d304642f3c0cfa0724bf44e3823057629c475d88da20a7e7175ab242d2f085a42b3aa5cdbfd943ceb89b8763b4024f787cf2c9b8baa24c5b5bf1b0d8aca4357ea27346293daf89e3b984d99e73eaf3e5a0276babac569652e7c5a4e7948ab9c7adf67a76bcaf0eaafe8a8843ccae3d055b9eb3ea1483e127c39ee389baa11d24c22ab1b30348212ad20e2dab2928269ee5a8b46635772ac324517cf1bd39def8ddf113d705f3092f4141f39200ca7b565797cfee4f01d464ca5d6a32614b6cca1c202946b65cd787781648fa24f27bd8bf8648480c67b32773f9f892c5e1e925654ab417232a782b45131d602117cc15e7633ab8ea8bd96334830339a4718d0b0f9a6432a7d46e66cf9b532dad33beaf90ae7f037d9ad02353afc0ff064cfa6af54f8cfef412c99e34d39be39906660e6bced17759f19c2cf939aa07619661bd3ba5343b5b39627c8837eb06161846bd15049d70b40f4b58f124ff4145179d2b61dec6f90ef480ea3d5fa8af6cf1e6fd6568629b28368767bc8e84ede496ba06a59e91d8d46afe520c0ed5b371cd82dda223ece24e640cbe775c67b6800bde438cddc6c9d713f03ddcea38916fbd93557496756ea102b91f0eadcc2ed652ecbda298fd97509460dd3629e41394cf07fddfa6233878c8e0236232823d8f33a3be3b06b2bb78478c55a049d4c4fa364d6d203ff9ffbfedaac6f81c5a90647ebc0891ea290e2e924950bc625cc5be6112f57dc1d7bcbf4610b9ab0ecf5519220f0b14e2ec1d91d2abdc812705f826d25667cf225ee8a5731756e414755127d07b008b98fa8335b9d77972f2d77bd0e0abc7e20d8ed5ed857af519ad4c246d188029b17933d97dbe16601836088171ac8a2962bf67a119a6dba844efa28baff29602381b3622746c05400333f238e0340f27097f574c8b20c65a43cce78257a74c3540f84d1a81d847b63340faeb9173f17e7ae88963207d66d7f381d1dd2c1975414bff0d320dbfada79996f188dd0358485c6683021b41cc346c29a39eb4a1e3da289169367099f3b2218fddab55b5d28956ef6cf822931ab0a72d4b920ec92f1b6e34170fe2c91cfc18fbbe6b5adfc5039061c8680ff30713ae16a4ce111b3b2f2597188e0986cd88dff3f8f44784fabe815d3af87544fa2fc679b9dbea1007bba2834972132dae5c7a0184a678f3e66273b651e51f1f1d0bfc762c7bfd6debab62464036ba5bec3a806cdae9582bc810c8308ca1645de17a1fd9351ece6c077f68ffbe5bb3d335007bd0c34b9205f101d10982801410890e89bd3b53cf51e14adc3daaa285ed9d4e823ec30d9aae545149ee790129dd2138eb328240032eaf534d31e18867a1679437ac214edf0306eaa9be8a257895176a361e84d61f8719fdd6ee3f577d1993c84341dd155c477f95fe0573b79a7d486b1e99465db733f95f672db9440c12c0f79aefbeab4f922ea3a1e3a2b802abd82b99d51a84be379d77ac9df9290c70c04d3d823a399d29190ad548cf8156f9aa2fbb52218827fb4325b54418a34001aaaa799b3eb402278d27ebac82f96fcdf49678c491f91534fc884cacc47087586fc97e594beaed0053697d39f2ff7cdb1597395fc1e41b6726ed03b44e1e84102a629115c16be124c3d6a1c7d853dedb3a2924e131eb1c0d068caadb8cc839fb8a0bf151391c446b19c3586b138827f0e2b6fbde5330162ac815da7db7f6bf304d497ef3b403ec8d481212a4d2fb2f3349ac73da37d13165153ef5dfd10e817dd51aae3857751a2ebe136d3e3aba784363e7952ad434cc987cc09e3b20058fe2338bbc1974e7d1b8a27447e090d9b162fac4897cccdab4b4d37a92bf15b077b05361b29b5de788068fe9de2fa0146ac8b53c66e110fedb70f3419c3e8f302b4aabdbbf990d873e0a74aa15223c3b465ac241d7b53d4d8d3142fb6bf2ac75b28cba0d82273fecd8da488cfa0504d4638e7c0de013276d06183f78f095b7fc863a53e58b324409690615b84a4eacc3638e3ff0dc5af1bb8bf8d07659fb49fb817d37a42ab987aadf026f7a42fcb09bd7570786722ddd267a30168c099891ddd4142b7323d6c7bb5bee4b9046672f1c5490aa5d12b402826ff40cb101c10096de5443b58d4715c9d73276f638886fe52f1a8c6ed7d99c26c6fb698a5117d0b0a81581f62668287ed320f9b6bf074c59d2b12b2ebe4e598816710bffa62968f87b28f72260babb9bedbb9f8d292cd49e458f1a998047717d7ea20466d80d871d2e0e90f88e44067d365b16e1571fe629bd73b5ca64f5f6b4bb3769ebc7ce76485e17526d3196507cdfabd4f4df0ebaaf119aa853d2acabfe246641f52ae32e114523dba9902a5cb4861f2304c1b0270ef6305a1f47acba7bf4ac3bdb0c52f1ecc50e28a99c1b1f03e30920cc12dcf4a9b97613a078cca29cdfcb8aac17076d47f4372075dfce08ca36dd9993c60c980ea8f9ab54d2e5bad31282cb5f548475a33c8f034b62e42ff3a733cabe78ea24df62188d7896bf2231d6ddcf11d1c540a9d0a9167db000f5d081e0ceb1e5749ff8b19acc8dc479984e99ab46d434670dfb9a1ffaaa22724246155e832e948924983bc4c57b0c988bfd0102ea956cfa2b561c2aa9b8c1d7bc8b9c2cb5719512b80f6081f636135278d315a32ba52c7725761bf0ff61d3e9edc86d6daba1dc68a837ab48dbdbd9fe710531b31677a3f4bf325f64fc5aef30943404a4501024cb0798e9fa50429ab11938258960cf3350f04259920c19a84533f8867946410d489e38479750006ec9589c4525f48ccecf42b726737395d7a8b97b77185884b12bebc0d670450099073b0ed266468a297e091e490cdf269726ff23d9384b159e0157d9317c7fdfa6649fabfc87ba14a9b2d5b65ca9bcb8222e6a01343658021e826127f0d82f989b8d277010a86cd85a8742741cdd0de0548c34f43ce54b8d3b6383529c447d1d6e24f4b23a121f94ffa52002fc8f7a52b21262532f77f9231dccef5a60988981925dfe7386f5b7168965d36014e2781c9e4bc14bf41f69dabc68c10827372fbda03d61f449795d51db35612350a27b4c86858a5eb0c1404f948892f4c169fe8c9260ae02d6091b382dabe825a78ae2de96912e4f834c6ab7df297abdb60f6c611faf09ff3fe0651e1f7380ec4f99f49196bf4638481a2ad38b896e6441dec756428396dde1c91d8377ef4d20e4a229d53ae5bbb12e056b184a408cff4ea32c26d35192f3d0151347688fee1ce76a261bfac56872a51d43dcf19e6c9f2c604a2574d4cb49dccee27f197bda655f115e0f56a4475e4dba3c22d4e285fb6dc831e0d61f5f578708449011b106bfd19f8fdff18e289be604c0887f2474921b79f81101e4543920fe99cae86e76cff377164982883e806445b7ac9b296e84fae1703c96368a6af74af3ae41ca646b1821e1422ff2737752dca7f1eaffdd9ce8261d77e502829b61ab56ad39cfeeaf2f6b22c0645eec3a3f9b8aa04ae5ab48a79db106310f6443f2bef1972f049f96aeb571404afd67775ceb923186b7ab3c352b65de8017b477eb6e91ded83abbcdc94e29b696d6c79b8231e9324e7f88272b44f4b486441de13a8ec4ae693a92e6814abcd46c074a297d2656108ff6c835b4376a84e55351ada8a99a129c34459312aff621de2e403262354393aaf54ca0d59421e70681a329c4944455a0ddf0def84ceec907c533388fd21dd291699a482c517f3644912a1513a0297a4b54dac13bc8322a3f6be5987f8900b85d49866798230fa1d6aa0", 0xd3a}], 0x5}, 0x0)

[ 2759.678322][T23618]  ? dummy_alloc_request+0x93/0x180
[ 2759.683575][T23618]  kmalloc_trace+0x25/0xe0
[ 2759.688052][T23618]  dummy_alloc_request+0x93/0x180
[ 2759.693127][T23618]  usb_ep_alloc_request+0x61/0x250
[ 2759.698301][T23618]  gadget_bind+0xeb/0x8c0
[ 2759.702691][T23618]  ? dummy_set_selfpowered+0x1c0/0x1c0
[ 2759.708194][T23618]  gadget_bind_driver+0x260/0x8e0
[ 2759.713283][T23618]  ? soft_connect_store+0x520/0x520
[ 2759.718551][T23618]  really_probe+0x234/0xc90
[ 2759.723113][T23618]  __driver_probe_device+0x1de/0x4b0
[ 2759.728450][T23618]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2759.734309][T23618]  driver_probe_device+0x4c/0x1a0
[ 2759.739398][T23618]  __driver_attach+0x274/0x570
[ 2759.744214][T23618]  ? __device_attach_driver+0x300/0x300
[ 2759.749806][T23618]  bus_for_each_dev+0x13c/0x1d0
[ 2759.754713][T23618]  ? bus_remove_file+0x50/0x50
[ 2759.759532][T23618]  bus_add_driver+0x2e9/0x630
[ 2759.764270][T23618]  driver_register+0x15c/0x4a0
[ 2759.769098][T23618]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2759.775314][T23618]  raw_ioctl+0x172f/0x2b80
04:46:55 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)

[ 2759.779779][T23618]  ? raw_open+0x510/0x510
[ 2759.784150][T23618]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2759.789132][T23618]  ? raw_open+0x510/0x510
[ 2759.793514][T23618]  __x64_sys_ioctl+0x18f/0x210
[ 2759.798332][T23618]  do_syscall_64+0x38/0xb0
[ 2759.802796][T23618]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2759.808739][T23618] RIP: 0033:0x7f410aa7c84b
[ 2759.813193][T23618] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2759.832855][T23618] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2759.841325][T23618] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2759.849392][T23618] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2759.857412][T23618] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2759.865421][T23618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2759.873432][T23618] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2759.881459][T23618]  </TASK>
[ 2759.884649][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2759.895698][T23618] raw-gadget.1 gadget.0: usb_ep_alloc_request failed
[ 2759.962088][T23618] udc dummy_udc.0: failed to start USB Raw Gadget: -12
[ 2759.989496][T23618] raw-gadget.1: probe of gadget.0 failed with error -12
[ 2760.002443][T23618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:46:55 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:55 executing program 1:
bpf$MAP_CREATE(0x22, &(0x7f0000000240)=@base={0x1a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x4}, 0x48)

04:46:55 executing program 2:
syz_clone(0x9201100, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2760.013936][T23618] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:46:56 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 30)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:56 executing program 4:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
close(r0)

04:46:56 executing program 1:
r0 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000020c0)={r0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)

04:46:56 executing program 2:
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000440)='ns/time_for_children\x00')
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)

04:46:56 executing program 1:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001480)={@ifindex}, 0x20)

04:46:56 executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="b263c9affc26f2a7cff50c21ed314d6b890f8d139339753b7faa99b2cee98028a725511d0a5b81edab926335cb74f5c30d2c30eb7d2d76de45a10a01b3692e4879294bd2470f8426f1d998942c89539255191beaf3eb5740c267874d3a1dab5e892242217804dc57789a2dc38bacaf90401ae49279cd8785855eb646d67ba161ed02c8cdfab950e49ebcc6a5de103526e3b5405d328ee5e01bea45cf9e2f79152044717020393629f83e1176e0a9652202008d9623387662408dcbb3ccc6051200e6e2f5bb6ed580a69f9805be9db0691daf32", 0xd3}], 0x1, &(0x7f0000000180)=[{0x18, 0x10c, 0x0, "994ea8665dd79876"}, {0x108, 0x6, 0x5, "a66ab69bb60dbaa436f7a1fa647ce38d73ebbf788b380ee5e4e1fbde3e03f1b57bdc4da23d6ea878f1e51fd461f186ed1db71e25e2a446c9246a34c577789d2bcd0c3228b23dc4011329a8b02e38cf4e3d04cf38ed3a4229d7064fa268856f0803e94090301d5a1b108ab3c1560f0d6cc9585a6477a3d6ede215ae1c5eec1e77245aeb6d510cbd67325b8b0deb57375ef61fc569d944e5efa4f63baf41dff43b61f0e7595c3c74db1d5ee1148131327872fcab20fd218da7368ad59bc5016286c95d322f373f75da53e24dad2efa3ee90930374e6971c9558f2532d7d93179782bf3e35460963284e3543427ac624675fde619"}, {0x28, 0x10f, 0x2afe5d20, "b9a99a72a9b2020316fb4fbef28421f27cf84ef3aa"}, {0xc0, 0x103, 0x4, "9e89965f61504fdead62a18a6534324173e12357223a35f69d31bc1c5f204de185a4d6c54075e5216155720121e6f72b59103d21d77107c441e4761ae839b700103337ff13673cfebc002cdf1e9a805d92cfa0f64d709fb1ff2f4406116f952fb66c5bfc9e209cfdcf81d0f884684a744d3b471fe5f0f1585f69f8bb083f0ea9ff6c804e150d6f49e734a6d74a4d6365e80360bf8814f571a780fa4e24a4a841620e87afdaa29edf8efd3d6e14"}, {0xb0, 0x112, 0xff, "d438c733424626ad3339fe52f829c264694e8f1886d22f74ffabce51cb8faf3d336716c3da6d36f2e0c46be8c379e3bf6172c1f212b815b56eb0343742fbf5a1c71fba4b83a077c02978624c0546bcdbf72d1cf2a31669ffcf5380c9af43a0443b6b3ad90e9a8f180b578a1f215138a8c235be0f068a047d3cb29169776d871cc5d2558e95d2b6a4e5494b06bc5202a37fe867cf641504a34da2df78054c5bd3"}, {0x88, 0x101, 0x8, "e7c072dad47677a7e131df7bc75768aa20feb24a45aefdba9f47c16d19ac3a758a48bdf641fbc8ee68c30c294f39308ada692698230b3e44b44314a5beca5fa637ad6b2aa38d066c18c548fe94aeb31b44170cfe2aed7a5475cd0b4240ecd802b9de7475d715e2b42c0295322d800970aed97057"}, {0x60, 0x102, 0x6, "722138768756644b0235ca9d8d389f65291f3a463ca5c790ee5bb1aafc42ef631ee07989c6672ecc7af99932777683cb20c0abe6305a7ae488597392ef893034b235da40dbbdfdf33bbbd437eec7432a"}, {0xc8, 0x0, 0x3, "badf0282835271e62ad992522e93d52a72004ae726af6092b68c04fa98c6a2c259e8fc12b38e3aad032fc8e3f9be74a758e7ff7dc580a5cc9721f5687706329306027ec1016c2e2eea96e3d3ab9a20ffdb863eedc729e95c4cfb4f82382671e2d7a17a0c3a82702f9d41a6245424371d624ec372388e6a56f4a74d1c2ad2d10c7e885b78b5010ab0b964b40aceacbd73d9de177f8f7c34f7e8a9cfcdd5410d9dbc6c113f3299005786bb49b93f407ebde5ce6cf06b"}, {0x70, 0x101, 0x29, "6f46cf9baeecd9fadce41b34c4ce5c70d4267f41ad370cb0f9252c080305422ddb789e24b7051f13a410f2bfe3331871fa651ffe30e08186a6d08afa315a517eafa524b923eff79dce0706f6adfb28a8cc971737f102a51e6c"}], 0x4d8}, 0x4004000)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000006c0), 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0x11, 0x1, 0x73, 0x5, 0x489, r0, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x2}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r1, &(0x7f0000000780)="5d0322d01eab2aaf6caff9b8cc665dba9b4c302bcaf1be3fa5a011c89e2f7661c99560796223dac1ac546dc57d843200fa742abbca27e9df147810860451"}, 0x20)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000009c0)=0xffffffffffffffff, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x1, 0x1d, &(0x7f0000000800)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @alu={0x7, 0x0, 0x5, 0x3, 0x8, 0x1, 0xfffffffffffffff0}, @printk={@integer, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffff47}}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xa}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @map_fd={0x18, 0x5, 0x1, 0x0, r1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}], &(0x7f0000000900)='GPL\x00', 0x1, 0x5c, &(0x7f0000000940)=""/92, 0x41100, 0x88, '\x00', 0x0, 0x24, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a00)={0x1, 0x2, 0x7, 0x20}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, &(0x7f0000000a40)=[r1, r1, r1, r1], &(0x7f0000000a80)=[{0x2, 0x2, 0x5}, {0x4, 0x5, 0x10, 0x2}, {0x1, 0x2, 0x2, 0xa}, {0x4, 0x4, 0xf, 0xf}], 0x10, 0x5}, 0x90)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000dc0)={&(0x7f0000000b80)="dc93e92478bb02d430d8765b60b6c5845f7a453f63cadd6ba1b6b570ad8b94e8e9a81924b0c516e66db1a198c268bcc701d75543b56db2a827b25511d6189901d0cdb61ee49328d9770a863063c11460eef1a4acdcf3d9aebeea1b9ad65378b238b9cb6653e63ae03464b7d88d423f5d43aebee4f8c3fe2fcb004f58b23ded1ac0cc49894709e04c9045123244cf5c8558", &(0x7f0000000c40)=""/58, &(0x7f0000000c80)="c91aa9e7858622256159bb783882134ec5445d0b4f2dea95ea4187b2afef449ec8752124dc8d6e712571d45e513e3bcbbbe36ec5ea3d34b67ba363f9475ac3b002b8e27a635ff5b7a9b38d0b810fde748efe6b7a6763021059d1bca7ae44e131fe57abaa6bf4975f8f", &(0x7f0000000d00)="4da8e55253c7bd8bf6de36e2aabe0346e2a874d8cc7aaf8c9758de9935f4b1933c4e5fffb36808dca47c95d01fcc2cd256fe2493adcb765e753dd1ef371dd45484288a70061716ff18ff433d27cae1a1612efae0ce386171d7d6e9f0af24a7ae9fff4c643512afe8020a051831d4bf9b897543a5f159245a887e1c52140d68f7570eadf5fcf466e0c6300abd920d00f50af04af0f8140bacd4e1933a6b708d30baabeb33", 0x81, 0x1, 0x4}, 0x38)
ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000e00))
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000e80)=@generic={&(0x7f0000000e40)='./file0\x00', r3}, 0x18)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000ec0)='blkio.bfq.time_recursive\x00', 0x0, 0x0)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000f00)={0x1, 0x6, [@local, @random="cfd4a99cae41", @empty, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random="8becc4799ecd"]})
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000f40), 0x101000, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000f80)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmsg(r5, &(0x7f0000003080)={&(0x7f0000000fc0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, 0x80, &(0x7f0000002040)=[{&(0x7f0000001040)=""/4096, 0x1000}], 0x1, &(0x7f0000002080)=""/4096, 0x1000}, 0x3)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000031c0)={@map=<r7=>r1, 0x16, 0x1, 0xffff, &(0x7f00000030c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000003100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000003140)=[0x0, 0x0], &(0x7f0000003180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000004380)={&(0x7f0000003200)="cf10a7afbdd28d9b6d502a69e7126adcb705ecc71f968d9fed02daede44c4e8c2a13a3fbbd1cf13be354ec62abadc5c0", &(0x7f0000003240)=""/175, &(0x7f0000003300)="deca0b8d60c31eda9e192467039a3c1095f5f3285c143a0dad849af11450cff00ce855c2c1c639a8d1803142db42516b044baa33d3a8711635405e6a33f0991546c230439783215a22c1b2a5480896baad23995da1a07089c018f486ece6d9501e4d2dfb2b470d2bb0fd06c4b5f25e684b6f69677293802e82f21d000ee9552b3c1d14af178ecdbb7bd3560dff69396f5e025c1a86c28b0b79d7e967178f407304dcef798c6217bbd816e45885491f2c73eab0ea7f3d38afbaa9f224d2be79e476cef18c098ecdffb02c8c2f34ebbf115d3636931c0196ae8ef5fc4abf344615b027d16101bea635726990200ec86b9b2c5ebeba2eac43e370e239f5890170faede173012840e6d33836c66e34ae6277fa1bf1d66e02254cd57ee75dc9757212fa86a517d00bb3395911baaca0fd52daf5251a29815c50afeb77718a6735cbd087565fb79cca007fc32b3d53d014b6c91f04553d438d8e11a512b9c7b1f5dc784de78e09ead15a1c75f3432abb05a048f3a85429ce8033527cbd74913e93b469b53b9453f59005c35d2124bf4071f22a41bee94f472aa7ad218fd64c7174460082639bc250abd83b36e519e9bae18b683fa64bbe4e35ffc6fd596ecb67c0aaf9ab99d691bcbf7a8c044596b69e708b25d3b411210886ced59bdabd2f7f65150bf3d358ffd8cdb7bc953d2b1127d3426b5c772629f8adb7478bcc835fd8d83946f2452254449985bcd73d094d0379e0de5c0f055e807f0bc00da0ad263667d5b602cf35ac8a741c437da58e8f0c8647ffae67d6cf80b71d1e161117a673c094e079e327f51766a99e3b158a14852451bc0b6baa4c194778c6401948ec9d48cb95942b91b50162682d2bca7abd61ed05716d4010ea1d25df08a00fe4577a8af5ac31486a15ef072905d2ad004fd490ffb8b55f6f68fb67a63b03bb8c58b0da8638ec720180d36884ca6fd3351f54082ef3231bc03c62c13599532b6b06cf9431a9b56ca177065c61afc3041d24bec529f668140149243cedfc7f2245a49ff49cc743e86328afd64149a9f2e8bc98b9d4740e50eedec264d830937ea543a0684746474bf1b28c1069905d702408a8f805ad30a22fa1917c483f65c962db0b7d5d56ac4d9b0eed4e7fbbed9acfe111f67832ec386252ae2023ab3879ef4ec3539cf8277fc9d88d26ec8f88a632266fdf5bc03f389d56a15b491980750b1416f51f3f9d7e6dd38c001bb0fc06877d9b00bfc5b1850100b827af3dab12274432d400fff71357e0f6d15f381a5bbc8555cd64ebd24b72ec7240b6157c443867859f60870e15160b33fce76a67410e5c6c67a3a63d42af440e617a2add299ae61430807bdbb224ab0ebdddaa8c9655260c70dd255109956ff839afdd6d37965cb8722fde31fd67f6d92a004a1ea3e18615911edd852c37ab52578462d8803e5931dfb957d7aa123e899a9f0f15ad6760242bd086ec930a40e88bd667e9cb3c8bc953f1b0470634eb600b094c84fc7f004c97a2310abd6fa494bb231a96aaca4e4727016c0644373a1f65ddb9e9648b162205bff86f4da8c186456e785b0b050bfea8254e06618ce1f02717205789c30f8df6d47c4ea2dced5298c12950aa2dbee470b6c295e6328b75d46a2ce23aa234ca7ad4ae67cee2d89713ef754a31012f45e9addecefa4089521bdef12b0759bd8cd65b6bf3b9613053abc22783af2eaca537fc38d2cff7b1a6768ea5f458e6fcd319a2edbceb9d42d0edc57eba71eed0b1011d0e6dbc1f8576213e828b6d866aecb72be43ea065635d7f660306aafc92609cca0b4f87ad0a13d622f3360e9f936160d3dd7298e775ffbe34f33a81b337f456d585f38d0a119c493a996b07f0fb50f24959c4484f59284e08886ecaa01ff5e85ee6196ee61e7ad604cd0d7e6662081c9b10bcf423fa9ff89570388ea72b7e694c0644600035d2f0d5cbe97f14ae03035656f135031e5e38667deab965cf8ceb4c80caeab1c93cd154aec3208b3eb45da3a3faf738e0ac9980a3a6d28865886773fb2e31a770ff84a2771c7d58710fa1aaec176c51e2e49c355f66371c6fb3ac16f9ea608cee306f5cbf2e0b2cc9ac65fdaebed3cfb0d855b43ab81c9c19d0d4199a0114cb93142f26dfd976f7439d16edef59dfa891c52d37bbc6c3d50c0a4c3e3af954ac985f44eacd45140768f90443084dffcbbc6c8e01ff1cd1f4b3c3e1dbae909743f532dd69c18990a8c0a8d17b278f88fd024a4b27a8d00163a86d7fd17b572b3f28832899262c5051b6b113c6e41351193876ff39dd4d4cd89742c27373bace33ac953e07aa1ea0eecb574fef389a4fa0e9c0a858be97250bdd01f4b39d5c2521632a6785eb7969bab1662f1d573e398e46855feceb588d6fd366b6c9a9e8323258458952690731e8aa6b475fe249d6f32eb66efcfe832289561a35efb04da44e4109fcbc8de92947aa658728649bc74edf86f198ac695bca113a63279394f05f4585438197745a506793a4828069e3ed63a603a57111dba63c2d4af5bbea9a69faada41e63c31f8062e266b831f35a85ff44226b6d7d73c1aca0f63d15d745b17233fa33f55703cdc8cd66cf989a2dd913e3f75b2333786059c1c5dfe8e3ae0e742489ceb215576c4f6099630f1cbc8e9ca8e92c9fd028e2b2537c1f166bc05b2d0f98f270ebeddf3af715a0e60ba144336bc931422bd2d8e3222dd4e3c6a5603d32fb41c3c588205bd04b4e78e5ac7e49b232eff3b61a89af99c41637c52458091c892cf96abff077ef01c6859e0b2cd250dbfa8af8af5c6713b74ea4434a0bc51f8c39e57e98d08c5a708be1e650c2ac797079a6474ef8d396b108f34e4d918ab1db9f5bcdf59a7f6edd06228acdd10cde05e62869fcc0d9ce07a0b0b11154ece7497bc1ee694cb5ded8370c283b7d4e96e203859ae08f340ef95fa3928048b56ea0e19a79a93d6d129ea4fbe9a7f58ac8e735ec12f41c9e9ce600d0ac66c0ed430ad7359a2abcfd70aeb439c88b3fd3a15c459575eb63769b9ed35d64c855eee192b771b4d791dbb796846d16377cc7bb10970e41e0a0a21bd3c4307d4e977610d58abbd2d39280b49d54646bc4a7ab895aa312c429308edba1c6a6a324d502724b581b4407d03bc360a92988df5dce0856677a464257323963748154d1b7c2105886192be77ab4b603f0e9f3e433cc6d774ad10b8975d2810e0de70607b4ec13fe5bf21001005f03b409462cdd9317ea9dc6f8e93cc900363787ee55bd251796316fee5951a72b202ee9e987a4400a5be347fee377c066eace8985b0767c864a5370edafe18af4bb375dfb6be060cfa7064d4bf544ba77d0393138eb49ed7bcd4a7ea947625bb0431e676ab49ac966f1e97be8104067ea48656a9fd43286ed77c0bf08b5f64d46dc54d0c7b7e9c899104d0034e5758431d1f4ac5cb3c7aab0c2ef06ef120fa86e09eb6c5e5d56627b6d6cf9bd33332d5445948638127938cc34570cb86a307890273fb1e26332c17dec9eeb294426b924b8e37614e9e40c6c67fbc65367257c4e48d94980239804238b429bb1eb03ca9ce18be7b78e532166c7af3b10592ce5461dd086f3938551671e03f2110c9ab19a2419ebce6b85e7b0a0169730b7d9b4b902fdbd25fa828f76f290bc679db5b9bbe36fd22d3493695f9694c9c696b4041bd675af6fd57322f6f6c3fab73ca8b520a6c32aac48fc6a11aa46621a418fc32955d65cbc06bd55cc80b472e7a6073c29b7e3cf187b0886b0b06cab6a515cf645c27f7292da51801dd07b4659e8442a5b403bf76348009f3639f1e77ade22e296d076ef9504a9517297f7dc18e32ead445509bb19c41d44a68544a193e8f0309d03face4fc4524dda2879ec82a3cea7142ffb9c15aab820a310a3109f00d50271ba3d508c4c66abc87cff0a083308c898220d0ac6ceba0e15f816fd6e857d837f3a36f0527b36feaac06ac1ff398abbc0e8e4762a186888c3b2771f3619ddd675facd4274adc854f0060891dd730e0ced1c777e11f7b244a0cf78a9e74e186a70bfd458c511675fd7d7e166d54f0c878629e35db6778a5f36f552b60bb93c08b9d4af0a568adb1354af713f4b560a90f960ddc5b17a2cd4ecfdefa2cb394d335d57a1cd56bdbb13e194f86b8fe212c2e0134c04220957d7cb714068f63b7339e6929d366243a8cf463d863dddbe999ab3d002aedbdef1241fbd16a1237b3edef063bc7370b38e84358f012db1d34fda78036e99a2814b3fc59ae782a178f115836800c254ff725131f111d7f6148507d46566990353f6166eb882ef1c17db76d1838e6c671d31367c81f1d431a1b3d2c913c06e02ccb3023302cd232c30b21be3ff99c6d95cdae674629da0645dd3018e5871e22c58ba34bbeccd5bf803f05d54c765f7a1a9fcd5d0e26a2a95eb19b54bfca68be71832ce278612f2c0013453a556b0d6f13cc8f17e3ae764c2a66ad72cd2c07e76dc728bb46b46a2f6250ac392f71d03bf330aa2c77cba574081f30817cc29ce01e9261aaa765ebe0243e72d9856c2bcda962b4dce8e6cf7a59ff194dfaabc4a7e5fadb97a8ca0a17e6c82c2f0892cbfb59834bda4d32ffe472bb76896d432d4ef793a3f34a23a6c7e0dc9949df8750174f302680f40e1416ae5a34c55be60630a549ea98b23d88cb519f71bd84a55fc9daca569ae65949bd24ac51fcbdb3fa8308462d7bbc12285bc21d250d5c3e10f33551a8e2bacef4fc7fad7c64ade9caf71927d7df717733da1395f44bccba9fd2e930383b1bbf6d68f00cb888062d12cc65cb811cee6e0d9b0136e98ef82ecf8061d17dd8e9148122c4abdf53b89cddaef5ac48ca4f5591e7da07ce0d2f915342c3e306392bdfc24150531f8df09752ffa7177aa723f26a1a658eb64c7eb25eedf6949fdf28cdd330d0ecb6d567cb4793364f56242214578b0e1a7ab688fb513d55a730268ecccecf788fd7c22cd4fde39e16c20ba9476fb38945f14bf37a18891aa8d1cd32c0dc94f90d0aaa8e9fc980acbcbced950a9d77ddd1f8adff3f5c3a6b324e4e71260b64b4eb4aaecdaf930db8ed1c526c506b8161129b682874faf5bbf099766bdeed4580bfb4a54435d83917e95df28122f90c8b80f5b2f4ba1f0aee4e4af6e09ee6a52264134aa2364ac5125aa723b34aa12ed6a779c0c0fce3949f7923593c0bb117a63e538abb0f1efc5ba204ae05cb57442de65a0f5d550a737c94138ef4296bd7b51a10b3843db428ce673eb4f6019f527056386c0450117d8f647488ddd6abc8cbf0d37606e760c0712377084047f9d35426270c40653a6b5fc56749c2a85071e1bb9d37d290d2bf048e5286eaf8ec211024b8f7340d00f114384339d75ecb67d2b9d76e0e905a372b8c5379232ea100d36bd69016ba5d62e36189a5d46474e766e71ff349c3e7423546c9f7187b3de23cd10a4341999aec8104c759855c34de4cd79c08ab55c3e2995fe3d3aa1296de222a09942c944d27794e6a5200a5499766b05651a8faeac454d8d6fd24795a3834a41197eff200259f78e58d7d0cf7d5db38a43774bb7ffbdabce4ef6b64577334cb4bbfc8dbf2445df484bf7cfab7d6f1aa5b07f9184c239b546394f637f37f7db955ed6e2410ad5906925a74536a8f5f28ee3e89271c7749108152e6db61acffb58fcb94d677d2a1eefc602cc16abe8f2379dfa92e042007989fb6af64803a79bfb8bcd935e3a6a20ab78e56ad4a4c842fb2b99e96fcb8089eef673c416920e688f646206d7e40cbcb6b7c47065f81ed8a414e5b5e4d83b", &(0x7f0000004300)="bba2bef7301e1ada8ee9b013ce9657d58b3d73ab67204a337284f7d38f3530070a0f51fbe243e139f72c3deee9b6b1d269486a78fdb2cd48823f614e9d4362c0f5cae1d17795f6e4580f53555f6a32758233fde1f237f52ef3772f", 0x1, r4}, 0x38)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000043c0), 0x208600, 0x0)
ioctl$TUNGETVNETLE(r8, 0x800454dd, &(0x7f0000004400))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004680)={0x18, 0x2, &(0x7f0000004440)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0xd}], &(0x7f0000004480)='syzkaller\x00', 0x7, 0x6d, &(0x7f00000044c0)=""/109, 0x41000, 0x2, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000004540)={0x4, 0xb, 0x5, 0xdf}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000004580)=[r4], &(0x7f00000045c0)=[{0x1, 0x1, 0x0, 0xc}, {0x1, 0x1, 0x3, 0x2}, {0x0, 0x3, 0xe, 0xb}, {0x1, 0x3, 0xd}, {0x2, 0x1, 0x10, 0xc}, {0x1, 0x1, 0x10, 0x1}, {0x1, 0x5, 0x4, 0x2}, {0x4, 0x1, 0xb, 0x6}, {0x2, 0x3, 0x7, 0x9}], 0x10, 0x100}, 0x90)
sendmsg$sock(r6, &(0x7f0000004c00)={0x0, 0x0, &(0x7f0000004b80)=[{&(0x7f0000004740)="3d3a573dfde6092f07d2eff68d721e42fbfb7b5c135e8e022bcd4451780e74be2b62d680c0072ca42f58bec9c7a8df49a7e30d1492050adc929289d437b7e41dc8fae1dc6c5d66b2b46a4c775053d00184980052b31d119a61c5", 0x5a}, {&(0x7f00000047c0)="5ac4231431aa520c01a196e16fe07941f9364eae3e60b52d3ce4ab645cdd0fb094413f200015eeda598f6ec642ae501e8e6c4a1a3392c9cc474a74a95e83376cd5203c9fb7ff2c33b3a9106afbb9d38811ce45056e9dcf134673f6b9fe0f5d3e40aa7bcde1bd7450abc361a2dcb9e4e1163b6f89a2bd", 0x76}, {&(0x7f0000004840)="f3f486fe416b2eea04f932412bb3923208be3faa9096e4af2929b8a5a2e32b7e2f5e049832b9c37ed20368199e227ca066b2ea69bb7605d3aec5057a668f8866b62ce7482b7a43209f918d3514879ec4d7cc03df92989b1e434367014df75ecc0104a28f5468f590644fe5a82bd0db6482deba1336dcf0d7a8b7f6dcd9d91f999821f5c20687f899bceb3ae031d6e44c5296db0ba1473368f2c8bf2ad20606cbc625b0e2f48e2df1b7a991414777c9970b60a2292a048e6b56643cf0b0bb9cc89d94c21eba5e0c3a5c2072", 0xcb}, {&(0x7f0000004940)="7fab0751b1c2b6c4210000a1d2232ea9f83e57a5467c", 0x16}, {&(0x7f0000004980)="653b15d32b66a9adb49b7ed8e66bc26585346da2d305653154299b97f4487908a9f10cb2b52ba3fbdbaa6fa646d421a6127a69a3fe0aace72069059720fbac36363e68cbf68e2ca20359a588d34f09567385b8ae1ea205b0d15eb9cd4c1c3aa876033f32d4fc72111ec655fa1df89faa41325e8999a8e1da1ac5b48a3b8b3282439b5a521bacc981627f421249e543a10542b232471d069ab9646c69b264d5870932e6f14d1ad7c029c99ff3e5b894fa17dcb7e7b63c4534734e7d641f5d1956a7261d2b96aa920d326ff67e6facbb370c3b5f8d9f55", 0xd6}, {&(0x7f0000004a80)="749df32cfe61bc73881f5e1ecc1d18027a51ff0f950ab1dc3be1b87383763490456816e60c2d1ee52415d37d753aaa99d4391526f65d620cb3e95434e194e5926000dab5f51b57a7c4556db7c1e0bec1c3efdd4645670775f40b40447ff8eb465054cd2a7e41f7c74f1921a22a3d5f9130d30150f484be057c43d769c6a27215fa13a497308d4a01ee539a6c92f3b0743201958631fd50e4e58de1f046593e04134d543b882789ae3b659fb44d3a13e2d8045e1ad170e2ac6d53fff4ffd747b1c184da4502a8c17408aacbd0699aa7016c4fd525", 0xd4}], 0x6}, 0x60000901)
sendmsg$unix(r4, &(0x7f0000005f00)={&(0x7f0000004c40)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000005e80)=[{&(0x7f0000004cc0)="642a7efb38f7ecb6b024701406978da46dc775c1ea4968c286272174b82e3f9510aee43fa5837b0671be851b09b5234f1ab6442b9bacab2bf0", 0x39}, {&(0x7f0000004d00)="05ba8486ad0b00451e735ea85c56860e97a451a16495663c025bfea3f297021784eea042f768223c4f4c227bb637764f1db9cae9fa1a4f6f3e1273570e94d3f90f5a96137f6e91269fd1c348d90fcaf5de0039a741f097430c934234e874b994295d2f390318de63a961345b7ce86f255ac708a62015394a8e21a1dba15749572a4f591c472cb7c86ed51a6b05ba399bf15fd2e0ac74010c5dcbeec105cc50cee0be093ee7f8320394dd18f6cfc1c98de9293b3bd3f43daacb410f6cdf51495c6c1679a68e4d8e6826bf09eba36b1ce1150090f76b4a1ccb1510b7167f501856cd9a91a58024ae2cfe2f7edb11038b40d1d184e7bc2eda7ae93891ad76673df4c8c5ec2f8b7943e38176297f9f8ee62f286676f70ecd6a1e123c8b6123ae5695a3a2552ddd454dd9bf798f8fe95aaee823b10d85660c3c9fb28af6bc50ef4c9d457b1cd79de46e8351d3f805b70e6f88ef2bb13ed8d5dc48e87f90840bc9ec103b4608ae9c4c30dbc2047e89853d42e4126a54f6891d39818ee7c0c68b50e9c01ade850d2264eca2103193b7d6b4fbe188b7995a0b9ac6235b61868e9e0650c0ccefb0b6c53955f153b609f2d452208c570748b8794c97e750cff0fbcfd41fe35f590be7a827f432a9a389c12d632c8f5f15d8edaf39195fd2c0660b57f241410a7fa9c5c6a3ab74a9b84e2d6c303837b5c94f2b4ee910aa6ada398a1a636182f9c90a1fd24b4d5208f397a1e489ee10cd6911888bac82fc52b3b42932ce40103816a0db228dc8a316fff23c8694c25c2d3146c3f553073723273c15b60ace661663471d344a4ce1232d90677ad50b565269cb378de10f0a2ffcffe9f8ba38744274b25f4ad91afbbb4628ecdb91d783b48ce86d4403893336c1a870218754c6d2b2ac4c5fab5a88cdb16377fd01a0077ae4c8802872d42bb58388a24ba9ae0a3b1fcb19c99cc166f51ea9609d68fc2fc10597f1a75c7c628596ebf2678ee649e986414cd058b04148852a6de33efa7aab67002bfce17182534a7e2b1976bb56deb8311f1a66028734ec2c6cc6908d33a1dc5f5539c7b0083f977a54fabcff18f6be08372380eca58782d0084be3f04aab3405dd1310f51994185f76f22ee55a264710a0d61a14a8bc5c9e58954eb05610c80d0c253e59deb3cd15728d9eea8ff6bed6c6e8a47f0567a1024d19424b9f389b4a044c0ec53619b4db06cfb8cad41b3f9856b0d1c59180597b9f78deea60dab96cc12cb5f72d3747a84b9b31277b260abac5b392dc48adc65091cbcf6f7878e03812599b4a0c12c46eb3674a9fe58397bc656497f525fead8940b1bb319e36ed5da3eea5e5a9e685a3b42989793775cab4333ed8383e67041f702fa973f9b33e7dca690ada3f29094bb6becdff145831752390e98481b4e70254e01457430e78133dbae18a5de9bb7bca7217515a225192258e8fb804bf498a4fa61a48561f3e778183bb683d75777e9fdd6bc74fa4b61cad0507429fbc1eda8cd91fbd446ffe35c0daef79e7682268f54bd690bad6b98ed3b0d0b3029602fb82a3c5d69f5946ea24b0f94eeadfa02b1cb17ac4446942ba1d4f9a61ce29b155c08fbdc8983d2dc7240233ce18453583ad6db8ef23777a948e4ef5580e2c29842ee05d8d54ac6cceaf18bac9006fe9db079b9a3586dbc0fd6d5da57d6d3aa32ce88972a0f14e4ece494773a12521fe9781fbea2f7413e84ca77c09a0a0f00e727f46010d2dc45d37f936c70b6f000f7441f8847046ac608add75c493a7f18c8049b85ed47af920b19d96641539053d894efd8f1f9363da91dcd97c487f7c931c18336e46135fba423a820bf23e9baa3bf1de8d6432dd608b48da34fdb0c2a0e561ded7e572b6a5e2188f768a96ea3b49f40395769bfda01e5027dd77aed4948e2f86d90a3197360fc89a60d9f2991056f53ea2ddcc5e617d0da59c9ed56dafa97700a1c56f796e20ce2d45b3f5e7882748ee7517eedf4ecd9d3e17db8a75e48d18fc1d0f00ec8486bacda7d30cdb429c11cdcaed84138333b65398c031a17237f449e63a6d2126c44a7c23dc972215aafba15446bc31e7a57f1a0c05227e9d9d0f60e64b0a2e7fa9795c7436d7e8985a0db06d7c33387e23ea8b130fb93551a0401068fce826e472e479bfd1a66c5f40e79357445712b58515348b8914e78e7e3b092f2d5581c07d7f82be252e05204846a2aca6bbdd14ed8112bb4a5942bb1b6b9a518718705a2af452b47426ba0e57a32edeec3ea42cc9720214f83e7dec8f29095bd8851311ddd932b13b61694f5f0146d8332c822a5b9d585365993b2360fd1087f8fc0bd6e301c80dda144ceb4f86e3c7f06a26951c25d570e47014c2140167acba86ed140fa88db8ff43adddd9d9ef8cd8e5ba7a58378b80aa6a0ed6c53fd6a36947cafda8e3afa1829fd1cc8ee86f0e2aa4b0dc4314e5ddf1054877d539b969ec84e9f80ba8b2e9254b57014b0ac85009c285c30ef76eb58263016cc63a6b3dc229a0062e3ba555137fa311583cdb45eed8a82452d08af62d0b499848ca5a344993a5e0ffcc89d6b1ab127e10792538a4413ece68f988235f153d779f8e47b0da6a19140e24481d2a4a69b7fc14ef0a973378fb389fb9e55c65b33a570f020359e55f55ca5fd7174dfe7c073a8db828ef3c5fa5edb7557a30b8f4856892708ceb93e6c564dda94a92004477153e8b74b9d55c961ebe36c6be9cb5324c2d5ec93aa70f09adac9c6007ceab5db61896dd47b7270c6536850566d3d83c0c60b2f9bd701bc943f2976573447a64cc04e1b370c8a9480b4d804e76ef4f7a448f8a347da412d0aa715998d3d98d70bfc3afd157ccd3b7964abf8d739a2fe51a4728d750f5460c7ddc9f42c15ea69d7e940459c2d5add3bd82d46586b4f1da06a22215b310fe6d6ecef3668e4f20f394e91ea1f07a7a4b601ad98ef83048af8d715f7142d2c0e747c46dbffb47ae988550fcc4e413e93cff993858d7609b09f80c7cebf3bd18ebdfb15f8a8bc8c5f422eb66465a6b9be46affeb612b358dfa4343bde67e70fcdc2570767ba935d83ccb0a3f1748c8a7d4467698f3a3d4bb5fe2af8f128c2a30868b7072aaec78aa0cd67b0b4a07ded3d97cb0c0949f84ba3b87bf736f625bc805e597e8c066d023373d5238e526409b77679b46fdfeaf67db62dc8bdaaf7c9e8d49d45b5a62c3da9e0028567a9fa4392ff680e23e09e79ba272276f695845e1e3602302bed1217708be09d401bc0b709e43085c4aaccf346bdd54386ea18cd356b76c245604578180c375b04db964ed428153abe56bd7c7f62d4d520b26da7286f31203fed94f3294b955c16933c796cfdfb67af023fcb475d3f18ebeee84191878a4ee4bd87a71f446d3526bc49ce26abb69a78c95d5600dbe7d1fafd9004c9ab1f3d59c0c3db39d73687c6127bc3e64d5ae93d591e6ad78cb13ba1a8261ddb5f98f94c33d0c8bb874d1ba2745052568264556ce0fa0b3021bd97f643066339e3853c70e921b8cf5c840e862abc101b6bd3b1119785b568bcaaedf24780d05005510e5d8fd42267d19ed5145af0c13bc4b7f9a1af617f627cc5ff19121afade7db92e0e90db44552ba0905b7207f514619e5296992aa5d846970039272d8d5b391da6dd08e2734016fbe08a9374ad5dea337bb9b4654d2c60f4daa2ef1cc3498b4dbec7fbef94887b9dc1faad7fa9209d1b2a0779808354cdbe22d125f7ad313ab7ff83b4eca9a3209d74b50949b58d79a4c097400c954779668e9067cc2095038afcf36dcb6c8f4f7dd1e1029544cacb48b82cecd55ec400ed3d9be34e8a48629436e8e1d3f7f33c8c8d79e2d6b9ddd4f31e76c24d91683c4f0bdade55ef0051986cfe296d594d6ed811fdacfcb4b9e9d24b4f3432015cf39862767d2a89e262633b6ba4e519722960ac527ed20e14b77ee0489adb9a2082ca8ffde70e0939e2dbd298692a123cda3d7a9f86ff58829979c26806ec8efcc122e796713e98537dd01a68f39b5e29bd7a25529d20d4f3d4fd8d76c7ff60296defb99b825d6d71eb2ff911e5f21f3d3ee66c849d22afb2a18961af6665a9bbaae294577efb8ddf32dd37172981011f356b0e4ea1dd019161c08c9a40b833678874146eddd67f10f44bea20ecc824a18ed47b6a36a69048ba4e4943a0da3acf6424ae945eb9cda3fbfb88a5c1effe9a696d03d0d86cab7833ca334918bd2b452255786c623478415823d7dbfe695cd5d57175b814ac7c8ac6ec11265b7f7e253530c31f9db1c65fd9273c0c131f7bd8938b5e74f24110d74d4ba0947a1fcca633551254789cbd5dbdb0cb14196387216dae7cf45e39549b9e4838b392746a33fa6223cd95fa394c17d5fabb99bfbbdb80dfa902529149f4272ee1a1fea9041ad4ab6c6cd36d70ea44d34b1d5aea6731b842f4149c43893229e4c1988365548bf32dff7eaf87f12d7bdf98027aaacac56c4b3e166f741fff6d9563d041cf5947b64594256c2f384aaf18ad857cc4084a6378fea7e37b2469546ff59e9639e495a659775a76f9f02b86791645234552a66d261f4c13f7ea5abf25f2f2265534cc589c3e29c8759de630235df825c2605be2a70a71b617b1e1e628cb27e893b0d63c5401dd8435417015b3ef7ef1c80ecda31721d5a4d27c81a8815428d161d37cc5d12731c37c89737b7424827872030932b0def52b327a8240cc278d51aadbc36079795b4a3d49a6240b365220fbb1d91c0c5fc0ca5aa4132e53152eed9b1caf63e346263cdc73bc67629a9697082b2d7b70fdeb4ed1823859251be5e8f51afa0c4830eb12958d7c0e0c8d3ac295a22ec97dcd867e081a9a973e37aefef9a78be843d1bf44f7c78dcf87fe577bafe916b1dba8314641230d383c9f6584eced763a2d04810540fd1f895d81db80a567137c02ee047d26bc91a4f8287cbaccf0fd99018d9e47a1c71d27f64d1c7337747a2756dae006da170fb6bccdaeb05929e8c00715d8483538b63dd049a7e00d453faaa7ce3874148dfbce6ef790492c8762e241ab808f7286687d21271608d00c4ce9c9a1ff9e7ef4bd4dbebd4d4f93b7255eab2d3139a373d2a628a825e6be80a134e6319df7c6c80092452191c19f10f709df2bfd7280aa7d4a5a6f383e6973a02ab26838674db3b0f807f704a663ae5e828dc576880c3f3fe91449354960167898793c9f1477212bb446c02faf3cd99c90ed3b5370a744226081e9d15eaad5386b915624509efbfebcb139ecf07fcabdb22e487b9ec72b77e08349fa5ffc1e95b93e3190c49e8326f45ae60530e5216a417b818d9c7e4428714d0a932775926d48d717fd02579134a28bd68edbdc7f2abfcb8c371f3f14c61854424a62b8a39d51cebef9537c9e9d26237eefe1c4a2eb992202452264301474d4b41ad5abd2f489018dcf7869cd458e70235d7b4d9c64d927f37a753c6534e09ba6e30fafffa9cc691ce358fb8569fb614080c99794bd0536b3b5d33936edb471b42369c06cc40e3bb4c0cfef02530e9e7340aa11d6498151f43bb4e0b12f351c9a7f76b96cd11f6182f0a8f28e800c1091aae0153386e211d486cc5e2d5526faa8f11b6105e5a8e0bdf5ae24ca627585b0d77c6b4a491ba1b78300d44b63514747d0f52bad363eb019975d210f74ad0c6922ef6ae61aedfa194436421a81337185b8aae313ead80f020f85a718eb66a8ec099ccf018ab11a966cf4c9e550cc90e3423ec4e33106580cc278324c4cf2a7c9d727403eedba664fb44a508c27eab80f0f8558e81efe77268f6bdf0", 0x1000}, {&(0x7f0000005d00)="d516ee7d6997bf616afc5614f86f54bdb8c9684ffb7c3cbb407fa448c3c1be1ae4a574c3998cfa0d241651891a1c33a4519209e0ed74f64c36f37da6135055cac020d4ff1335f05b9bc344356578f8435b48c10a66ec003234192bab9ae0eddf269da133ddebb8c4ca2bc942cc534b8a436786960b6686d13afcc4d946ebf9a589c7a903c581fc4c4ee307658a204cce4bdef30e01b750b83ea2ec0b485436b585bfe34938a3fc3f42691939c60e888f631a29305e37e941a893dcb576dded7f3a124f5847fa4d8036", 0xc9}, {&(0x7f0000005e00)="9d9797d508a4aa471f76d2c074ee70be0c8a202068de3c1f972a56f4ed39b99a3ba2cd03c9219c335e5e81bebf71452cd878072d0bd4fe4b6b3299a8ff4c30db0077732273078d47a33d2431e03a22cf2842971126a6873041a779f47fb17396942447033f8ad1fffd6ea8e6", 0x6c}], 0x4, &(0x7f0000005ec0)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, 0xee01}}}], 0x20, 0x20000000}, 0x4)
sendmsg(r0, &(0x7f0000006180)={&(0x7f0000005f40)=@nfc={0x27, 0x0, 0x0, 0x7}, 0x80, &(0x7f0000006140)=[{&(0x7f0000005fc0)="6ffbf9f0f81e3ca6005c7d2a7a17499a146e4df84122c6d092a9121b7c69cd59068a1559be8bc94c970e4bc85fb6a1895960910a7713c5f0f2e37f6b5febb130ee38a4fbb575419f959d7730f7f3fa15578d630cc99185729396f8184b950c3d235302d666d5ebaf1f899682308a19b289c8f8a7a16ab6e202e20dd37e604e4fcd98af87c125340ca6464992d564510df9c0a735975b634fc3a0b1ffd4edd8150de2415f56ddf198ff5b8aa53dd5ff8e797f67470a1ff92473b6fbebe429eebd30068ea7424f5d7b17c4e182", 0xcc}, {&(0x7f00000060c0)="6fbfff0f2430b3bd03cd4dc21a", 0xd}, {&(0x7f0000006100)="88d660e48ad69ecc0f5bf29d31ef73d927f1e58a3d44a99decf435bbbe77e4c061007bdd90477083", 0x28}], 0x3}, 0x8800)
r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000006340), 0x4)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000063c0)={0xffffffffffffffff, 0x8, 0x8}, 0xc)
r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000006440)=@o_path={&(0x7f0000006400)='./file0\x00', 0x0, 0x0, r3}, 0x18)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000006480)={0x2, 0x4, 0x8, 0x1, 0x80, r7, 0x4, '\x00', 0x0, r4, 0x4, 0x4}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000065c0)={0x6, 0x7, &(0x7f00000061c0)=@raw=[@exit, @ldst={0x3, 0x0, 0x3, 0x8, 0x6, 0xc, 0xffffffffffffffff}, @call={0x85, 0x0, 0x0, 0x62}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x0, 0x81}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6}], &(0x7f0000006200)='syzkaller\x00', 0x7fff, 0xd2, &(0x7f0000006240)=""/210, 0x40f00, 0x8, '\x00', 0x0, 0x25, r9, 0x8, 0x0, 0x0, 0x10, &(0x7f0000006380)={0x0, 0x10, 0x80000001, 0x8}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000006500)=[r10, r11, r1, r4, r12, r4], &(0x7f0000006540)=[{0x2, 0x4, 0x2, 0xa}, {0x2, 0x5, 0x1, 0x9}, {0x1, 0x4, 0xe, 0xb}, {0x0, 0x5, 0x4, 0xb}, {0x1, 0x5, 0x9, 0x1}, {0x4, 0x4, 0x5, 0x1}]}, 0x90)

04:46:56 executing program 2:
syz_clone(0x4b180000, 0x0, 0x0, &(0x7f0000000180), 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)

[ 2760.672162][T23652] FAULT_INJECTION: forcing a failure.
[ 2760.672162][T23652] name failslab, interval 1, probability 0, space 0, times 0
04:46:56 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001400))

[ 2760.714176][T23652] CPU: 0 PID: 23652 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2760.724669][T23652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2760.734759][T23652] Call Trace:
[ 2760.738069][T23652]  <TASK>
[ 2760.741035][T23652]  dump_stack_lvl+0x125/0x1b0
[ 2760.745766][T23652]  should_fail_ex+0x496/0x5b0
[ 2760.750496][T23652]  should_failslab+0x9/0x20
[ 2760.755044][T23652]  __kmem_cache_alloc_node+0x2f7/0x340
04:46:56 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$unix(r0, &(0x7f0000001800)={0x0, 0x0, &(0x7f0000001740)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0)

[ 2760.760565][T23652]  ? kobject_uevent_env+0x24c/0x1800
[ 2760.765915][T23652]  ? dev_uevent_filter+0xc0/0xc0
[ 2760.770969][T23652]  kmalloc_trace+0x25/0xe0
[ 2760.775453][T23652]  kobject_uevent_env+0x24c/0x1800
[ 2760.780628][T23652]  ? rcu_is_watching+0x12/0xb0
[ 2760.785441][T23652]  gadget_bind_driver+0x70e/0x8e0
[ 2760.790526][T23652]  ? soft_connect_store+0x520/0x520
[ 2760.795790][T23652]  really_probe+0x234/0xc90
[ 2760.800361][T23652]  __driver_probe_device+0x1de/0x4b0
[ 2760.805704][T23652]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2760.811563][T23652]  driver_probe_device+0x4c/0x1a0
[ 2760.816637][T23652]  __driver_attach+0x274/0x570
[ 2760.821458][T23652]  ? __device_attach_driver+0x300/0x300
[ 2760.827057][T23652]  bus_for_each_dev+0x13c/0x1d0
[ 2760.831957][T23652]  ? bus_remove_file+0x50/0x50
[ 2760.836870][T23652]  bus_add_driver+0x2e9/0x630
[ 2760.841604][T23652]  driver_register+0x15c/0x4a0
[ 2760.846425][T23652]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2760.852634][T23652]  raw_ioctl+0x172f/0x2b80
[ 2760.857102][T23652]  ? raw_open+0x510/0x510
[ 2760.861476][T23652]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2760.866465][T23652]  ? raw_open+0x510/0x510
[ 2760.870835][T23652]  __x64_sys_ioctl+0x18f/0x210
[ 2760.875637][T23652]  do_syscall_64+0x38/0xb0
[ 2760.880100][T23652]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2760.886040][T23652] RIP: 0033:0x7f410aa7c84b
[ 2760.890487][T23652] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2760.910137][T23652] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2760.918592][T23652] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2760.926594][T23652] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2760.934605][T23652] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2760.942609][T23652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2760.950616][T23652] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2760.958725][T23652]  </TASK>
[ 2760.961848][    C0] vkms_vblank_simulate: vblank timer overrun
04:46:56 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:56 executing program 1:
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x3810, 0xffffffffffffff9c, 0x0)

04:46:56 executing program 4:
pipe(&(0x7f0000000b80)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$alg(r0, 0x0, 0x0)

[ 2761.241065][ T8761] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 2761.651269][ T8761] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2761.861278][ T8761] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2761.870424][ T8761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2761.900867][ T8761] usb 1-1: Product: syz
[ 2761.905193][ T8761] usb 1-1: Manufacturer: syz
[ 2761.914421][ T8761] usb 1-1: SerialNumber: syz
[ 2763.061269][ T8761] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2763.071273][ T8761] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2763.090791][ T8761] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2763.482666][ T8761] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2763.521510][ T8761] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2763.568830][ T8761] usb 1-1: USB disconnect, device number 62
[ 2763.584993][ T8761] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:46:59 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 31)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:46:59 executing program 5:
mkdir(&(0x7f0000000000)='./file0\x00', 0x52)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000080)='./file0\x00', 0x190)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)=@generic={&(0x7f00000000c0)='./file0\x00'}, 0x18)

04:46:59 executing program 4:
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000009c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)

04:46:59 executing program 1:
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000940)=@generic={0x0}, 0x18)

04:46:59 executing program 2:
socketpair(0x5, 0x0, 0x0, &(0x7f0000003f40))

04:46:59 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:46:59 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001400)={<r0=>0xffffffffffffffff})
sendmsg$sock(r0, &(0x7f0000001640)={&(0x7f0000001440)=@nl, 0x80, 0x0, 0x0, &(0x7f0000001600)=[@txtime={{0x18}}], 0x18}, 0x0)

04:46:59 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x7c1441, 0x0)
close(r0)

04:46:59 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000003940)={0x1d, 0x3, &(0x7f0000003700)=@framed, &(0x7f0000003740)='syzkaller\x00'}, 0x90)

[ 2764.161035][T23739] FAULT_INJECTION: forcing a failure.
[ 2764.161035][T23739] name failslab, interval 1, probability 0, space 0, times 0
[ 2764.229997][T23739] CPU: 1 PID: 23739 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2764.240476][T23739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2764.250560][T23739] Call Trace:
[ 2764.253863][T23739]  <TASK>
[ 2764.256823][T23739]  dump_stack_lvl+0x125/0x1b0
[ 2764.261550][T23739]  should_fail_ex+0x496/0x5b0
[ 2764.266282][T23739]  should_failslab+0x9/0x20
[ 2764.270831][T23739]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2764.276341][T23739]  ? kobject_get_path+0xce/0x2b0
[ 2764.281335][T23739]  ? kobject_get_path+0xce/0x2b0
[ 2764.286324][T23739]  __kmalloc+0x4f/0x100
[ 2764.290525][T23739]  kobject_get_path+0xce/0x2b0
[ 2764.295344][T23739]  kobject_uevent_env+0x26b/0x1800
[ 2764.300521][T23739]  ? rcu_is_watching+0x12/0xb0
[ 2764.305335][T23739]  gadget_bind_driver+0x70e/0x8e0
[ 2764.310427][T23739]  ? soft_connect_store+0x520/0x520
[ 2764.315686][T23739]  really_probe+0x234/0xc90
[ 2764.320249][T23739]  __driver_probe_device+0x1de/0x4b0
[ 2764.325571][T23739]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2764.331434][T23739]  driver_probe_device+0x4c/0x1a0
[ 2764.336511][T23739]  __driver_attach+0x274/0x570
[ 2764.341318][T23739]  ? __device_attach_driver+0x300/0x300
[ 2764.346921][T23739]  bus_for_each_dev+0x13c/0x1d0
[ 2764.351824][T23739]  ? bus_remove_file+0x50/0x50
[ 2764.356644][T23739]  bus_add_driver+0x2e9/0x630
[ 2764.361369][T23739]  driver_register+0x15c/0x4a0
[ 2764.366182][T23739]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2764.372369][T23739]  raw_ioctl+0x172f/0x2b80
[ 2764.376820][T23739]  ? raw_open+0x510/0x510
[ 2764.381169][T23739]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2764.386125][T23739]  ? raw_open+0x510/0x510
[ 2764.390467][T23739]  __x64_sys_ioctl+0x18f/0x210
[ 2764.395250][T23739]  do_syscall_64+0x38/0xb0
[ 2764.399687][T23739]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2764.405599][T23739] RIP: 0033:0x7f410aa7c84b
[ 2764.410025][T23739] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
04:47:00 executing program 1:
syz_clone(0x54a89400, 0x0, 0x0, &(0x7f0000000400), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)

04:47:00 executing program 4:
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000e40)={@cgroup, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

[ 2764.429643][T23739] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2764.438072][T23739] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2764.446051][T23739] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2764.454034][T23739] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2764.462012][T23739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2764.469989][T23739] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2764.477986][T23739]  </TASK>
04:47:00 executing program 5:
r0 = socket(0xa, 0x6, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x29, 0x22, 0x0, 0x0)

[ 2764.721012][ T3987] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 2765.081488][ T3987] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2765.261096][ T3987] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2765.270173][ T3987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2765.290977][ T3987] usb 1-1: Product: syz
[ 2765.295151][ T3987] usb 1-1: Manufacturer: syz
[ 2765.299738][ T3987] usb 1-1: SerialNumber: syz
[ 2766.451213][ T3987] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2766.457671][ T3987] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2766.467488][ T3987] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2766.861521][ T3987] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2766.890810][ T3987] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2766.925236][ T3987] usb 1-1: USB disconnect, device number 63
[ 2766.948668][ T3987] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:03 executing program 2:
r0 = socket(0xa, 0x6, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x29, 0x21, 0x0, 0x0)

04:47:03 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x14}, 0x33fe0}}, 0x0)

04:47:03 executing program 1:
r0 = socket(0xa, 0x6, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x29, 0x22, 0x0, 0x4)

04:47:03 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c40), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x14, r1, 0x1, 0x0, 0x0, {{0x2}}}, 0x14}}, 0x0)

04:47:03 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:03 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 32)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:03 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x500, 0x4e5, 0x4}, 0x48)

04:47:03 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10)
socket$inet6(0xa, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0)
write(0xffffffffffffffff, &(0x7f0000000a00)="5220be5d2885b4e2e30093eea00e0ebaecfbdb8615609fa416cf166e665302357dbad60fe9489878694feaf8717d5fd8cc1684741d6790c93b055bb2ac7d7dfcecc5ffd1f00c1b805d96c3f143d715db417c19a121532365fabeab0a8057e5eebc97232015593ead0efcb02fc79f21e30ec38a8b63e100086f9ea9fb3d65b34afd5098a33d011a19740796c9184cee8877af9cdadbbc5d5c119e071961b6235e42f37eb5af0d43a95109f3bc0ff0d955497127ebe425f5e57c2744627583d303c1e9c29400a9991e271c5ec3438e459ec2aa23912d37fc9fc2caeceec60a818e4f807606fd69c622742064d32375d2a6e06f55db12a96f1dfd2b5b616544108e0cd1aada5de4c9f4ffb3e8a2198aa78499cf7df817bd2642f7f2fdc40dadc8aa8b7fdaffe345392b2e66a81562c5f8731ba3489aa4714aeb0d559f788e531021e3b2ff7d5717efd7e0d30d1390a5f850802262fa7788fded7c018ee60bd04ea19178ab67214b2a8e90b806bb910591bc527b48e62b1eeddf09e0f8c16e8fccb3a2eaf01334bd8b7b4262fd8d63c62cfab2cb9ac5842582ba9d6a87a6aaad27cff633bf51ba08f960f6ca2870bd2cea99f788ade4e703e81cd6da4a9a68e5535b3f42328e7b39a4cf59f51cc5cd2d82c517973f6d94cdab2040bdedf027f032b1325f92f9007763647140d146a490cd566ddc994ccfed320e30b07e344f8f86a23f03b5170c66b2a5ac3282fb8fdfcab7b1861d5596db8c6d90cd8293d0216a8244b538d60baaa2231a7c31619cf0a7cef9a487952aa17aa61b775fba84ebaefe10126e2f0dc7cb430f60394c77215456424bbe93fe28f942a169c57d6ddcad4a703f7f8a802c6ae1ed0ff02ef41a8b3a9d6dfec0c8c0f0415da7276d0f943a0e77298a322fc396572ef4d8693ece6899ca265e0d7bc587c7809d15a90ae1c319c0b29d8ad2a0a5e051615cca7ec089694c10d5e0a4de6ef41ea2d5a9c7a21ba6311ba8c23d26b0f6198609113989c9611fcace95707b42146e03f0592a80788016b03b7d6eaee72028d686053c1578aa61cf3a6eb65ed47502785932fcc8ef0f49eb91495913968417236d8d2429e4cf1367ef9a3d024b2eccf194f87e63e28ca1731a1dff2ff9b389ee91c62215bf2d2c6747650e074a64ed066af76b1d7ff64f70aa85fff1c3eec6804b832f57918f6e66ee81d87de5c86e6bc19f9087b06027ec261c78c81cf9f6890bde071560471aee379747a76f62d3ead4fedcbcc516ba776de20602ec1ea706bc8932070856b2bfc32fa479aea3acce6c67bd4ef04b4bcaa4b6246a9c679a8db1a54e0331433b22ad1413d08d22e1df47689bcc621ae1f777f62ccf6cfead255d67ae595e6d217901d3e02b05bad7124778a1053d6b4c10dd0353fbf684766b90541f577a2b4bb075bfa2f169848baf7d31b364e56ede2020f576afbeca402be8165fe662e697f7cf794c422f6c5e62bed5737785241246f56ad3e1d1a523e9b661260128fa23e1e1afeaaa50397076dfb8b655c7f28cbf6048dc726cbba4be4d0f873973ecd2e8bc7a7232fff49e45b49b12b6f9d193237efbe78b2292faf167517e5b3f62e64442bcf70435acc7781ddc007298a5fc53c44241e9cb89df044c70ee848bbeba420d978381a8079606c14175e106196920efd1f66fbdbe04e61be38911a432970a5da3de1eac3dd15f0b1e82fb4da282baac2e417db17b31d20e3c8226070088e0b83fb71c10caa5d4936dfbe967d697abab3097778234aeaf7b8647099e0892ab1d58c8dbc377228b149b35e2703adee83b485f48d1bbe5e77afbf23cce317eb300c5d4e4a3dd6c15d5b0b97a8d930140b90d9ffc3949f36874f75f3dd9a5eee0dc65e615f53fa81442e1e29f823faa5e5e4f5ed2cb7810f77c1ccd2fff28c1c72e16a6b0e76e34fef149d77649bdd86431168d08b617180bd3d9c5f6850d3882bebbfd33b9ef838fe9e6b460e7e0d6016141ecf1b8bf9b583e3ff1c09fc40c44b8d34a8b4eb89049fcb88e6e7ada2f65c70d88466f6f88e28af1990670757f57a1c84fdb372b29c585ab6b3972cc1fbd26d56cfb18a3c7dc3e1334e3426890b951f4d6b1e0846605d0ebf9483dc177f5c2be41a33bb8d1625dc574043f1a965adb50aa451b2f031a1738d53854ead2376142c364435d05d331639e6726ab5c8cfd4e18ed6bb39b2d4f15c85457af28f6aa2d9441e35002ca7c840918e8ae0d03149a38a5b7105b3ae115fd9da826b5cbe32f61dc9a6cab386862385ccacdef201e0140c75656278d293080b39ede49e1bca4c6647b279a1d1550303a5de1b5a7dd7d58bd751479d6e147514b1a98532ded919ccfd8ddd83af110e7dc5b0bc2b7b04cec3c2a29357b10f594b9b22c846d8c9545b647f377de5984f1025b4dc2ecdf393f883a0eb53c7e9ca792d80399fd538953716d321d90170407aa9b591062791ddaa2a8df1be5b83e85cc883fbb55fb93dea13abf89b276bf6f8407f703858c453feaabd2be92a4d2a67b1da83a852cd1bf68041f161efea14a7a6bebf42fda406170a214bd10f2b35eeb09a86609ba3fcbc9689c85a969d23bcf54df90e036624aa50b89249537786d71ee7f5ab934ab11bbd965c0d7c1281e9ba53bd1d324ac0b2454bdf7bfd39e45a896a9b62a687e4a11833c3da1891b6c4ee41d914aa790896a42e83d6fcececbbdcd5f216eb57d7a9106687dedce40842bf009782f93d3a7910f81f21b1cd3af6a1b056920060e1eb7b43b20b297de2494e274f3b28433462d257cf1692731fb3abf33b2f4036c42f59f531a881644932d9f108557b950bc0d60f1c10776cb65ef8b715a72a3660f926143375a25aafe249194847428461f2c5acb09856b042dea5f365ccb93158caf5a33b548833dd917f09d00dc4d7badf7932ee59bca6adabc468aa81a05473b7a136af1fc232797a1549961b7fd90f0ac4dcfa25695631a7891ccd4529f7806855dddec825bac7cad8c84da3509dff12cebdc80d7109660728677733316e7104e825990292271056b54f335b478806cb5c51e6a8db65170c3fe0d133c773bd16cbb45b2baf3d8e7b36cdb623509ed2231a262a35e03cbdd2d51a5d45c5ff4b042fdbab95b7d54307a370b26882247d6750ddcc84ae21891c3722b56b0564a98c254bf9907ba586b581b74da90725c2ab70a1929fbcf688fadc5f33e73e9552095ea392cb2175ea7c0fa4d280bbf8fa239bb97bf4850b964b1511502110a6efd661fd1a9620a5c06893721223c04d29dc7bd0f7033e52bd0b21a899a5365a0ed1a29b1bffca0d114761556ec2238dfe9e3592e50aa3aa9f31fe110ee5d4bdb312b6bd781181504e7227095526198df63b1581c6f905502279955c6090707c847f54c01fb7e795a10cb5d7aa74e747757b362406a83dd815d0e13bafcf0f3444ad5524ac8d360f221c5a38eee4a9fc1e1ddf6dfdbea32604ad533c79497e01ba9fc9762396487216783692378f9086a1904fff57a8df9c2fcc624ee368f066c595ab24b7d52654f6775e00475fd41e0b5daaa922f68d6851639b73de38f0dedee31208707f73c54937fb63e22d14690e73016dd544886c7c9c3c6646e2f1ade475774dc495626754e462545c78644509b22e2113ad1930597c6bce91626a947c83d1ad7978777785870c2a0e053a422ad4e0cebb836c705c0a0e770c9908847714a279089755439ce85b4658417a46a088cf7745ced1d43ee4658cd60e577248fbde50d65f3ce2f1a183656a35682b4bfdb24319dc5e8531756560695ac95aff16a1e533c8daa7423b2a87571f980e3f197a4f4a05d367b6bb29177e18dc2a5473ebbe2623797af0ed65a0dfc9d76d14894d9173a49fae793edfbdc568ee019b89b5d901e9dffff2e51ba59a2af1072221e781cd834a3d6126583f441ec39134d701f5d4c2240bd3982141a72ed7d301f9093c3e60ac31a81e4258b9b82c6f6d2e4ebd038d19db64100cfecec9076f05354333d262c6eb738c1717bf61ed1dc12f0e27c18f52aff5db33b977a8882d3ffd35644d367ef06261d630113caa9c5b79887399ecf956fc5baee107b88202b812de2e6d9da2eb9ea1f9ab6768e85a1d0275da1d7664924cc26687b0965b714ec4ccc56404a1f9fe134a2d1a909f770cfe98ce32e3d97fdc92dad4328ce8c7e934b996efd76369e9304c297d3bcd5b20f5c6e260db6611e9ddb47e3d9796d25579f5b2b73b839bf49649d64140365bec79495d496b3a40bb3f168a22aca0638cd1bdbc713fb1e5c0e410bb64996f45a47746940f03927c49bb6f4713ee1ae1af14350fb477f838a936c49a8b25309272cb6f2cd276d2b2a9dea079d84a4ecdffbd1da655d31949a7d65ef057cf3fdcf4a06a0b08f8b7bd52d19c5e67937ff86b7bd8211e4ef7a403915f01f27877570051f5b5e3c0fbb8286dd5c86d35a5a90f5ce75dc8224965e338c1f5c3f95676782f6092b3dff4f7dff0f64623dbbdf20c3b33998726b6be1eb88107fa1b2ac8052062463ddb8c3770fa4d482254d2ca4bedbd4441af543589eb19d77d4b116fec9badc23e352af0423476947ae7727dd3e06d1cb132bf95065f5a8a7c9509efce23dacc01f42e754d780ba40bb97b82599ebc6329a7f07bb610af7fe4fbf7af8a2ec6e1855be6f410fb6b77db0ca79e5f1ec68099d26b492772c2dd5ff0186f559ac26b232df2e9161ee7a4646292551bc06ce2d162255bf1898c65e2c65bda57b5862f9035c30c2eb37bf91b58c661feec32279e533628e3bb10d07d3b24b4cf6d71ace3325acb3c34d30630da4b8940098e34168ff2a3c67ab68f70899502d75e09eaeae1fdbd85f02780becb686bbbcb5342f58abb7883e708b5a810e98f210a530528d9d6bc994261f8a072385ac53a94af8cbccbfe99573a5e84ccf12e43d46157214af6508138cc11900f4dd982baba1b5fd120b9a24befee0d63419f7059ca7a9325d4fc577cd71b10d81658a49af93ed0b3ee1c9887952634ab208870e26cff470317dd0e90f4e20cddb3e0d443c5b6c8f8c5d0346d14e8b3a867d8942601276c0ff45516dbe10074f6c27de94b5d8996a6c9e78f5fe528f4aabe7ece551da64e0bb2d09b1813bf129339d8bc0572075f421b93f04f6ee0927a9e6ae93570312b20cf8fd442f224ce881cd3d8f47d2624eb7b040200df6e2b716cce44bf3660baf942ac7276f49ed9bf5794cff4f46fbdf42b9583e4e07f5fee985d1c15c66c3bbd380e5a10457059280954faf93b6154108dda4df854646127d938accae078708864f45c6f2f97842a75f08b2b3229796ab0d989532e800ae675c5f8e34d7deb54d900aaa89203b9bb554dcab3f351a159e3e3a4e874c1263b901b7916e1270a6ceb5f06d5dfc77b17657c763e36ae9eab3891b82868722d2e3d907c8205f3ebe3f91814bb019fd036163bc8f142c25a2b950aa471566d957ed69091c4176f7db52c075f8af3f0d2702d181d8ac8475e4e7778f13a97f8ab0a32b40772e6f76346463c8f5bc739fd3a18ed89afc61a139669e6f297205224d6f7727eab6f904417d48112e9b533c0cdc6788ea19207c2d04534360edcd7553599af4a5614849581005a490fee0bd8165087494e3d64cf71d61bc96ae0c2ab8decc8c26ca62ea3aeebca1f10fe853ebca129423aff06f8632c3b6f12fe9021293d4d4e85061d0b672846d9a0e3dd5b735221815c3642f896cd5cf7b36e4a14a34a86582db91c3b78067d2616e125436e9655560db66de3d65b84b63124549", 0x1000)
r2 = socket$netlink(0x10, 0x3, 0x13)
writev(r2, &(0x7f0000000000)=[{0x0}], 0x1)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="59e3ef14000800d27d67699fd0eda58de240b4742169925c16aa3556438f7c2d63ffffffff96031cee6c9f0200f053242a46e9986acc230118594f2bc3c6cb8cf3bd03cfb131f8273419035e8b5f7c3fbc4237a9b9a69ca8ed1b3eed25564091c2fcf964a9d95a4f627e013a04d510f6511b0d0553551f9283", @ANYRES16=r3, @ANYBLOB="bd7000000000001b000000000000f446e21ce29033605f74a0f53ff6c281fd2cf66a2ff4f0b397f105b06de44e482f0d98f221353763e906e7929c81e6a56554dffbef785412aef46ee1750179ba458470c0893d46e263c381d939a762d4f43182b613e0d6c5c615284c52594681251e2ad9b49980c23ae8ad509bd5eadcfa00b7b5393b3ab46e85ea2fa8678282ceb6d64cfdf39222d345c47f68592e8ec140e829b18dc22ad7e0a5cb87651878cbe9867b1398731898"], 0x14}}, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x0, &(0x7f00000000c0)="45b46fbe7fdca862f4484ad916fa919c93ce789aa142d489c5c618a242a6a6562e8410232a1a30da2dcca2d0023792d730311c7f6f52fe2c476b50a2cf43dfbf1bd69c74423ec5d003355b58735f7d1e195da755909b013846d77d0ce825bda2a5ba9952e169374b01829b61e5df3494b127b514df0f65cab0aef36090977d88130c5944645a291fc7")
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$poke(0x5, r5, &(0x7f0000000800), 0x401)

04:47:03 executing program 5:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x20)

04:47:03 executing program 4:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
connect$l2tp6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x20)

[ 2767.542525][T23795] FAULT_INJECTION: forcing a failure.
[ 2767.542525][T23795] name failslab, interval 1, probability 0, space 0, times 0
[ 2767.574522][T23795] CPU: 0 PID: 23795 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2767.585005][T23795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2767.595096][T23795] Call Trace:
[ 2767.598409][T23795]  <TASK>
[ 2767.601366][T23795]  dump_stack_lvl+0x125/0x1b0
[ 2767.606088][T23795]  should_fail_ex+0x496/0x5b0
[ 2767.610811][T23795]  should_failslab+0x9/0x20
[ 2767.615354][T23795]  kmem_cache_alloc_node+0x384/0x3f0
[ 2767.620690][T23795]  ? __alloc_skb+0x287/0x330
[ 2767.625337][T23795]  ? find_held_lock+0x2d/0x110
[ 2767.630155][T23795]  __alloc_skb+0x287/0x330
[ 2767.634629][T23795]  ? __napi_build_skb+0x50/0x50
[ 2767.639538][T23795]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2767.644984][T23795]  alloc_uevent_skb+0x7d/0x210
[ 2767.649860][T23795]  kobject_uevent_env+0xc20/0x1800
[ 2767.655035][T23795]  ? rcu_is_watching+0x12/0xb0
[ 2767.659846][T23795]  gadget_bind_driver+0x70e/0x8e0
[ 2767.664929][T23795]  ? soft_connect_store+0x520/0x520
[ 2767.670186][T23795]  really_probe+0x234/0xc90
[ 2767.674753][T23795]  __driver_probe_device+0x1de/0x4b0
[ 2767.680086][T23795]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2767.685936][T23795]  driver_probe_device+0x4c/0x1a0
04:47:03 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000180)={0x0, 0x0, 0x80000001, 0x0, 0x0, '\t\x00'})

[ 2767.691013][T23795]  __driver_attach+0x274/0x570
[ 2767.695828][T23795]  ? __device_attach_driver+0x300/0x300
[ 2767.701426][T23795]  bus_for_each_dev+0x13c/0x1d0
[ 2767.706327][T23795]  ? bus_remove_file+0x50/0x50
[ 2767.711152][T23795]  bus_add_driver+0x2e9/0x630
[ 2767.715881][T23795]  driver_register+0x15c/0x4a0
[ 2767.720696][T23795]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2767.726908][T23795]  raw_ioctl+0x172f/0x2b80
[ 2767.731373][T23795]  ? raw_open+0x510/0x510
[ 2767.735742][T23795]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2767.740726][T23795]  ? raw_open+0x510/0x510
[ 2767.745100][T23795]  __x64_sys_ioctl+0x18f/0x210
[ 2767.749912][T23795]  do_syscall_64+0x38/0xb0
[ 2767.754375][T23795]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2767.760316][T23795] RIP: 0033:0x7f410aa7c84b
[ 2767.764759][T23795] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2767.784406][T23795] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2767.792886][T23795] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2767.800891][T23795] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2767.808903][T23795] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2767.816903][T23795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2767.824903][T23795] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2767.832928][T23795]  </TASK>
[ 2767.836052][    C0] vkms_vblank_simulate: vblank timer overrun
04:47:03 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}, {0x0, [], 0x2}}, &(0x7f0000000240)=""/133, 0x1a, 0x85, 0x1}, 0x20)

[ 2768.051061][T17130] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 2768.511126][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2768.713396][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2768.723119][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2768.741036][T17130] usb 1-1: Product: syz
[ 2768.745246][T17130] usb 1-1: Manufacturer: syz
[ 2768.761082][T17130] usb 1-1: SerialNumber: syz
[ 2769.901243][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2769.907898][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2769.915866][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2770.323703][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2770.346153][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2770.372495][T17130] usb 1-1: USB disconnect, device number 64
[ 2770.395041][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:06 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 33)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:06 executing program 5:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETAF(r0, 0x5453, 0x0)

04:47:06 executing program 4:
syz_open_dev$dri(&(0x7f0000000040), 0xffffffffffffffff, 0x0)

04:47:06 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)

04:47:06 executing program 2:
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run\x00', 0x8, 0x0)

04:47:06 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:06 executing program 2:
r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x141142, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)

04:47:06 executing program 1:
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000480), 0x2)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, 0x0)

04:47:06 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000180)=0xbc, 0x4)

04:47:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000640)={&(0x7f0000000200), 0xc, &(0x7f0000000340)={&(0x7f00000007c0)={0x14}, 0xb}}, 0x0)

04:47:06 executing program 1:
bpf$BPF_BTF_LOAD(0xa, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x20)

04:47:06 executing program 2:
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)

[ 2771.200884][T28690] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 2771.571363][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2771.761180][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2771.770258][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2771.779521][T28690] usb 1-1: Product: syz
[ 2771.786453][T28690] usb 1-1: Manufacturer: syz
[ 2771.791658][T28690] usb 1-1: SerialNumber: syz
[ 2772.931221][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2772.937666][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2772.961045][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2773.341516][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2773.371099][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2773.401528][T28690] usb 1-1: USB disconnect, device number 65
[ 2773.408958][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:09 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 34)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:09 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8936, 0x0)

04:47:09 executing program 1:
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\t\xfc\xca \xbb.\xb9\xdf\x04zaP1')

04:47:09 executing program 4:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.pending_reads\x00', 0xc0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0x6611, 0x0)

04:47:09 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000140)={0x2, 0x0, 0x98, &(0x7f0000000080)={0x0, 0x0, 0xe}})

04:47:09 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:09 executing program 2:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.pending_reads\x00', 0xc0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0x660c, 0x0)

04:47:09 executing program 1:
bpf$BPF_BTF_LOAD(0x1a, 0x0, 0x0)

04:47:09 executing program 4:
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
renameat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00')

04:47:09 executing program 5:
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x0, 0x0)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f00000000c0)={0x0, 0x9, &(0x7f0000000180)="6f7ca6f17552b07cbb"})

04:47:09 executing program 4:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.pending_reads\x00', 0xc0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0x6612, 0x0)

04:47:09 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
ioctl$HDIO_GETGEO(r0, 0x1277, 0x0)

[ 2774.220769][T17130] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 2774.591574][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2774.771274][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2774.780483][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2774.788979][T17130] usb 1-1: Product: syz
[ 2774.793863][T17130] usb 1-1: Manufacturer: syz
[ 2774.798611][T17130] usb 1-1: SerialNumber: syz
[ 2775.171417][ T1236] ieee802154 phy0 wpan0: encryption failed: -22
[ 2775.177731][ T1236] ieee802154 phy1 wpan1: encryption failed: -22
[ 2775.961156][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2775.967747][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2775.976267][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2776.381156][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2776.405578][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2776.441426][T17130] usb 1-1: USB disconnect, device number 66
[ 2776.455420][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:12 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 35)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:12 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8913, &(0x7f0000000040)={'ip6tnl0\x00', 0x0})

04:47:12 executing program 1:
setrlimit(0x1a, &(0x7f0000000040))

04:47:12 executing program 5:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.log\x00', 0xc0, 0x0)
read$char_usb(r0, &(0x7f0000000080)=""/216, 0xd8)

04:47:12 executing program 2:
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000002500)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x803e}, 0x0)

04:47:12 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:12 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8923, &(0x7f0000000040)={'ip6tnl0\x00', 0x0})

04:47:12 executing program 1:
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000001140), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, 0x0)

04:47:12 executing program 5:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0xaf01, 0x0)

[ 2776.995382][T23987] FAULT_INJECTION: forcing a failure.
[ 2776.995382][T23987] name failslab, interval 1, probability 0, space 0, times 0
[ 2777.023748][T23987] CPU: 1 PID: 23987 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2777.034235][T23987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2777.044325][T23987] Call Trace:
[ 2777.047626][T23987]  <TASK>
[ 2777.050574][T23987]  dump_stack_lvl+0x125/0x1b0
[ 2777.055281][T23987]  should_fail_ex+0x496/0x5b0
[ 2777.059973][T23987]  should_failslab+0x9/0x20
[ 2777.064486][T23987]  kmem_cache_alloc+0x334/0x3b0
[ 2777.071194][T23987]  skb_clone+0x171/0x3c0
[ 2777.075486][T23987]  netlink_broadcast_filtered+0xaf9/0xf00
[ 2777.081279][T23987]  ? sprintf+0xcd/0x100
[ 2777.085472][T23987]  ? netlink_connect+0x550/0x550
[ 2777.090439][T23987]  netlink_broadcast+0x39/0x50
[ 2777.095220][T23987]  kobject_uevent_env+0xbd2/0x1800
[ 2777.100362][T23987]  ? rcu_is_watching+0x12/0xb0
[ 2777.105154][T23987]  gadget_bind_driver+0x70e/0x8e0
[ 2777.110214][T23987]  ? soft_connect_store+0x520/0x520
[ 2777.115439][T23987]  really_probe+0x234/0xc90
[ 2777.119967][T23987]  __driver_probe_device+0x1de/0x4b0
[ 2777.125269][T23987]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2777.131096][T23987]  driver_probe_device+0x4c/0x1a0
[ 2777.136152][T23987]  __driver_attach+0x274/0x570
[ 2777.140939][T23987]  ? __device_attach_driver+0x300/0x300
[ 2777.146521][T23987]  bus_for_each_dev+0x13c/0x1d0
[ 2777.151392][T23987]  ? bus_remove_file+0x50/0x50
[ 2777.156184][T23987]  bus_add_driver+0x2e9/0x630
[ 2777.160884][T23987]  driver_register+0x15c/0x4a0
[ 2777.165673][T23987]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2777.171855][T23987]  raw_ioctl+0x172f/0x2b80
[ 2777.176295][T23987]  ? raw_open+0x510/0x510
[ 2777.180639][T23987]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2777.185604][T23987]  ? raw_open+0x510/0x510
[ 2777.189953][T23987]  __x64_sys_ioctl+0x18f/0x210
[ 2777.194733][T23987]  do_syscall_64+0x38/0xb0
[ 2777.199169][T23987]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2777.205080][T23987] RIP: 0033:0x7f410aa7c84b
[ 2777.209509][T23987] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2777.229131][T23987] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2777.237559][T23987] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
04:47:12 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @private0}}}, 0x90)

[ 2777.245542][T23987] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2777.253522][T23987] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2777.261502][T23987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2777.269489][T23987] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2777.277486][T23987]  </TASK>
04:47:13 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x40086602, 0x0)

04:47:13 executing program 1:
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x10000, 0x0)

[ 2777.481991][T28690] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 2777.843591][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2778.023297][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2778.044050][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2778.062463][T28690] usb 1-1: Product: syz
[ 2778.066681][T28690] usb 1-1: Manufacturer: syz
[ 2778.083993][T28690] usb 1-1: SerialNumber: syz
[ 2779.241037][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2779.247523][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2779.271956][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2779.653477][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2779.696589][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2779.751357][T28690] usb 1-1: USB disconnect, device number 67
[ 2779.758786][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:15 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 36)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:15 executing program 5:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000001ec0)='ns/mnt\x00')
sendfile(0xffffffffffffffff, r0, 0x0, 0x0)

04:47:15 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@my=0x0})

04:47:15 executing program 1:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000001ec0)='ns/mnt\x00')
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000040), 0x24, 0x0)

04:47:15 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00'})

04:47:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:16 executing program 2:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x4b, 0x0, 0x78)

04:47:16 executing program 4:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000001e00), 0x8, 0x0)
read$snddsp(r0, &(0x7f0000000000)=""/271, 0x10f)

04:47:16 executing program 1:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x2c, 0x0, 0x78)

04:47:16 executing program 5:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
lseek(r0, 0x80000000, 0x0)

[ 2780.323686][T24048] FAULT_INJECTION: forcing a failure.
[ 2780.323686][T24048] name failslab, interval 1, probability 0, space 0, times 0
[ 2780.370265][T24048] CPU: 1 PID: 24048 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2780.380742][T24048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2780.390827][T24048] Call Trace:
[ 2780.394118][T24048]  <TASK>
[ 2780.397053][T24048]  dump_stack_lvl+0x125/0x1b0
[ 2780.401752][T24048]  should_fail_ex+0x496/0x5b0
[ 2780.406445][T24048]  should_failslab+0x9/0x20
[ 2780.410964][T24048]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2780.416446][T24048]  ? kobject_uevent_env+0x24c/0x1800
[ 2780.421758][T24048]  ? dev_uevent_filter+0xc0/0xc0
[ 2780.426721][T24048]  kmalloc_trace+0x25/0xe0
[ 2780.431181][T24048]  kobject_uevent_env+0x24c/0x1800
[ 2780.436321][T24048]  ? kobject_put+0xbe/0x440
[ 2780.440844][T24048]  driver_bound+0x177/0x2c0
[ 2780.445373][T24048]  really_probe+0x67e/0xc90
[ 2780.449903][T24048]  __driver_probe_device+0x1de/0x4b0
[ 2780.455209][T24048]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2780.461034][T24048]  driver_probe_device+0x4c/0x1a0
[ 2780.466084][T24048]  __driver_attach+0x274/0x570
[ 2780.470877][T24048]  ? __device_attach_driver+0x300/0x300
[ 2780.476451][T24048]  bus_for_each_dev+0x13c/0x1d0
[ 2780.481325][T24048]  ? bus_remove_file+0x50/0x50
[ 2780.486116][T24048]  bus_add_driver+0x2e9/0x630
[ 2780.490826][T24048]  driver_register+0x15c/0x4a0
[ 2780.495615][T24048]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2780.501797][T24048]  raw_ioctl+0x172f/0x2b80
[ 2780.506235][T24048]  ? raw_open+0x510/0x510
[ 2780.510580][T24048]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2780.515538][T24048]  ? raw_open+0x510/0x510
[ 2780.519886][T24048]  __x64_sys_ioctl+0x18f/0x210
[ 2780.524674][T24048]  do_syscall_64+0x38/0xb0
[ 2780.529110][T24048]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2780.535025][T24048] RIP: 0033:0x7f410aa7c84b
[ 2780.539450][T24048] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2780.559072][T24048] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2780.567503][T24048] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2780.575487][T24048] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2780.583471][T24048] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2780.591454][T24048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2780.599434][T24048] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2780.607436][T24048]  </TASK>
04:47:16 executing program 2:
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5000)
shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x7000)

04:47:16 executing program 1:
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
geteuid()
geteuid()
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=@RTM_GETNSID={0x14}, 0x14}}, 0x0)

[ 2780.843309][T28690] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 2781.211222][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2781.391230][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2781.405984][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2781.423098][T28690] usb 1-1: Product: syz
[ 2781.432059][T28690] usb 1-1: Manufacturer: syz
[ 2781.442392][T28690] usb 1-1: SerialNumber: syz
[ 2782.591284][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2782.597775][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2782.620882][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2783.021207][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2783.057615][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2783.101609][T28690] usb 1-1: USB disconnect, device number 68
[ 2783.109072][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:19 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 37)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:19 executing program 5:
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000140))
r0 = socket$igmp(0x2, 0x3, 0x2)
shmat(0x0, &(0x7f0000000000/0x3000)=nil, 0x7000)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000000), 0x4)

04:47:19 executing program 2:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r0, 0xc0884113, &(0x7f0000000080))

04:47:19 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000c40)={&(0x7f0000000940)=@abs, 0xfffffffffffffff3, 0x0, 0x0, 0x0, 0xfffffe92}, 0x0)

04:47:19 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:19 executing program 4:
r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000001ec0)='ns/mnt\x00')
r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000001ec0)='ns/mnt\x00')
copy_file_range(r0, 0x0, r1, 0x0, 0x0, 0x0)

04:47:19 executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x15, 0x0, 0x78)

04:47:19 executing program 1:
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000001e00), 0x8, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$lock(r0, 0x25, &(0x7f00000001c0)={0x2, 0x2, 0x0, 0x75d1, r1})

04:47:19 executing program 2:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x4c, 0x0, 0x78)

04:47:19 executing program 5:
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETSGCNT_IN6(r0, 0x8980, 0x0)

04:47:19 executing program 4:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r0, 0xc0884113, 0x0)

[ 2783.800832][T24104] FAULT_INJECTION: forcing a failure.
[ 2783.800832][T24104] name failslab, interval 1, probability 0, space 0, times 0
04:47:19 executing program 5:
r0 = open$dir(&(0x7f0000000180)='.\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
faccessat(r0, &(0x7f0000000080)='./file0\x00', 0x2)

[ 2783.933188][T24104] CPU: 0 PID: 24104 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2783.943674][T24104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2783.953760][T24104] Call Trace:
[ 2783.957070][T24104]  <TASK>
[ 2783.960025][T24104]  dump_stack_lvl+0x125/0x1b0
[ 2783.964751][T24104]  should_fail_ex+0x496/0x5b0
[ 2783.969481][T24104]  should_failslab+0x9/0x20
[ 2783.974028][T24104]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2783.979541][T24104]  ? kobject_get_path+0xce/0x2b0
[ 2783.984535][T24104]  ? kobject_get_path+0xce/0x2b0
[ 2783.989523][T24104]  __kmalloc+0x4f/0x100
[ 2783.993716][T24104]  kobject_get_path+0xce/0x2b0
[ 2783.998533][T24104]  kobject_uevent_env+0x26b/0x1800
[ 2784.003696][T24104]  ? kobject_put+0xbe/0x440
[ 2784.008246][T24104]  driver_bound+0x177/0x2c0
[ 2784.012796][T24104]  really_probe+0x67e/0xc90
[ 2784.017358][T24104]  __driver_probe_device+0x1de/0x4b0
[ 2784.022696][T24104]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2784.028552][T24104]  driver_probe_device+0x4c/0x1a0
[ 2784.033604][T24104]  __driver_attach+0x274/0x570
[ 2784.038395][T24104]  ? __device_attach_driver+0x300/0x300
[ 2784.043967][T24104]  bus_for_each_dev+0x13c/0x1d0
[ 2784.048841][T24104]  ? bus_remove_file+0x50/0x50
[ 2784.053807][T24104]  bus_add_driver+0x2e9/0x630
[ 2784.058512][T24104]  driver_register+0x15c/0x4a0
[ 2784.063307][T24104]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2784.069497][T24104]  raw_ioctl+0x172f/0x2b80
[ 2784.073934][T24104]  ? raw_open+0x510/0x510
[ 2784.078284][T24104]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2784.083244][T24104]  ? raw_open+0x510/0x510
[ 2784.087591][T24104]  __x64_sys_ioctl+0x18f/0x210
[ 2784.092377][T24104]  do_syscall_64+0x38/0xb0
[ 2784.096810][T24104]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2784.102724][T24104] RIP: 0033:0x7f410aa7c84b
[ 2784.107151][T24104] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2784.126773][T24104] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2784.135199][T24104] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2784.143181][T24104] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2784.151162][T24104] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2784.159230][T24104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2784.167298][T24104] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2784.175301][T24104]  </TASK>
[ 2784.178448][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2784.341635][ T8761] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 2784.761416][ T8761] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2784.932666][ T8761] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2784.944017][ T8761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2784.953525][ T8761] usb 1-1: Product: syz
[ 2784.963376][ T8761] usb 1-1: Manufacturer: syz
[ 2784.973620][ T8761] usb 1-1: SerialNumber: syz
[ 2786.131506][ T8761] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2786.138003][ T8761] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2786.152792][ T8761] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2786.561415][ T8761] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2786.595208][ T8761] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2786.643548][ T8761] usb 1-1: USB disconnect, device number 69
[ 2786.662843][ T8761] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:22 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 38)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:22 executing program 2:
r0 = open$dir(&(0x7f0000000180)='.\x00', 0x0, 0x0)
openat$incfs(r0, &(0x7f00000000c0)='.pending_reads\x00', 0x60041, 0x0)
openat$incfs(r0, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0x1)

04:47:22 executing program 4:
r0 = open$dir(&(0x7f0000000180)='.\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x8, 0x0)
faccessat2(r0, &(0x7f0000000040)='./file0\x00', 0x5, 0x200)

04:47:22 executing program 1:
r0 = open$dir(&(0x7f0000000180)='.\x00', 0x0, 0x0)
openat$incfs(r0, &(0x7f0000000080)='.log\x00', 0x601c1, 0xb2)

04:47:22 executing program 5:
r0 = open$dir(&(0x7f0000000180)='.\x00', 0x0, 0x0)
openat$incfs(r0, &(0x7f00000000c0)='.pending_reads\x00', 0x60041, 0x0)
openat$incfs(r0, &(0x7f0000000000)='.pending_reads\x00', 0x1050c0, 0x0)

04:47:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:22 executing program 2:
r0 = open$dir(&(0x7f0000000180)='.\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000000)='./file0\x00', 0x8000, 0x0)

04:47:23 executing program 4:
r0 = socket$unix(0x1, 0x1, 0x0)
sendmmsg$unix(r0, &(0x7f0000002840)=[{{&(0x7f0000000000)=@abs, 0x6e, 0x0}}], 0x1, 0x48841)

04:47:23 executing program 5:
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000012c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb01001800008a"], 0x0, 0x1a}, 0x20)

04:47:23 executing program 1:
r0 = socket(0xa, 0x5, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000140)={'erspan0\x00', 0x0})

[ 2787.209705][T24159] FAULT_INJECTION: forcing a failure.
[ 2787.209705][T24159] name failslab, interval 1, probability 0, space 0, times 0
[ 2787.265012][T24159] CPU: 1 PID: 24159 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2787.275493][T24159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2787.285595][T24159] Call Trace:
[ 2787.288893][T24159]  <TASK>
[ 2787.291831][T24159]  dump_stack_lvl+0x125/0x1b0
[ 2787.296532][T24159]  should_fail_ex+0x496/0x5b0
[ 2787.301235][T24159]  should_failslab+0x9/0x20
[ 2787.305754][T24159]  kmem_cache_alloc_node+0x384/0x3f0
[ 2787.311065][T24159]  ? __alloc_skb+0x287/0x330
[ 2787.315687][T24159]  __alloc_skb+0x287/0x330
[ 2787.320129][T24159]  ? __napi_build_skb+0x50/0x50
[ 2787.325010][T24159]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2787.330423][T24159]  alloc_uevent_skb+0x7d/0x210
[ 2787.335246][T24159]  kobject_uevent_env+0xc20/0x1800
[ 2787.340397][T24159]  driver_bound+0x177/0x2c0
[ 2787.344935][T24159]  really_probe+0x67e/0xc90
[ 2787.349466][T24159]  __driver_probe_device+0x1de/0x4b0
[ 2787.354774][T24159]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2787.360601][T24159]  driver_probe_device+0x4c/0x1a0
[ 2787.365657][T24159]  __driver_attach+0x274/0x570
[ 2787.370447][T24159]  ? __device_attach_driver+0x300/0x300
[ 2787.376017][T24159]  bus_for_each_dev+0x13c/0x1d0
[ 2787.380890][T24159]  ? bus_remove_file+0x50/0x50
[ 2787.385684][T24159]  bus_add_driver+0x2e9/0x630
[ 2787.390472][T24159]  driver_register+0x15c/0x4a0
[ 2787.395265][T24159]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2787.401536][T24159]  raw_ioctl+0x172f/0x2b80
[ 2787.405977][T24159]  ? raw_open+0x510/0x510
[ 2787.410323][T24159]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2787.415284][T24159]  ? raw_open+0x510/0x510
[ 2787.419632][T24159]  __x64_sys_ioctl+0x18f/0x210
[ 2787.424417][T24159]  do_syscall_64+0x38/0xb0
[ 2787.428854][T24159]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2787.434773][T24159] RIP: 0033:0x7f410aa7c84b
[ 2787.439199][T24159] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
04:47:23 executing program 2:
bpf$OBJ_GET_PROG(0x7, 0x0, 0x1800)

[ 2787.458822][T24159] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2787.467251][T24159] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2787.475236][T24159] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2787.483219][T24159] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2787.491204][T24159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2787.499203][T24159] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2787.507223][T24159]  </TASK>
04:47:23 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x1000, 0x0, 0x0, 0x128a}, 0x48)

[ 2787.720775][T28690] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 2788.083695][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2788.251335][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2788.260438][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2788.290961][T28690] usb 1-1: Product: syz
[ 2788.295179][T28690] usb 1-1: Manufacturer: syz
[ 2788.299978][T28690] usb 1-1: SerialNumber: syz
[ 2789.451047][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2789.457542][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2789.482342][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2789.865032][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2789.914323][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2789.971201][T28690] usb 1-1: USB disconnect, device number 70
[ 2789.978655][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:26 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 39)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:26 executing program 2:
pselect6(0x40, &(0x7f0000001280), 0x0, 0xfffffffffffffffe, &(0x7f0000001300)={0x0, 0x989680}, &(0x7f0000001380)={&(0x7f0000001340)={[0x7ff]}, 0x8})

04:47:26 executing program 4:
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x2, &(0x7f0000000000))

04:47:26 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_timeval(r0, 0x1, 0x14, 0x0, &(0x7f0000000080))

04:47:26 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000e80), &(0x7f0000000fc0)=0xc)

04:47:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:26 executing program 4:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0x17, &(0x7f00000001c0)='hybla\x00', 0x6)

04:47:26 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_timeval(r0, 0x1, 0x43, 0x0, &(0x7f0000000240))

04:47:26 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x7, 0x2, 0x4}, 0x48)

04:47:26 executing program 5:
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000200)={{0xa, 0x0, 0x0, @remote}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}, 0x5c)

04:47:26 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000080)={0xfffffffffffffffc, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x3c, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_REQUEST={0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6002}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}]}, 0x3c}}, 0x0)

04:47:26 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x28, 0x2, 0x8, 0x301, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4801}, 0x40000)

[ 2790.771187][ T2543] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 2791.140964][ T2543] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2791.321138][ T2543] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2791.330327][ T2543] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2791.370854][ T2543] usb 1-1: Product: syz
[ 2791.375070][ T2543] usb 1-1: Manufacturer: syz
[ 2791.379683][ T2543] usb 1-1: SerialNumber: syz
[ 2792.561015][ T2543] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2792.567510][ T2543] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2792.595954][ T2543] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2792.992462][ T2543] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2793.021464][ T2543] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2793.072765][ T2543] usb 1-1: USB disconnect, device number 71
[ 2793.086018][ T2543] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:29 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 40)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:29 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x802, 0x88)
sendto$inet6(r1, 0x0, 0x0, 0x400c840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

04:47:29 executing program 4:
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x88)
sendto$inet6(r0, 0x0, 0x0, 0x400c840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

04:47:29 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000080)={0xfffffffffffffffc, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x34, 0x0, 0x8, 0x201, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @fccp}, @CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_L4PROTO={0x5}]}, 0x34}}, 0x0)

04:47:29 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @remote}, 0x80)

04:47:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:29 executing program 4:
fchownat(0xffffffffffffffff, 0x0, 0x0, 0xee00, 0x400)

04:47:29 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, 0x0, &(0x7f0000000140))

04:47:29 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/dmi', 0x0, 0x0)
ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0)

04:47:29 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/dmi', 0x0, 0x0)
ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f00000001c0))

04:47:29 executing program 4:
r0 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000080)=""/164)

04:47:29 executing program 2:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x3, &(0x7f00000007c0)=@framed, &(0x7f0000000800)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000900)=[{0x1, 0x0, 0xb, 0x9}], 0x10, 0x1}, 0x90)

[ 2793.951841][ T8761] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 2794.343604][ T8761] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2794.561285][ T8761] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2794.570389][ T8761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2794.591415][ T8761] usb 1-1: Product: syz
[ 2794.595653][ T8761] usb 1-1: Manufacturer: syz
[ 2794.600283][ T8761] usb 1-1: SerialNumber: syz
[ 2795.771136][ T8761] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2795.777689][ T8761] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2795.795194][ T8761] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2796.201686][ T8761] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2796.239554][ T8761] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2796.291184][ T8761] usb 1-1: USB disconnect, device number 72
[ 2796.306577][ T8761] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:32 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 41)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:32 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0xc0189436, &(0x7f0000000040)={'nicvf0\x00'})

04:47:32 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454d9, &(0x7f00000001c0)={'veth0_to_batadv\x00', 0x500})

04:47:32 executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x5, &(0x7f0000000000)=@raw=[@exit, @btf_id, @alu, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}], &(0x7f0000000040)='GPL\x00', 0x6}, 0x90)

04:47:32 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000002040), 0x4)

04:47:32 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:32 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@bloom_filter={0x1e, 0x0, 0x7, 0x7ff, 0x2000}, 0x48)

04:47:32 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r1, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r2 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r3 = dup2(r1, r2)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f0000000080)={0x1, [<r4=>0x0]}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x901, &(0x7f0000000300)={r4}, 0x8)

04:47:32 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x26, &(0x7f0000000240), &(0x7f00000002c0)=0x8)

[ 2796.876799][T24328] FAULT_INJECTION: forcing a failure.
[ 2796.876799][T24328] name failslab, interval 1, probability 0, space 0, times 0
04:47:32 executing program 5:
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0)

[ 2797.004416][T24328] CPU: 1 PID: 24328 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2797.014910][T24328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2797.025000][T24328] Call Trace:
[ 2797.028304][T24328]  <TASK>
[ 2797.031261][T24328]  dump_stack_lvl+0x125/0x1b0
[ 2797.035988][T24328]  should_fail_ex+0x496/0x5b0
[ 2797.040799][T24328]  should_failslab+0x9/0x20
[ 2797.045345][T24328]  kmem_cache_alloc+0x334/0x3b0
[ 2797.050259][T24328]  skb_clone+0x171/0x3c0
[ 2797.054553][T24328]  netlink_broadcast_filtered+0xaf9/0xf00
[ 2797.060512][T24328]  ? sprintf+0xcd/0x100
[ 2797.064806][T24328]  ? netlink_connect+0x550/0x550
[ 2797.069982][T24328]  netlink_broadcast+0x39/0x50
[ 2797.074797][T24328]  kobject_uevent_env+0xbd2/0x1800
[ 2797.079978][T24328]  driver_bound+0x177/0x2c0
[ 2797.084544][T24328]  really_probe+0x67e/0xc90
[ 2797.089104][T24328]  __driver_probe_device+0x1de/0x4b0
[ 2797.094444][T24328]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 2797.100299][T24328]  driver_probe_device+0x4c/0x1a0
[ 2797.105380][T24328]  __driver_attach+0x274/0x570
[ 2797.110193][T24328]  ? __device_attach_driver+0x300/0x300
[ 2797.115783][T24328]  bus_for_each_dev+0x13c/0x1d0
[ 2797.120661][T24328]  ? bus_remove_file+0x50/0x50
[ 2797.125456][T24328]  bus_add_driver+0x2e9/0x630
[ 2797.130160][T24328]  driver_register+0x15c/0x4a0
[ 2797.134949][T24328]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2797.141133][T24328]  raw_ioctl+0x172f/0x2b80
[ 2797.145576][T24328]  ? raw_open+0x510/0x510
[ 2797.149922][T24328]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2797.154878][T24328]  ? raw_open+0x510/0x510
[ 2797.159224][T24328]  __x64_sys_ioctl+0x18f/0x210
[ 2797.164005][T24328]  do_syscall_64+0x38/0xb0
[ 2797.168442][T24328]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2797.174361][T24328] RIP: 0033:0x7f410aa7c84b
[ 2797.178789][T24328] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2797.198414][T24328] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2797.206841][T24328] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2797.214827][T24328] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2797.222810][T24328] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2797.230797][T24328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2797.238785][T24328] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2797.246783][T24328]  </TASK>
[ 2797.251781][T17130] usb 1-1: new high-speed USB device number 73 using dummy_hcd
04:47:33 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup2(r1, r0)

04:47:33 executing program 4:
msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000000980)={{0x0, 0xffffffffffffffff}})

[ 2797.681396][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2797.851290][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2797.860794][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2797.873960][T17130] usb 1-1: Product: syz
[ 2797.882687][T17130] usb 1-1: Manufacturer: syz
[ 2797.892311][T17130] usb 1-1: SerialNumber: syz
[ 2799.043090][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2799.049623][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2799.061212][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2799.461237][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2799.488051][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2799.532850][T17130] usb 1-1: USB disconnect, device number 73
[ 2799.548199][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:35 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 42)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:35 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000200)={0x10, 0x2}, 0x10)

04:47:35 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xb)

04:47:35 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in={0x10, 0x2}, 0x10)

04:47:35 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000002540)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x1}, 0x1c, &(0x7f00000024c0)=[{&(0x7f0000000080)="d210578fd3a6a814f3e05691d0d91419643b490e018c15e887b11d53b45c30d12a798148aad44843690d7ceaa730da729481fcee05b3b9e5f28c4926d693d2d5d5c578f983c7cb2066d5f48a815ce5b18c56acaeb86b9efc814e0dac1e50243cb51f56d2d1422d466e77b56e20c43e8dcc36a9a75c6ad6283aebd27721dce02da5d3486031906c9f7339160539fca2f5afc3f2a0a858486866a2bbb2efcff9e9e7e5bd10ed1c65f53247397d3d555f198c3aa326f50d1e63136d061073a86a910614c0d51c2d4d18abb93c03fcea617a4285476cccea848289d3ec2ff3d9719ccd5eaba2ffca8d021a60384c59053b0ba8e8565c21c1282bedc9cb4671aa3a0f945add110fe092d862dfc0f8510e8ae5f7e0c95e2c34392f938aca58c4775b03e918f40f67e52a403f7f2dc88cfa8b3ae56caf37c4be559c751211b3cb84bf267aa5b3dc6e348c0df8fdf62892363e96670d4f6cccb9ff305295a959e9d1e61093515ec861c6e0883babd0cb1c94aa3e1a0d7f7aa11c07101dac621b5c49b315ee9f07ee5c70b7ac553ffd272d342313c333b2305538c69c904edd088501c39a9e4fa3586b6f58e9c7c3cab9fbb0058c575f7209fea73f89e7853dea1557c9d52b81ef18eb2e8fddf4f7a71eff087c8ff61ca8d8842eaaac77e5ee8f25c3f5d40b38a95fbe563a2760233d185090bdb23a8c82eeb74afd849e14bbc48088ddc03e0eda485067ef1c44d22832ce50e54839d29d49433ee9dab59a9fb21f13b98947db87f5a2ff4e6b10a6ae2b0b98006412081f0d7e00974cdcc4951618f6d323bedb30f0880d5e5c2f865b6d892a08806e4fa5ec77c6760838193a88e90abe11a6bf9d221274cef211a8267933feeb4a4bdd60605577ae673959fe84284d66d5b79b56294fe960701e99970a4b36bc4796eb8d0ca11555a9399f65d3bb000af9d83b2c36f721582c7285d95f656ab350f04afe5bc30a6bd938d56fe8091fecbbabae31444c2bedad009df35daf53e5950bd5294b83c257cac9c66ec9fae03522633e7cda69f1ce1de58eea278cc7b8a497fdd952b807bfa1c91bd52ce7497aa597f79c6f0a1d3f30ccd792f819e0a269fae235d0566fcb038a4be39bda38e1ec5df9a7b97791579494f19e9c9c818efc0f8e4754e02681d73ffcd6a1047d34cdc3bdab1fd70c03b2ac1510ef1c53017c0c143752b1b0394c25facdcc17c43a9ddb4b60b4cd0a9ed8e8f9128b9673f0b5f2701dc9574ca4617ddb00eaf18e02d4633fecc8457fb7eee766218b7eb3874b4167d31ae8a485d6822f4d628e0b5d36ed49c7fc402d234ea72fc7f80afa96710727a7f8eff752abc21bdfc3304b7b46a14f136021a492a68508a18c7db45d06c92b28d260533c0a5a63b850a76268d33512c385bb3a6eac09c6ee9cfe1df3f955156fd2132f8d5f6cc3966f294f6256f43a5544c110f0876494d4d0dcedd6d2040a019a164aa626b509c2a750e3b5cdebeafa21ffe54cbffb3169e2a457c8d80906d22ce8213dcf798381c35f91559935b8ee06aa1b4ee1fa7c152732c2306f5946ac636ad591a1c668d99177f914408be75d88baa1cd7d1e4e2d9c1cfd0d73707895a4f2b6e5547388ab319f50fc37917a66c0c9a5b7b4072c070c82f1f314dc834d6bc8ddcc94b27d7d3a8151d7452672575b274600b55ddd9cd68d968bcb8692363fc2b7355c67e1b8b002c80c3d31a44aba6dbeea6353e89512c11c96c72402af68d7d00ccc00848cc9d9e38915a21f5577bcc1c45aa4f16d048664aaffbfc31f649b11e4a74b6e9aa99c0817cc34824b66f36b5cffe44523fcdadca052a1f396194e2cea285dd47cddf0c9a98280364e4dc603f7a7c3a96771fb3578c0a315357de356af158669fb63c3da792b1686e13b1db63e235d63aa0d8b1836ed960e0aa60e6abc17fdd0a8fd70ac67c767f5b5b780a9055d795961f3721a630e22c0b7b3f785a557c801ea07d5fee96a6c17320c364a4a7945112448b22d4d0cc6d9ce47e64a7cf7b1decd0b8ab7beb7d187a22478cc8f79a9c36c998e83cde35a5ec5080c609326af2aaab49bc8346617e7460349618f1d557a6d4e24f37dfeae4e6ea106111f673f54d386a1c4f0f90711caf5e88fbef333220f0a7d612ecb7c763a3d1c41974789f154fb0fe49b974987bf6092be5f8bd71367a4a4337a1ef3dc7b3b5e45161e1bc3085448552341a2b453b7bde1d36f30fe60fa924ecf72ada908afa1020e510a7cf90ed46309add3669af1b85203b8db7405f981b7d3ce418559f46bab15abe7f4d3d45ded6e2b28ec53ccb7fef121abd2a185ea477e6cd26890cc0126d0ba663c00b1d627e74ef91ce1b6994445a08931e48e5e9dd6f3713f441b2d7419c3fcc6d584da08c782c5b5df7963342c7773c60500cdba2718fd7eea0df9096d56e18355e493a2c358cab8e67faadadeb174dcc7c6b1a83ba4dfac8c39b92eb502a501ab0c9f212a0f78150e3846bec527934661557894d8cc7c547d93d3b4237170b05c905b54a7553dd4d161841df7f42526c8e2929bb021297fc68218c71bc76d8fc3696cb071abc33d96e8f948a96a07b0d6ca70de1d4844521c2b88c9add4f3bdc739dd1b6372920221c470665db343788180737e63c871f3cb36029cfa4e27761ea202988308518cec4d5fc8aafaf00af0adb0fe400f1ebe06a1f9a2274ef528b0924e94c9ffa220b656d0f8cd9464cdaefbe74fe88a632f99c50d4959cb098494a869d8c9ed79527a61d16c987627a7d4619c10f55d90cf5bede3204c2a481cc375ac34828e0eb3356bb6ff67e6af4277c7fef6b1e518826bde054f31a6b35ee49cc59b13a8bc12b9c38304a8fb14ca495e3aec2df1e8475cf582c3b577056151eb0d364caa541f79f55f622ecc34dc4aeb13293802b303dcdec21744a71fcfda63aac601c709708210e3a7e57041dadee75deaae1ffa32df9df918b0e8bfda37778e60d724590e4705ba47bde0f602c7459b0ce6e0e8cc3f3e0608ade7a5977490640e16ac4f31545df56228d1618f1ac2d67cb777e4ccc84a9376e7c6bef95e3803d43fe3c47276c382cd11584d552242e01e0776a8abd05859de4ad8105edc825ff1fdbcf1fe205117100235400f7e15603ca70a73d246e60ce717806bfa7c324e0b3c1d4ae39c13ecd541f8fce9a2aebc2ba154f79e7f369186bace23b0f44eefe545aa02fa3905224aefbbd897ed433a9b8f84e7002de6379dc8a5c2ea4e2366016ff2a6c8c1c02aaf3b293d0a611fa6344f49283f2c73ffccb9104f8ac0de8ed78103ba9a8286b8a1c9b883e6968c0ce56ae17495a93c3e99aa8b72ece77d0888f92735096a265bbf3f442f2130af0b662d5478d6a21abaddb82d915393239a426124b4ba2ec35cfdfdd20d6e79062b15303f2b16b36c251029956125f9867247287ab57ab4c1933ce1ef7794c3ce17201c8435e19dff8d30a10515158f005d44919978ca6f40beb7928d5091de5001c3ba6eb0bc3523ee115f29ac5fb280aee344f8975f1fa6afb7e2088a5ca82c308f1a5adc508595b514243621ac7bf042862a4375adf54f2f5f1b1e9cd1acdc9dd870a9da9bbf464e7c16f83f6c40561b038908d66261ff53d014ef4d974bea345c5fffc202b6a5e076d9834501800e5428c35dfc5daae37266b36952c752bed43fbc9a85267988d5ea477c1768825b281f8e26f32d582d40e795bf56bb4b216a3679e26f92feedea113644a5800d3ee657108273f2cc017de8a9ed0adb3ea74cd34415279199f1dba0a41ca1e8d223cd2ddc39b0ae2697140b816a703f0d5670216723ad9417aeda4325a1c9ae0b512fee4575937de657464b109708dd5a2a0c44257a66b80876496b9e3825c422435f176f0a9f041a2a8517e3c1b8c62188fd655b29c55faab21c977da001e995ac017073dfcc52140862c76c718c44ef5c0f49fcd3ee45054e2e7a372c7c79530ccd9b9461a8fbedd75750b25708be82a093c20efcdb1d496ee66a507fe9c9c99af57179aae35e16a37a216fd66de8af3c39f57dbafb7c943c6a2c34d719471541a41aeabf94bf2b9cd3c5a51f1404abbcf7b7a47526211490cb088d57a9a4dfb123d92820ab3052299c253a744f07a0b37235a139c1a065cbce37f8f978cbbacc7eced6ffb0aa185192a45928033775de09370f51cf59eb6531be96f35757bd16de6a499c2c17bb736d1a8854c2fa5e17b85c43be4c3598a034ff79a1ea9b00f56d6e68d935957c6574463eaba69ecb4e588f569b2053713f3aafad44e7b14c94d026e010a379213deffe86f534c4b8accd1df4a8c06952a23803cc82871c444ca1a1e3759e5e86c405c00888be5bc954cf880a451edd1edce8b77a5eb6ba3f3183d8bba55bfbc3f825c872dbdc92f6fa2a10cb56fa69f3cbb79f589083e9d9f2c36438f267f0ccc49c854bd1a8c523b31a15c3c45b54057a19e9bde58c545bc7c080c07bd888206861dff8daeef48f140d83d9ea2261d532a076a98075cf15f4dc35939e976c83d83182a04bc0ca8a8f0c3b685c252932ee3bda20709186939dfe975e037f28872b4dc67decafa379284c584cb82f2b05a584a45f2ed5cf38456ec9deb6b018361689deed837d29424dc8b283906bce8757051963df9478c1987c35c9064947ea854abb191d83f508bdb638498da5bb28fb81149f4fa44015e89b12938726a6c198ed499bd55fe1465190c61b4a2da7d4cf2fa4f82d4de09f286b3e92aa493807a4f3cc783325d8433c96df01800506aee08fa36973c5713ef76a9def98a90e7255932411e5d47246e83cbf3827376d3ffa3ed4b1c74afcd2f14eaf776cc0482b5dcacb41c6a30ff4ee89cf7c9c9821f607d2b15fe2a3b88e8585872dbd48380550540f4d1768250c4fea59ef8e1a2ca9ed046659b992d60c2ea9f6fafd1b51c606b3e1fa35753c438a55a30d852494b95234da1d26918f549c017578f8e98154a2cbbf18ae357582aa7b1002a05616e3054d81d8654e37f5c11b9fb1343a831f1afb5e4266170957cbd08b87996034ac1b44e1af7174410be62700d575a4602f96150a6961490257ce44ded0e0bcbf47f69866eb85715fd6b4bff9a051e0aa0c49166d4f9fcb182ff8b8c2dab3fdbb784253a11060e5716d146376efa5fa26449ede15989e387e1d0b155f46af02fbb1ab5960a6980119bfe78a2034d685bd3145bb465c70231350a17959f49549df251414452af781e24078c64575d8985c191ccf458d3b749ab2b89551de27273c04bcefada0d0004118cfb4234c577fe6f045725038017fb68926446dbb555221cbdfef71c68689d004030a151ee50e44fc1a322db50c1b20a3621fdb5f9a5abeb4f418743f8e7d4b6a5fe00eae9a0dd9ee1587eecd9930d8c601fc84fbd65d6d715bf41ccfd3edaaa655622e8e06c1e860f9e2c1ce5e14ed69583e74b904a1a905b33a74383e318248c697239581f9f3d6d0d485e968aeb4ad9f6643890b1f670111627a4de3178db0ab2e81c923fae840c3fe6dbe9455ed2f234cac0394602221c6b27e653cde4e66b91ea8e76c56c3939ef4f4350679476b50ada66a627d5a8d61e9b474a950c23cbce00b033ece508319e08d784fd0c41fd657c8c57adf463ca9bf39b953acb3911c5585e98736999298e100927543472a548eec4a83c5bfe12e19241782fd51a7d8d6bbd97b9e7d7f96ab303769967dbf8dd387b2b706044bcfcc910f58c4a9a529ea4d99a8d35f0e0804668ba8b4899b54b9d09dc9c6b6c7f37ce1a8606f3c0770f8f68217", 0x1000}, {&(0x7f0000001080)="243cee5144103034fbf86fb4b39a7b3a95d3ffe860ed698a6bcdb66da285f54cd07353226eb4b42cc3d699c4eb98dcf92452adea38a0a475c93e1777c48f3f82fd70a5e165ec6e588137b51b2a58a60484a5addf32d561d357242122a8f48fb837d01ce0af3f351cab97ef89a42c9db92b04df", 0x73}, {&(0x7f0000001100)="50fc2a494df74b0d89a4a4cf395340c280bbf47fbabe01f94793d7baf1ee5dc13dd8824d476dbfa123e41bbf57d7f2d1cabea67c9c35eb83e744ebf88898938e022eb474c3c3d041f6049c7576943a964ef32131ca51225bc39294dbd528b84cd6f686d3485f4a1320201b145acc83f376623b7bc874c0e5d71cfeb5a4368ceacc584f7705271cafb6fc3943b4e32817f8634bddb44bd439f20363960375da1514343f111754c2f796956dc2880b038091ccaa472d51c76139ea6545b2e1a0b91e130dd28534d1c586f280121f461a1167a6714e3aeed531009b76193f78ce0f93c4bbafc6bbdc12b8a0e646730bf4203fb912cbdd26c352fa43f2ac085a113187fcb3cf2c708297026d8eb1ee48295b13f0626ed25916b30e9b071e1c1c6bcd732be97648deb8e93a0a91457885434bf061252e50dbcee2c3e9979a2594b5403783dd4f63098baf168639e02e8e12dbf952db5adf26402bcf57ee51e920e5fdd20bd42c34082073dfdc73225324f87d6cad4d4e98c33e9050cae054cead79368493b8c06450ab59776ffdff47197ad41421e73cc288ecdc91e5155e5b37e17abed13906b730e952b888ae94cd6d0c58d5a207c6c3ce5bc7436562fed1e1d0ad26bab7f7e0d624266f42eecbd15b96295573ccdd6f4efa888c7a6f62ba80b55718d89f67d15215f9a525d7656b8489fe448ebc2a647955584d4e73e62fd3f95eaaaa87c9397facb89ecab646ce760ec55e4bd24d9318095f9026c03b9c27e9ced0dc2e7ae596e855350b0bacff8209da26f4639e9173365fedbfaf3e25ab5ba41f47854651f9d05e9afabab37ad4d3eb5ce31accd807352969428b185ad5f463d7249b29512b33cacf732727a429e265b8c78a8feb35026706b7966410b1e63655eefb94bc576462756b89372cc07e43f52b0f54f650d3939d63688597daa87c02c996aaff92cae3e12d5a8bf296cd306ddf020457da8bade54d6484bc85b9e34e5b754f250de17ce75e7abcca55d546106235806ca0bbfc426ef793025e456381a5ead1058cfeb084c6be2345e297aebb64b653b3a58b08fd09bbdadb459a9d3283a0d37f2771ecedba10fcf233548a2b54f2b51a00e0e5a2031069276e302dd96b1d588165dd90511139df81b6385174412b6968bbc8e9f1ac254a25cd919d9ee1a429596e86efffd406234a19cb9a5e3113626d144bcba18da6c30e8c065ae710b2473d5b9f3897f7f47a61843007533a926e8368de4165d791444410f75591a13dd36da41f3c7297fc0eea54fdd6977a1d4b708a3a274c0d06aecbe201b6c6d27b735d8200ea19d6439614aab5a2cede2476d140be993bcf7f44abd794a03b420c370c784e6a89586fb8a9b50225909caa0d13649e3246c7b3496a438c5adac8239ad117f9336b406d3fad7c325a8469e1ac5af2688f959a24195a265c567ff46a6d839df84491ab9d8947e89e6f3f3a4963a2dbeeb45250b9e2dec2e17b45e24bd28c3e26502891cee1c5be9886a0a5498da77cee6a0ac174f360370e512913a9fcbb7eb56e0fc81290cfaeccd52b5b0c08a3afc6d33d73ba35f643777645e6fa4ce219ccea9658d3753a1d5164a6ba5e455f46ba305f573290a14b5200e482b478046bbe134d708490c64eea1d49f440cf47a3040dfc21d621ba45f81c1e1dc16e4541e9d42206c180839fcd5e99e09e547a93ab692da4ef9e6b080e8dc66a0875a1040a8e0c62f7246e8e3d4c67c6d1f86c0fdf542120bd806a8feb58148c31676577c7149ecfffe00ae8878285ea1d19eba4ab9796d3c6051956f834231a14e13f25d649bdf02617b02856ca3581f9c2480e4add91f52f5a0f01cbedcbb48a6f718457d613cc0d8438b409f1dd7a62b872483a69be2025d13f0a211a2b8b774f19a52c7330c9e5b9d6f7e5c9b5df665da24686b277caa3edd6694bfe59cc2e8c2f149bb48e4e70ad694bcea2ca379c144cc2ff6feda6c2fbe46a4a2bd0c313e0ab3dd60c429837b447da9cc64210eb1d34cd55afbf72bba95e57eb88ffed1e993ecd9303e10245213b85e0574d327f2e83910c8a62c9c9cf0c89fab56e4b28dcaf1acb4260211e51229b0f62c759d88bde7f466f659ea73c3466e3cfeea5993e9d8c4c51ec1e2fa7d4676683d332d7a1f29f9f1322a47ecbc20b9e4d55015d7b9beb8fc46dda6adab0cff8c7134790e521fdbe11193c35d2ef44c8920c42b9053a9679d43601add81011275c8976c29dd40fb69d9ec71677c7c50ee3ba001533cf6b7ba6a92c5fd24d7164a5830d37d2418235c20d55e23fe0324d65be204deafa9b8b175e1454ebd674d88b39a230d1671ec8ee0547314f6f4ac613851609285373132701bc8787b97cf1ebd11950ba5c99a7e0cdb68b97eb552bc6daec0ca79be93b6478d1038a582a2d17e30bf6c14904a1d0779c383b64b3fb263e487f62474f7ba2e3353e03ed5eeda070cd918722694a2a9a93b1c09c749cf4e57cd2ddf79c9294e0e92f6d8a1e842dc32e75e0e2a1994873c340e9edcd8384a095a11de2db74c11ae324016a8f69382ef355d80e4654bc695d78d5e2be5cbf321bbd31ea2b8bcb741061a4602c912f58dd3b25151aeb9bf5f3811868fb6a3ce8badd27159b24546d9da720604f4793cdd71900d87a02127a7031792946a688c097ef77f718cbf3b3346c936837fc83e7b8e395f845791d0d8e6f63eda162a440c312a155bef4dcbb12cb6903783ba38ee8ce7c708dddd247268ec692da961d7648686a60890cd8a9b26f618fd11fe1a64049afee219bb22f1cbfd9f3a42986e3129726d5e5b92f1ee74aa1873356c65eda5dcc2546bf6948a530236e3889be6483ad3cc4f8758cc2d147f99a393bde04d19906ab4c4c52079b938dc575a7831be2c8b3ae75a57b4ab8e47b6fce24d1b720c424aeee66d68be3b3318b6445d88356d005f2da89b5de88af9b70f22124190aa79bb1319bf1691b4c950a44fb7fd5f21cd9b2616bd7b9249b557fce7e3e6fc05cd0c7b4ae46f8eb69692cff9c9c952b53b5ec673f70ece44ae148210db9cf507c1174b629e530e9065bd730c909c6a0be1e2c721aaf1ebb677f7515fdec1b0261e6b10b5c92a3d18a932e115cf5a3a31c9ee8ec3387fea6f9db38f7801a2bae1baaec954c1a2d8cf25094dc36de01f32b444a7939fac78308964ecc2f622913e3fe449ed3be774f37b9eb4d46dbdc6802b03f386ec126cf2dea9f60235ad7b53d0ad56cd943424e69324ec60015cb117835f0e6b0c4240a25ebb7f38d8b8f11a312b74f461c1883f4492e6bf4631a36820b742a90490bcae7a0907805b5a515ddf26f3d05234890484c100de706a0ece89e3844c57bda9989d7b48f72bfae4ad3fe7b4ba9de9af90e882303531ed310dd3eab3b76c82a1dedd3f99637cb90ea0361fc4124a8ce65b92da0a5e13fd58d82663d00829ef5918d6688686022e602c6d338170d0fa39fd3cf7bdf51e6a7f92a7681d560c92f4bf2eae276a529cdbda4f419ebfeadf730202222de7f40b11a2613c2b889004e9a1f5a8791601d96e4892389c396478837e6f537b0716f263bb539bd387a8ed043b93a3227f1d5c3abe4733e1c0bb5e8b496bfc4367d9aa3401f9d93e24483f5b2b0f8036ea7a65614c066578b99dfe1e4e3198fe079719d263779f7707e650462247b7c8431533d7702a7523493d9ef3ced56d91a3669385351a2eae4cac8f48f89e3854becebd73af293ea8496cc166d264e4c5b128da177fd817420c6f4977e757d5747d40a3e97348c2d111102acde4f78383e6ebb2160f0f63c85f603317d002a1fc2c9fa4a7c283397d8f1ecba422798ab83e7351402db7834a4eec6343ef5529ef91dc0a603c9f12b301c59b599b41ee97f123a542072915c585beb924212694430984f912e2b9bc9ec9db9e954f5f78a519a26bd5402b595a373b502efb65b0a359d8c728722664519ca1e605ad7e74b8e1c9479df49cc6071a30a5ce190ceb64450a849bfea0c33dffc7210e70244d43a4da99981580adf90866162e97a32e5bf43a38481257c17cb2ef6b53b1b10c9c3600ebb3f2742e0c1f5b9a91d268db6fc750e1e765d270ec4280c175ec2d8aa8661b7fc4f6fe27a9a49bbd73c59de41dae7a19f4589b5d0ba3dde788bc8a4e84caaee41c1a3a9b6be5b1dcc947fdff13df314d0ff525f3341a93e937ac9103706c86ae6331b61785d54cc854319db281d439680e70156c4de8289c042c71855f118f1d18442742da2f94776a36caeb4214aa32558826ed281012a504b6fb30e256f6ddc1495689b4b8a934b77bb7d5feb73812884283bcca3b31655d5bf323a5c1b44859cfda43ca5e3fa695245ba5ef1b8ea521dd463b75e1f9b3a7d04b2ad368502c26fd2adc4bde04a0c2f418ad53557e48e23a5e2cd76d80e9848deb2e3562e69df39bae3b4925aff3a6e754e37ba9823b9a0b3655feb77dd6e3fdcebc33497194e3e14f10952471dbfc756c546512cb7cbbcb5c66e137a2ba0ba55e8bebb4b84c8d6be81264f1f42419c0644281a9fe8654368f6dd49974b59b9eb58f928a72c6822a13d44fd0a9ece1d5d4f5c24f29fa5d9c705e60e2a6b3aab9166373aaae50d7e6975768bd31a0836c01e602afc578805106f863ea4a625c51ba5ec23dc6c03154ebff4c88432a851768f75d820baea05472d418d3844d5721066014721888303fc5ddfba6ae7554a285d2c581cc2474f8d29d558fe98931d702e39702b0d0bc5af31bb134ab1dd4de648e245851630ee0a9c996177c99f0227ccdc705b153991d83b86402bdafd4fa4e9e780e3a1f002a0fffc7fb0ba5a1156c1dd544f1103036d13d702f5d3bfff0e933014dce0d8394a47d106c55704c20c2b0094fbc63924c79557f475dc141bed3ba7025ed005ee53d64c5545d57d5cacd00788285b288d8548b7d30340687f46a2546e37c5a2c549b0016c0a21fc90f508d5bddbefef14bc41a030ca01a79389d3401edc492a96343930b46a4ba5d0daa86a0b183d182cafc62ee25b703ba4a50de3e037ad6b567581019d0718ac7162ae963d4307ee0566c08a955abd88ee4d388345dda170855ac03b62442b291c637e4e444aed468ac3bacbce9f753c00cb2450841351658e3381b2bd3e9bfd4d01f56e52b3622ac556a6e824f4c2415a7f86b750f1849a61cca4de395780b0bd81df4603c4683deea6dca5e07a190c9fcbb4b2963ea12fd7662572f79e3050c3b1bccab5169f4fabe60f05b151d187464ce160587889e9df06940b2f030d25f3cdd091d66b3e0ac0d10768a6547f43f3abe38aa0ace2fcdbf3e4332eb07280456b0ad6ec878604b6b753034989c9e852563c590275a7aba5db2b551b5b6abcfd7b488e8ca3a420e8175a8850f6abe8ac1502c209f37e8181228c10c52db52926fc9e368a0c9fcf0d94b97f0b3bd5360ac1bed289dde8e1b50b4dceb4009468195485732e2aeb20d9fbd14b0f7c4c61ea3ac4a84b9cd2f357fa4af96f74c53b58a6b8472cf01767b44d284937f0e6ec73dd76ce8e0d9d6772f297342069ca3451c181ced8d8758896beab5f4821accbd91aad3763c50cb7cb177b35a4790d377ccd0525de", 0xf7e}], 0x3}, 0x0)

04:47:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:35 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f00000008c0)={&(0x7f0000000280)=@in={0x10, 0x2}, 0x10, 0x0}, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x103, &(0x7f0000000000)={0x0, 0x2, "bae5"}, &(0x7f00000000c0)=0xa)

04:47:35 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
connect$inet6(r0, &(0x7f00000017c0)={0x1c, 0x1c, 0x2}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x108, 0x0, 0x0)

04:47:35 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x32, &(0x7f0000000180)=ANY=[], 0x98)

04:47:35 executing program 4:
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90)

[ 2800.130095][T24388] FAULT_INJECTION: forcing a failure.
[ 2800.130095][T24388] name failslab, interval 1, probability 0, space 0, times 0
[ 2800.159110][T24388] CPU: 0 PID: 24388 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2800.169594][T24388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2800.179694][T24388] Call Trace:
[ 2800.183003][T24388]  <TASK>
[ 2800.186051][T24388]  dump_stack_lvl+0x125/0x1b0
[ 2800.190781][T24388]  should_fail_ex+0x496/0x5b0
[ 2800.195496][T24388]  should_failslab+0x9/0x20
[ 2800.200057][T24388]  kmem_cache_alloc+0x334/0x3b0
[ 2800.204956][T24388]  __kernfs_new_node+0xd3/0x890
[ 2800.209825][T24388]  ? kernfs_path_from_node+0x60/0x60
[ 2800.215134][T24388]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 2800.221142][T24388]  ? lock_acquire+0x1ae/0x510
[ 2800.225846][T24388]  kernfs_new_node+0x94/0x110
[ 2800.230545][T24388]  __kernfs_create_file+0x53/0x340
[ 2800.235684][T24388]  sysfs_add_file_mode_ns+0x1ff/0x3b0
[ 2800.241087][T24388]  sysfs_create_file_ns+0x13e/0x1d0
[ 2800.246313][T24388]  ? sysfs_add_file_mode_ns+0x3b0/0x3b0
[ 2800.251878][T24388]  ? do_raw_spin_unlock+0x173/0x230
[ 2800.257104][T24388]  ? _raw_spin_unlock+0x28/0x40
[ 2800.261981][T24388]  ? kset_find_obj+0xc4/0x110
[ 2800.266684][T24388]  driver_create_file+0x4a/0x70
[ 2800.271561][T24388]  bus_add_driver+0x33d/0x630
[ 2800.276265][T24388]  driver_register+0x15c/0x4a0
[ 2800.281061][T24388]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2800.287354][T24388]  raw_ioctl+0x172f/0x2b80
[ 2800.291803][T24388]  ? raw_open+0x510/0x510
[ 2800.296154][T24388]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2800.301117][T24388]  ? raw_open+0x510/0x510
[ 2800.305478][T24388]  __x64_sys_ioctl+0x18f/0x210
[ 2800.310296][T24388]  do_syscall_64+0x38/0xb0
[ 2800.314747][T24388]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2800.320757][T24388] RIP: 0033:0x7f410aa7c84b
[ 2800.325190][T24388] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2800.344910][T24388] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2800.353342][T24388] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2800.361325][T24388] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2800.369324][T24388] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2800.377318][T24388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2800.385301][T24388] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2800.393328][T24388]  </TASK>
[ 2800.396415][    C0] vkms_vblank_simulate: vblank timer overrun
04:47:36 executing program 2:
io_setup(0x7ff, &(0x7f0000000000)=<r0=>0x0)
io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={[0x1]}, 0x8})

04:47:36 executing program 4:
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x149280)

[ 2800.436361][T24388] bus_add_driver: uevent attr (raw-gadget.1) failed
[ 2800.581468][T17130] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 2800.991312][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2801.161320][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2801.170430][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2801.187879][T17130] usb 1-1: Product: syz
[ 2801.195617][T17130] usb 1-1: Manufacturer: syz
[ 2801.205871][T17130] usb 1-1: SerialNumber: syz
[ 2802.371878][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2802.378405][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2802.386577][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2802.794184][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2802.819104][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2802.848061][T17130] usb 1-1: USB disconnect, device number 74
[ 2802.855685][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:39 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 43)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:39 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:39 executing program 4:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg(r0, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)='\b', 0x1}], 0x1}}], 0x1, 0x0)

04:47:39 executing program 1:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'wg1\x00'})

04:47:39 executing program 5:
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40044590, &(0x7f0000000180)={0x0, 0x0, 0x0})

04:47:39 executing program 2:
io_setup(0x7f, &(0x7f0000001a00)=<r0=>0x0)
io_submit(r0, 0x3, &(0x7f0000002f00)=[&(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0, 0x0])

04:47:39 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x2, 0x0)

04:47:39 executing program 4:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2}, 0x48)

04:47:39 executing program 5:
add_key$fscrypt_v1(&(0x7f00000004c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='keyring\x00', 0xfffffffffffffffd)

04:47:39 executing program 2:
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000840), &(0x7f0000000880)=ANY=[@ANYBLOB='e'], 0x0, 0x0)

[ 2803.464703][T24448] FAULT_INJECTION: forcing a failure.
[ 2803.464703][T24448] name failslab, interval 1, probability 0, space 0, times 0
[ 2803.545636][T24448] CPU: 0 PID: 24448 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2803.556135][T24448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2803.566250][T24448] Call Trace:
[ 2803.569597][T24448]  <TASK>
[ 2803.572571][T24448]  dump_stack_lvl+0x125/0x1b0
[ 2803.577300][T24448]  should_fail_ex+0x496/0x5b0
[ 2803.582027][T24448]  should_failslab+0x9/0x20
[ 2803.586575][T24448]  kmem_cache_alloc+0x334/0x3b0
[ 2803.591464][T24448]  __kernfs_new_node+0xd3/0x890
[ 2803.596332][T24448]  ? kernfs_add_one+0x3ca/0x510
[ 2803.601198][T24448]  ? kernfs_path_from_node+0x60/0x60
[ 2803.606503][T24448]  ? down_write+0x14f/0x200
[ 2803.611052][T24448]  ? up_write+0x1b3/0x510
[ 2803.615406][T24448]  kernfs_new_node+0x94/0x110
[ 2803.620107][T24448]  __kernfs_create_file+0x53/0x340
[ 2803.625247][T24448]  sysfs_add_file_mode_ns+0x1ff/0x3b0
[ 2803.630657][T24448]  sysfs_create_file_ns+0x13e/0x1d0
[ 2803.635886][T24448]  ? sysfs_add_file_mode_ns+0x3b0/0x3b0
[ 2803.641457][T24448]  ? do_raw_spin_unlock+0x173/0x230
[ 2803.646685][T24448]  ? _raw_spin_unlock+0x28/0x40
[ 2803.651550][T24448]  ? kset_find_obj+0xc4/0x110
[ 2803.656254][T24448]  driver_create_file+0x4a/0x70
[ 2803.661164][T24448]  bus_add_driver+0x410/0x630
[ 2803.665866][T24448]  driver_register+0x15c/0x4a0
[ 2803.670743][T24448]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2803.676926][T24448]  raw_ioctl+0x172f/0x2b80
[ 2803.681369][T24448]  ? raw_open+0x510/0x510
[ 2803.685716][T24448]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2803.690687][T24448]  ? raw_open+0x510/0x510
[ 2803.695069][T24448]  __x64_sys_ioctl+0x18f/0x210
[ 2803.699871][T24448]  do_syscall_64+0x38/0xb0
[ 2803.704306][T24448]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2803.710221][T24448] RIP: 0033:0x7f410aa7c84b
[ 2803.714649][T24448] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2803.734302][T24448] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2803.742749][T24448] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2803.750755][T24448] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2803.758755][T24448] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2803.766749][T24448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2803.774737][T24448] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2803.782742][T24448]  </TASK>
[ 2803.785899][    C0] vkms_vblank_simulate: vblank timer overrun
04:47:39 executing program 4:
request_key(&(0x7f0000000040)='blacklist\x00', &(0x7f0000000080)={'syz', 0x1}, 0x0, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f00000004c0), &(0x7f0000000500)={'fscrypt:', @desc2}, &(0x7f0000000540)={0x0, "b04d9cffec7b8c43c10c04a93251f28424e7f3672abade0c7bcacbd9482944ddbef05dd3f5c502baa1906b32c22c41df8fa276a81c3e1d70cb0f76e60a6c9da7"}, 0x48, 0xfffffffffffffffe)

04:47:39 executing program 1:
io_setup(0x7f, &(0x7f0000001a00)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000001b00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}])

[ 2803.904207][T24448] bus_add_driver: add_bind_files(raw-gadget.1) failed
[ 2804.055579][T17130] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 2804.461754][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2804.661474][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2804.670586][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2804.679899][T17130] usb 1-1: Product: syz
[ 2804.700823][T17130] usb 1-1: Manufacturer: syz
[ 2804.705490][T17130] usb 1-1: SerialNumber: syz
[ 2805.861526][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2805.868025][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2805.878335][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2806.283975][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2806.325840][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2806.384607][T17130] usb 1-1: USB disconnect, device number 75
[ 2806.394721][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:42 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt(r0, 0x0, 0x400, 0x0, &(0x7f0000000140))

04:47:42 executing program 2:
futex(0x0, 0x5, 0x0, &(0x7f0000000100), 0x0, 0x0)

04:47:42 executing program 1:
syz_emit_ethernet(0xae, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaabbffffffffffff08"], 0x0)

04:47:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:42 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x0)

04:47:42 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 44)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:42 executing program 4:
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x4c04, 0x0)

04:47:42 executing program 2:
keyctl$describe(0x5, 0x0, 0x0, 0x0)

04:47:42 executing program 5:
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper', 0x6240, 0x0)

[ 2806.951224][T24506] FAULT_INJECTION: forcing a failure.
[ 2806.951224][T24506] name failslab, interval 1, probability 0, space 0, times 0
[ 2806.990841][T24506] CPU: 0 PID: 24506 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2807.001325][T24506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2807.011423][T24506] Call Trace:
[ 2807.014731][T24506]  <TASK>
[ 2807.017688][T24506]  dump_stack_lvl+0x125/0x1b0
[ 2807.022409][T24506]  should_fail_ex+0x496/0x5b0
[ 2807.027138][T24506]  should_failslab+0x9/0x20
[ 2807.031683][T24506]  kmem_cache_alloc+0x334/0x3b0
[ 2807.036611][T24506]  __kernfs_new_node+0xd3/0x890
[ 2807.041506][T24506]  ? kernfs_add_one+0x3ca/0x510
[ 2807.046399][T24506]  ? kernfs_path_from_node+0x60/0x60
[ 2807.051736][T24506]  ? down_write+0x14f/0x200
[ 2807.056405][T24506]  ? up_write+0x1b3/0x510
[ 2807.060800][T24506]  kernfs_new_node+0x94/0x110
[ 2807.065534][T24506]  __kernfs_create_file+0x53/0x340
[ 2807.070698][T24506]  sysfs_add_file_mode_ns+0x1ff/0x3b0
[ 2807.076132][T24506]  sysfs_create_file_ns+0x13e/0x1d0
[ 2807.081384][T24506]  ? sysfs_add_file_mode_ns+0x3b0/0x3b0
[ 2807.086981][T24506]  ? do_raw_spin_unlock+0x173/0x230
[ 2807.092326][T24506]  ? _raw_spin_unlock+0x28/0x40
[ 2807.097228][T24506]  ? kset_find_obj+0xc4/0x110
04:47:42 executing program 4:
syz_open_dev$evdev(&(0x7f0000000400), 0x3ff, 0x4040)

04:47:42 executing program 5:
syz_open_dev$loop(&(0x7f0000000040), 0xffffffffffffffff, 0x0)

[ 2807.101965][T24506]  driver_create_file+0x4a/0x70
[ 2807.106877][T24506]  bus_add_driver+0x4fe/0x630
[ 2807.111603][T24506]  driver_register+0x15c/0x4a0
[ 2807.116431][T24506]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2807.122654][T24506]  raw_ioctl+0x172f/0x2b80
[ 2807.127122][T24506]  ? raw_open+0x510/0x510
[ 2807.131500][T24506]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2807.136488][T24506]  ? raw_open+0x510/0x510
[ 2807.140863][T24506]  __x64_sys_ioctl+0x18f/0x210
[ 2807.145678][T24506]  do_syscall_64+0x38/0xb0
[ 2807.150146][T24506]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2807.156089][T24506] RIP: 0033:0x7f410aa7c84b
[ 2807.160540][T24506] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2807.180189][T24506] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2807.188644][T24506] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
04:47:43 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f00000010c0), 0x4)

[ 2807.196733][T24506] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2807.204737][T24506] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2807.212742][T24506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2807.220745][T24506] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2807.228773][T24506]  </TASK>
[ 2807.231858][    C0] vkms_vblank_simulate: vblank timer overrun
04:47:43 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

[ 2807.309442][T24506] bus_add_driver: add_bind_files(raw-gadget.1) failed
04:47:43 executing program 2:
futex(&(0x7f0000000080), 0x5, 0x0, &(0x7f0000000100), &(0x7f0000000140), 0x0)

04:47:43 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8907, 0x0)

[ 2807.541825][T17130] usb 1-1: new high-speed USB device number 76 using dummy_hcd
04:47:43 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:43 executing program 1:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10}, 0x10}}, 0x0)

[ 2807.941044][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2808.171141][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2808.180444][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2808.210921][T17130] usb 1-1: Product: syz
[ 2808.215176][T17130] usb 1-1: Manufacturer: syz
[ 2808.219794][T17130] usb 1-1: SerialNumber: syz
[ 2809.371382][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2809.384207][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2809.400702][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2809.801118][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2809.851040][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2809.889658][T17130] usb 1-1: USB disconnect, device number 76
[ 2809.912369][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:46 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 45)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:46 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8918, 0x0)

04:47:46 executing program 2:
pselect6(0x40, &(0x7f0000000000), &(0x7f0000000040)={0x7}, 0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={[0x10000]}, 0x8})

04:47:46 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendto(r0, &(0x7f0000000040)="98", 0x1, 0x0, 0x0, 0x0)

04:47:46 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x482, 0x0)
write$cgroup_freezer_state(r0, &(0x7f0000000040)='THAWED\x00', 0x7)

04:47:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:46 executing program 2:
r0 = open(&(0x7f0000001800)='./file0\x00', 0x240, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0)

04:47:46 executing program 5:
syz_open_dev$evdev(&(0x7f0000001180), 0x0, 0xa002)

04:47:46 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
preadv2(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2810.448272][T24581] FAULT_INJECTION: forcing a failure.
[ 2810.448272][T24581] name failslab, interval 1, probability 0, space 0, times 0
[ 2810.508734][T24581] CPU: 1 PID: 24581 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2810.519226][T24581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2810.529324][T24581] Call Trace:
[ 2810.532632][T24581]  <TASK>
[ 2810.535590][T24581]  dump_stack_lvl+0x125/0x1b0
[ 2810.540314][T24581]  should_fail_ex+0x496/0x5b0
[ 2810.545293][T24581]  should_failslab+0x9/0x20
[ 2810.549825][T24581]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2810.555333][T24581]  ? kobject_uevent_env+0x24c/0x1800
[ 2810.560669][T24581]  kmalloc_trace+0x25/0xe0
[ 2810.565141][T24581]  kobject_uevent_env+0x24c/0x1800
[ 2810.570304][T24581]  ? driver_create_file+0x51/0x70
[ 2810.575470][T24581]  ? bus_add_driver+0x1e2/0x630
[ 2810.580364][T24581]  ? internal_create_groups+0x11a/0x150
[ 2810.585962][T24581]  driver_register+0x2cf/0x4a0
[ 2810.590788][T24581]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2810.597003][T24581]  raw_ioctl+0x172f/0x2b80
[ 2810.601475][T24581]  ? raw_open+0x510/0x510
[ 2810.605865][T24581]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2810.610851][T24581]  ? raw_open+0x510/0x510
[ 2810.615215][T24581]  __x64_sys_ioctl+0x18f/0x210
[ 2810.620023][T24581]  do_syscall_64+0x38/0xb0
[ 2810.624493][T24581]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2810.630436][T24581] RIP: 0033:0x7f410aa7c84b
[ 2810.634892][T24581] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
04:47:46 executing program 2:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000001c00), 0x0, 0x0)
bind$unix(r0, 0x0, 0x0)

[ 2810.654811][T24581] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2810.663268][T24581] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2810.671279][T24581] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2810.679288][T24581] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2810.687294][T24581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2810.695296][T24581] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2810.703324][T24581]  </TASK>
04:47:46 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x80084504, &(0x7f0000000180)={0x0, 0x0, 0x0})

04:47:46 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
write$sndseq(r0, 0x0, 0x1b00)
clock_gettime(0x0, &(0x7f0000000080))
ppoll(&(0x7f0000000040)=[{r0}], 0x1, 0x0, 0x0, 0x0)

[ 2810.890937][ T3987] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 2811.251145][ T3987] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2811.421205][ T3987] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2811.430313][ T3987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2811.451115][ T3987] usb 1-1: Product: syz
[ 2811.458775][ T3987] usb 1-1: Manufacturer: syz
[ 2811.470423][ T3987] usb 1-1: SerialNumber: syz
[ 2812.631380][ T3987] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2812.637880][ T3987] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2812.654162][ T3987] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2813.051173][ T3987] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2813.089070][ T3987] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2813.136304][ T3987] usb 1-1: USB disconnect, device number 77
[ 2813.153097][ T3987] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:49 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 46)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:49 executing program 1:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x881, 0x0)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, &(0x7f00000000c0), 0x0, 0x0)
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="73797a317f53466c474895be72c68c4e2129fd2249dc32972a9cb2ffa67f78a0c1e4b07e9d1757acbec82d3d84c906360afdffffffffffffffbd7c210b0f8055e96140693671ef49732d469076a0ceb280b6c3926dae09a902e271175cd15ed1d8eebbfd8edf1e5f77770d4918b11945481d384e5294420000000000"], 0x7c)

04:47:49 executing program 4:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB]}]})

04:47:49 executing program 2:
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
write$sndseq(r0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

04:47:49 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:49 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})

04:47:49 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})

[ 2813.674614][T24630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2813.704738][T24630] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:47:49 executing program 1:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETAF(r0, 0x5412, &(0x7f0000000100)={0x3, 0x0, 0x3, 0x0, 0x0, "d5a6de5acd4b91ec"})

04:47:49 executing program 1:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETAF(r0, 0x5412, &(0x7f0000000100)={0x3, 0x0, 0x3, 0x0, 0x0, "d5a6de5acd4b91ec"})

04:47:49 executing program 2:
sendmsg$unix(0xffffffffffffffff, 0x0, 0xffefff1f)

04:47:49 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})

[ 2813.991065][T28690] usb 1-1: new high-speed USB device number 78 using dummy_hcd
04:47:49 executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001000)={&(0x7f0000000e40)={{0xeb9f, 0x1, 0xe, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000f00)=""/229, 0x1a, 0xe5, 0x1}, 0x20)

[ 2814.351026][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2814.531147][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2814.540245][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2814.571048][T28690] usb 1-1: Product: syz
[ 2814.575256][T28690] usb 1-1: Manufacturer: syz
[ 2814.579878][T28690] usb 1-1: SerialNumber: syz
[ 2815.741103][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2815.747598][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2815.770954][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2816.171156][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2816.218768][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2816.264336][T28690] usb 1-1: USB disconnect, device number 78
[ 2816.272220][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:52 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 47)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:52 executing program 1:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETAF(r0, 0x5412, &(0x7f0000000100)={0x3, 0x0, 0x3, 0x0, 0x0, "d5a6de5acd4b91ec"})

04:47:52 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:52 executing program 5:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue1\x00'})

04:47:52 executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000016c0)={&(0x7f0000000c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x2}]}]}, {0x0, [0x0, 0x2e]}}, &(0x7f00000015c0)=""/226, 0x34, 0xe2, 0x1}, 0x20)

04:47:52 executing program 4:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB]}]})

04:47:52 executing program 2:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={r0}, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38)

[ 2816.743602][T24684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2816.778317][T24684] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:47:52 executing program 1:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETAF(r0, 0x5412, &(0x7f0000000100)={0x3, 0x0, 0x3, 0x0, 0x0, "d5a6de5acd4b91ec"})

[ 2816.850558][T24696] FAULT_INJECTION: forcing a failure.
[ 2816.850558][T24696] name failslab, interval 1, probability 0, space 0, times 0
[ 2816.892903][T24696] CPU: 1 PID: 24696 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2816.903557][T24696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2816.913827][T24696] Call Trace:
[ 2816.917137][T24696]  <TASK>
[ 2816.920102][T24696]  dump_stack_lvl+0x125/0x1b0
[ 2816.924833][T24696]  should_fail_ex+0x496/0x5b0
[ 2816.929560][T24696]  should_failslab+0x9/0x20
[ 2816.934102][T24696]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2816.939624][T24696]  ? kobject_get_path+0xce/0x2b0
[ 2816.944612][T24696]  ? kobject_get_path+0xce/0x2b0
[ 2816.949594][T24696]  __kmalloc+0x4f/0x100
[ 2816.953789][T24696]  kobject_get_path+0xce/0x2b0
[ 2816.958611][T24696]  kobject_uevent_env+0x26b/0x1800
[ 2816.963772][T24696]  ? driver_create_file+0x51/0x70
[ 2816.968848][T24696]  ? bus_add_driver+0x1e2/0x630
[ 2816.973738][T24696]  ? internal_create_groups+0x11a/0x150
[ 2816.979334][T24696]  driver_register+0x2cf/0x4a0
[ 2816.984157][T24696]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2816.990364][T24696]  raw_ioctl+0x172f/0x2b80
[ 2816.994835][T24696]  ? raw_open+0x510/0x510
[ 2816.999561][T24696]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2817.004542][T24696]  ? raw_open+0x510/0x510
[ 2817.008893][T24696]  __x64_sys_ioctl+0x18f/0x210
[ 2817.013677][T24696]  do_syscall_64+0x38/0xb0
[ 2817.018113][T24696]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2817.024035][T24696] RIP: 0033:0x7f410aa7c84b
[ 2817.028465][T24696] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2817.048093][T24696] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2817.056531][T24696] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2817.064514][T24696] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2817.072495][T24696] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2817.080474][T24696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
04:47:52 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = gettid()
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = getpid()
sendmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@cred={{0x1c, 0x1, 0x2, {r1, 0x0, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r2]}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @cred={{0x1c, 0x1, 0x2, {r3, 0xee00}}}], 0x70}, 0x0)

04:47:52 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

[ 2817.088452][T24696] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2817.096450][T24696]  </TASK>
04:47:53 executing program 2:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
fstat(r1, &(0x7f00000000c0))

04:47:53 executing program 1:
pselect6(0x40, &(0x7f0000000080), &(0x7f00000000c0)={0x1}, 0x0, 0x0, 0x0)

[ 2817.311707][ T3987] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 2817.702941][ T3987] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2817.883954][ T3987] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2817.901014][ T3987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2817.909047][ T3987] usb 1-1: Product: syz
[ 2817.931040][ T3987] usb 1-1: Manufacturer: syz
[ 2817.935681][ T3987] usb 1-1: SerialNumber: syz
[ 2819.093978][ T3987] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2819.100464][ T3987] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2819.132520][ T3987] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2819.511163][ T3987] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2819.551606][ T3987] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2819.594738][ T3987] usb 1-1: USB disconnect, device number 79
[ 2819.610362][ T3987] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:55 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 48)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:55 executing program 5:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000004600), 0x0, 0x0)
read(r0, 0x0, 0x0)

04:47:55 executing program 1:
openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)

04:47:55 executing program 2:
r0 = fsopen(&(0x7f0000000940)='bpf\x00', 0x0)
fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f0000000080)='bpf\x00', &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c)

04:47:55 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:55 executing program 4:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB]}]})

04:47:55 executing program 2:
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xe040, 0x0)
mount(0x0, &(0x7f0000001140)='./file0\x00', 0x0, 0x9158224e9dc63d7e, 0x0)

[ 2820.113159][T24747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:47:56 executing program 5:
syz_clone(0x0, 0x0, 0x4e, 0x0, 0x0, 0x0)
ioprio_get$pid(0x2, 0x0)
gettid()
gettid()

04:47:56 executing program 1:
r0 = socket(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={0x0}}, 0x0)

[ 2820.161432][T24747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2820.170587][T24753] FAULT_INJECTION: forcing a failure.
[ 2820.170587][T24753] name failslab, interval 1, probability 0, space 0, times 0
[ 2820.215540][T24753] CPU: 0 PID: 24753 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2820.226112][T24753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2820.236202][T24753] Call Trace:
[ 2820.239505][T24753]  <TASK>
[ 2820.242464][T24753]  dump_stack_lvl+0x125/0x1b0
[ 2820.247274][T24753]  should_fail_ex+0x496/0x5b0
[ 2820.252002][T24753]  should_failslab+0x9/0x20
[ 2820.256538][T24753]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2820.262058][T24753]  ? call_usermodehelper_setup+0x9a/0x340
[ 2820.267830][T24753]  kmalloc_trace+0x25/0xe0
[ 2820.272307][T24753]  ? kobj_ns_initial+0x90/0x90
[ 2820.277117][T24753]  call_usermodehelper_setup+0x9a/0x340
[ 2820.282715][T24753]  kobject_uevent_env+0xf4e/0x1800
[ 2820.287902][T24753]  ? bus_add_driver+0x1e2/0x630
[ 2820.292801][T24753]  ? internal_create_groups+0x11a/0x150
[ 2820.298399][T24753]  driver_register+0x2cf/0x4a0
[ 2820.303217][T24753]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2820.310044][T24753]  raw_ioctl+0x172f/0x2b80
[ 2820.314512][T24753]  ? raw_open+0x510/0x510
[ 2820.318887][T24753]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2820.323880][T24753]  ? raw_open+0x510/0x510
[ 2820.328249][T24753]  __x64_sys_ioctl+0x18f/0x210
[ 2820.333056][T24753]  do_syscall_64+0x38/0xb0
[ 2820.337519][T24753]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2820.343713][T24753] RIP: 0033:0x7f410aa7c84b
[ 2820.348163][T24753] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2820.367814][T24753] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2820.376266][T24753] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2820.384277][T24753] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2820.392283][T24753] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2820.400323][T24753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2820.408331][T24753] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2820.416358][T24753]  </TASK>
[ 2820.419535][    C0] vkms_vblank_simulate: vblank timer overrun
04:47:56 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x6d, 0x0, &(0x7f0000000240)=0x8400)

04:47:56 executing program 1:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@cgroup=r0, 0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:47:56 executing program 2:
socket(0x2, 0x0, 0x400007)

[ 2820.702486][T17130] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 2821.141469][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2821.360992][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2821.370096][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2821.380689][T17130] usb 1-1: Product: syz
[ 2821.384901][T17130] usb 1-1: Manufacturer: syz
[ 2821.389611][T17130] usb 1-1: SerialNumber: syz
[ 2822.540973][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2822.547502][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2822.571569][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2822.975223][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2823.024166][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2823.071182][T17130] usb 1-1: USB disconnect, device number 80
[ 2823.078636][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:47:59 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 49)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:47:59 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x10, 0x0, 0x0)

04:47:59 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:47:59 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @remote, 0x2}]}, &(0x7f0000000080)=0x10)

04:47:59 executing program 5:
r0 = socket(0x18, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0)

04:47:59 executing program 4:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB]}]})

[ 2823.573900][T24802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2823.606826][T24802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:47:59 executing program 1:
quotactl$Q_QUOTAOFF(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='.'], 0x0, 0x0)

[ 2823.635542][T24810] FAULT_INJECTION: forcing a failure.
[ 2823.635542][T24810] name failslab, interval 1, probability 0, space 0, times 0
[ 2823.655845][T24810] CPU: 0 PID: 24810 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2823.666313][T24810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2823.676397][T24810] Call Trace:
[ 2823.679714][T24810]  <TASK>
[ 2823.682674][T24810]  dump_stack_lvl+0x125/0x1b0
[ 2823.687402][T24810]  should_fail_ex+0x496/0x5b0
[ 2823.692130][T24810]  should_failslab+0x9/0x20
[ 2823.696674][T24810]  kmem_cache_alloc+0x334/0x3b0
[ 2823.701589][T24810]  skb_clone+0x171/0x3c0
[ 2823.705886][T24810]  netlink_broadcast_filtered+0xaf9/0xf00
[ 2823.711677][T24810]  ? sprintf+0xcd/0x100
[ 2823.715887][T24810]  ? netlink_connect+0x550/0x550
[ 2823.720890][T24810]  netlink_broadcast+0x39/0x50
[ 2823.725716][T24810]  kobject_uevent_env+0xbd2/0x1800
[ 2823.730894][T24810]  ? bus_add_driver+0x1e2/0x630
04:47:59 executing program 1:
r0 = syz_io_uring_setup(0x36d6, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000180))
syz_io_uring_setup(0x4211, &(0x7f00000001c0)={0x0, 0x0, 0x824, 0x0, 0x0, 0x0, r0}, 0x0, 0x0)

[ 2823.735801][T24810]  ? internal_create_groups+0x11a/0x150
[ 2823.741404][T24810]  driver_register+0x2cf/0x4a0
[ 2823.746232][T24810]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2823.752454][T24810]  raw_ioctl+0x172f/0x2b80
[ 2823.756934][T24810]  ? raw_open+0x510/0x510
[ 2823.761373][T24810]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2823.766359][T24810]  ? raw_open+0x510/0x510
[ 2823.770729][T24810]  __x64_sys_ioctl+0x18f/0x210
[ 2823.775538][T24810]  do_syscall_64+0x38/0xb0
[ 2823.780000][T24810]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2823.785965][T24810] RIP: 0033:0x7f410aa7c84b
[ 2823.790414][T24810] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2823.810063][T24810] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2823.818545][T24810] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2823.826733][T24810] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
04:47:59 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16, @ANYBLOB="a1"], 0x60}, 0x8e}, 0x0)

[ 2823.834755][T24810] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2823.842761][T24810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2823.850760][T24810] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2823.858784][T24810]  </TASK>
[ 2823.861904][    C0] vkms_vblank_simulate: vblank timer overrun
04:47:59 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x82, 0x0, &(0x7f0000000240)=0x8400)

04:47:59 executing program 5:
keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/208, 0xd0)
keyctl$reject(0x13, 0x0, 0x7f, 0x1, 0x0)
add_key(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="668701a6b8419b87dbf98677f38c6a57958a06fc85f3519cdaf9a51a947f1b52652580332205ea783ed31a11fbc5b2658404e02beb3883f380088ae275cc73", 0x3f, 0x0)
r0 = request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='\x00', 0x0)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000400)={r0, 0x1000, 0x6f}, &(0x7f0000000440)={'enc=', 'raw', ' hash=', {'ghash-clmulni\x00'}}, &(0x7f00000004c0)="74bcd61da1068b82496a388aae5eaeee905b1e1c7939775b2107091387390dfe3b7b1d63a2a5b17693516a6d2b57d92eb59f112f9d4d74475d6fde637341bf8d8e58ef48cd4ea4b7d6e326e791356ffc5a0e01db7d811e2bb8e7730fe91fa560c71396859fd334eb4fbb6c2da4a32e702252c410ef07ecc2f485c72acf282ff76c6583d24ba5992d1ce1a1f4969f5c03ef817e37666abce678e9fe48efde0a9190cf7a043b39d391ceaeba4452db136ef3a27021b2d1ae77ff83b426c822eb83b3ff1763f6d65435e551990f1a8193770bb0f35c202623806c715c146d1e4bb483cde0cd190b744c7095834621c5ee76b6940c3821175f609e62a460b3f36a43dfb8d4839ce933d1d405013bab14dfd06bc679ea4c5193f6ba25bcf02fa7925498cf15dd7c365a140ac5bed9ba61a8f8caf077adcdd3ae1b31c5aeb190d52b2725c2c2aa193f3f3ff4b5b5c4901f22b9931a4e36c3c57eb0d7388ea149cfc1e513aaa5586e307bc75d7c5ee47db6f57d4ce254cc417042352995eb4f390678155794d689dda64f6898c28fdf90e73b79dde035607916cac55d7d895d1074353ac7b4843c2e75ac571585098f2020965aa541c3cdef098bdcc19df8c7868d64f4ec592971c76b1349feda7c3a9ebcaf56db48891d5f7bc9a6d2bf4a3f29ae00aec971d5748f432b0df8ab44772669e3fe1a08d2c0f80444f740f09d0d28969162109415868676c05440ec67e784fa56983266bdb956c2457fceaff77c663d36c0442c1973cec5e4b76c0583a75aeaa034605de45263313600bdc290d81b1a3f9c70ee997a585d706eccc2338e8d9300ca1c0a6f9047340c18d917f49b3a254597756938ef3d4e47c71b0fc33dfff7bd524031c61e92e68c9dce6690e61e8bb430f96a45f672f2e7d687940317a613352eb569c474d751edadd8772603204f74cad1cc2903af1dcea0a983651b937f718f48c89002bd4da0643e8895f3aec6815e6e3cc763a024f4da972dcb9d6ab5fd8747b16a1979b42e07cfc5054b62cdb41bbb5e1ad5c3f9a9e68773b4e0de86b2f02f48a93cdf4c29a3f6f7f3335531fa74cd950c0ef9cc9612a6fb35efe93c04840580b6c75835edbfd7f41330096f7e099749c9b390abf72ad068be11fefab4427138883999f2465128c91af1c6a59e2302412afd5ed77ea7954008b19d0a91f5317c27bb92b7bd0ed07122e682f8d7e083f08e0b797a05e01ddb52a0af1af5b05def538441d04502edd7fff2e4924c5622560f4354edfa96638d404b47c6847e21701813ca210e189b354593ecd23b5af07813ddb31791e2628d3cb723430907e52003ecc82dcea5d93825afea54658439ee21ff323814fee09d6d13a9a344ce40c30908d3e25a1e70837d04a4e3ca551b1d3a48bfc91dc6ca5fa595329e4791fbf1bf94eb8ebe066411d1c45514c079a5b484d8b18ba33f2900861354ec8b9fb69162fc1785a857b09fc2bb7d4e30f1de2ff27d326c7feb9a542fb1ecb8c65a522167292f5952caea1aa7e8c0ffa87eb346ac187cc5ff3ffc6c40405aaaa3b82cd4012302a2cfbe98324e31482f6da28a4703ad31530cfefa3858a6e1d990094741aae5cdbff9d48f1557b9dde6da3adc7663224a2688b108707f59dd84c6adb406a872758bedb758f3655c658663f46dbbeb70703a8fdbdacfc4d327ed9c57645f085b11c02f6af9572976dc68da7f711d0f413a10f5e9b49c7525a7a8a6a5b5000cb3e5bed6e26471838c9e5ed43d3886ba7cfbbab8e1b2749a2318da1180bedf921299ad77f53ef162c6e5a669195e24f46eb1ba2e6889c92c6444c6a3094236b6412551efe2c8bef335d9d54afadc7df402200b5f40857b3c2d707bd578a249486c3160744eb19f9f917fa1d382b96cf62b22d840d93e9efb866e72efd8c65d828c64a669f637efa09672541e714d38e2faf098b475bacd22386d4cb37222400e5ce21e13e3f30d68621660e3285311f43b90c5eaca3c4e2755b391284c7265affc149077b07b226145ff7ba8c9eedf04064af33282f861a40267f77c957194767d282e485f4dfdb646cbfece2048f36b81d517a04d454cf7d990d218376ec5a251117f12e2c0b48f59b7f3ffc8fcc44461a0e0543970a5bccb5223ddf6ae5099849d09d35416f70787f5533401f8d2bc45292b8fda837aa88609eeae4e396111bc9c7f5f08a0af7817b8a94bddf76335e87a394fd07f35d19dd91da38bbde585c7e47a2ad0c30280e1103bd0f196dd9108364e273eae5635d230c732cf737800e2b9e1dea4eb0f63509a2eeb958d4a35341708e592f7bd03f582fef4d402af34fa7f99ef64157c88a0869e3d92a115be40c8610aad3722bf551addba3549bb3b2495e290d4e5e436e7545c10dc921e7d2cc114d0731dbb63bcefa334d49eef0206a819b2cab54692ec31d49a06dc7542a8d1342c4398a5a497205b071661f3d83941cfeb30629d05d4bf6b0cf5add1e7ec779a311a53400e6cde7ea1b3cfa437b9ed8e98ad2cd5022251b6184ab19ac109be2ce5ad23daca2f7492ab9961002dce0658968931acf084eee36d1f6c49a24bcc926913a415d41fbf5f4f00de04171ba6501cb44103c170fbad5bdb11776181829d5bdc455e2598bb21bb8fd028ef2bb5ad446530111c1b799ae091f468e7b29ce84a686e1773a7173e382dcb438c5a8606eaad51ebf3dccacdf8d052f6b15506dfd974e051aaf81b5c17e0dbea82efa13db0bb4dd7b43ef6ee5f73a23fe75efdd5bcce73e06aa45a4435d63915aae2d22a0b0763be52d5110e14810d81eaf39e5d8f6c98d87f0039e546bc47ead225c6e41820510008bbf703845b27562e68fe2b99287e89f3b966e7b77e5a5dcefc7dee4aac3db5850de786478f92d3ab81ad2010900ed1d8691ace4b89df2717e937078c32abd921952d43b3f38ccc8203e5a7a5dcd529858156071bdce40e9bb4cbde742ac7336f8c13be284bc52265b8fcfb898c5afece1493d8a4092cabfcff8b55f172d34ce51aebf023b3628d6e19564587c7dfd897250a27e81af305248432fcf0ea18e62e2c50621b2f91012c0793d6d769e32388ccfa6d59b6b6d7be96cf30b09d766033ba33eb4dadbe6df2b83ec97b5e1183a9e50529bed3eca322a040db79a8ddd63104d345d9c3216e4ac2ebb7bd02c566b3d4d305e21631417b6a8c8dc2a4e92078059f7778e8d2052b9a87d092504310562298b238cd17637bc44b8eff7f0cb570481677c44a9dd88990114e626868a07175b01b5be67f95d9539b5febc6d7a1be0a3db4d528ff21d0e81e644a24d84f7141f1355915e76405c3d3d1d70879dbfd45ed63fdc9aeccfb124ffcf9c86ad59f4d0ab472f7effddc534694a8b6625d2020cbac2355a3edb4ba2b7003154d9d7c5aad968a84b4905c7472edceb974d05c8609784754649651f1169b0f9500ec06ee8ba063fa33a81cd357b08b196da593847a55496b2e175940342b0cf5fb9cf8eedbee7b1ed5ae98a865832eac702e9e227fe6bab23bd455bf898a44e7bf517d49420c73a406aec8d0c9d5640eedb8437ea2ccd6350ce397824a6602a2f693199362b65754d254f5cdd7378cdf27f84f4c11f825db0dfec17899085d7360775aca8c4c4efd6048bb5bba1c55c527ba768283c49d68676a8978b02acc839e57a1f8ef83711c13d14696cd37849b25e00a69457590816b16cd04ef6dfa56916c95642da5e157267cc878009aa9367defe387d4524405cb9a7e89735725b6873ac63bee1735027dbbd7ecc1b7a3aeef6f33a99d608a16503693411b17c9a3e2fa52b38e24542c62ff4b1cd08bc6d7c870781aadb4eb291d996019cee13de6173bb9275c1e5f76162a16e495269de042e0b7e3deffa2ddac44c7efedec4a0e840754a84a6800adb8605888bb7a755dceee7dceac5e3b05a633b55ca7a03f483176853eebfb828c0cca7966b2fa037902294e4d7faf6316c1c40c349653969d62d1dd5476cfcb117e2f9f025413b03b49917b2e10660f6f6cab0aa613781f1a2cda8f498866dbceaae3d4150672cfb6a4175d406f686b43223f6cce675f87c8ac7b03a31b7e43a7e5e7da1993eeec070b02b5abdbf1ef7e30af0cd9c6620211d6ee6593a32f38c39aa4ee1ae95e1dfd58464403efc43f35244da4f6500cdc7cfd61b125def775727b55fa6713f31f427fe03f3f168bed02f85e119a18c95330ac68be83cf1fabdb26f9eda6ae76989f43385c85d480730264cbe44254983beb7ebe3a647a6883566d08b839dcbba5bfdfe18e5d2092bd654309516e24cb0f7649d5dc096e0f586fadc2060d0d32b9acedc5faff943566b0a4650aad91bff0ff15fa182a3cface39c4596d72b7c5ff06cc01f45d3b308207e6d4ee288c99fa708cc7dbbe3a840b161e347bd37b78860dd36f5931165e9be7b241651e7c0815c649bdaabff6c7bc3e98170c4405f33eafc0fbc8159b405950a6a75f7422f0624c7e66cd42f829ef50c7eb0bc7f61c282acb4c71e8584098a02e231d9f45b5e2bc54f93e348760e053066be4712ed5a7015c08caf69b6f79e188495ae9d40d49b1af14446de4f8e3147ec1d61234c1ffd02090ef92d513247775a58360fdd32d20da09734b9c0983f1be3cb7a6faf8472b5ab268d8c5047fd48d014ad451a55e88b931941c8274be20648e2522faeaa2d8e6c2f08abd5a3975090edcd5ef4a18d1e8a7ed571ef3ac7cdabb4aa0d42f9f32e0cddef729ded77a7d8b495a5f02d4840e20a93fc53cdd3a683e5daaa302f6c95f0a95871c7589b149d4912274bbc0b88358ae442c99eba8b22ba81719808217f0970b296f5add7d03a54ca3989c91a1809d503ee46752d87f45a9b387d32babdefa94dea807995bfbd1921e3f153654045b96f94f330f438302392312146c86d3b13aad9cf3a4039273394cd0b59d537d60abe574de175fc86363edd8c01455b364c0205fd47613c48b9a9d7537d3d6bf852492c20ed7bf1b64bf6cbf1bd185661e0d620fdc3fa73e623307b3d674448c0bd746d03a77fb2987685dc771e8dd68f971aba86f77b77e76283eeb4d1a4f40a446bfa96935606ff6b58a4c87ea5b0a442cc1d792f61048bffd9f390f1b1df11b325860ac35458336c4251505c1b3659c7dcad182a12143b9ad8175b378409f3c13049675e5377450e19f552e67ad7e7e58427a93498f0ebdd93ad6097f981209c247233d93a1d77017036998a35ea274fb8b6e676f38ad6e6e364d8144b872b9b8ce62b41db89077a50e97c62209c45d8cad58ea1bc185e821b62c27dbb6437e71317559323c1b9fb73f400f655d4f45754726ce2ebd0628d786dd3a0d93bc81a6b84a4e243effcf5290ba9d619f23316d7cd35bae05e238030422a1d8267fa55395c3f02f461223d361dc5ad8d14c560272b64a1cff4584713d6b112297f2ad6755a38b83f67855895dffeb1e3adf2f371cd2cee0ab05f257b35e7aa7c4647d8fc9cb5a83b44cff66f797803b76cf59f3f75de080c246cd0a15ca748d7ae5fab9ff3f8fa306b068dca76b178b5f038fc6d15ed0eaee455026d1e96dff4f546bd576352610244a585dad6a763c5f65f000eb25fbb7102c20ca76053d1cb27e4cb3c1c74ca1d7770a181138434ba3c20840d443ec65678c219a19c9577ea66272a2b9464392cded2d003a36ae3ecb4d4fa7e08b52d635e267434fdcd1b0e5fb9f835aae78a6ae03b0dc5e5a08e6eb8d505f4fbfe3a91f0f91ee92a6f1f266fab92bbdb0e39e31071c5c15198e27abd8ba52f08867f3c2", &(0x7f00000014c0)=""/111)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000001540)='trusted\x00', &(0x7f0000001680)=@keyring)
keyctl$unlink(0x9, r0, 0x0)
request_key(&(0x7f00000017c0)='rxrpc\x00', &(0x7f0000001800)={'syz', 0x3}, &(0x7f0000001840)='asymmetric\x00', 0xffffffffffffffff)
request_key(&(0x7f0000001bc0)='asymmetric\x00', &(0x7f0000001c00)={'syz', 0x0}, &(0x7f0000001c40)='%}:\'(^[&{@@\x00', 0x0)

04:47:59 executing program 5:
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "202ebbfb0fb6bcf066fc34ea5298b88615e22e4f7d9e1b06d002341158bab63beb85cbf5f1dc980b29350b8941dfee361d6f4acfd484c6ab4bc8489cd2b7c3f5"}, 0x48, 0xfffffffffffffffd)
keyctl$assume_authority(0x10, r0)

[ 2824.052654][T17130] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 2824.431167][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2824.641070][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2824.650293][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2824.659277][T17130] usb 1-1: Product: syz
[ 2824.670650][T17130] usb 1-1: Manufacturer: syz
[ 2824.676202][T17130] usb 1-1: SerialNumber: syz
[ 2825.840981][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2825.847639][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2825.870970][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2826.262120][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2826.294693][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2826.341409][T17130] usb 1-1: USB disconnect, device number 81
[ 2826.357009][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:02 executing program 1:
r0 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000000), 0x4001, 0x0)
getsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4)
read$alg(r0, &(0x7f00000000c0)=""/131, 0x83)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000180)=0x4)
r1 = accept4$alg(r0, 0x0, 0x0, 0x6a829d8e941b23)
sendmsg$alg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000001c0)="93f718ebdfe72fd915ad720651307838dcb9cd72cce638e85cfbb3e668447aa40f134219c745d068bed3a2ab9c1311117ed3994adc50eac1058abe483dbfff0e2b0af1697489c2c1e384e9559d76e1c5e8332fa90e41f3028cb76b31083ffae5a4c69a773ef24608ee1bc88db6e0815deee71befe37490f7894a980fb0db460a16650408149ff7321bb154e6957f756e646a396895aff69ee29e73b377c544f8fc708e11f9c5c3208264c971f2bd6091a8e56f5528f074948d54c8cb8ec03f933c2e1f6958122c8a0d34f9fe6f995fcf42f11056b5f701337260d9a257f43036f6e6ced3bdd41cecf22c5e39b905c554f03916e8", 0xf4}, {&(0x7f00000002c0)="5ef7804c1b10618645a07b542e3ae16cf41d9c80a6d0b8b7f29bd060b6762a2e79c5b118b9b9761c54e983350a7b0b9e9d5f0c3540db87f849875b3408efcf00f89f8e4324be11099c0822b22647d98297dd2e137044ea43d033460a3c9135ecf084c44e1f6d70d7f5d8fdd80e3e97fd1b57647d469f1193e99f823b1448a062cfe3d340d5cdcb443789703aa244c817b57715fd706847bd160b02e6156bc09395f5fd1e004fcf5260e046390288c4036f77434db337384c271c45776247486b36545874650775", 0xc7}, {&(0x7f00000003c0)="5fc33f056e2a1d042ac9a673b3a33e86d2ca22a19950da7da24202da44144a477efda2362e28598e2738c5661b6887e02129e7c1fef7d773dc692c731a33f251b7c0459779bfa285aaddb03e28b2124df55113e6815081a02bba18c0d08b81f881d3b1239dee4033ee0de1a0ade26a15e0f056962a3b7c7f7a97d7659206ee", 0x7f}, {&(0x7f0000000440)="97080bccf07751a4b3ee9db04f6301b9b421c076c316c069e8", 0x19}], 0x4, &(0x7f00000004c0)=[@op={0x10, 0x117, 0x3, 0x1}, @assoc={0x10, 0x117, 0x4, 0x6}, @assoc={0x10}, @iv={0xc0, 0x117, 0x2, 0xaf, "a56fa4f576805a170a4ae58b19b5a3fde29b0259190920a2857edce9dfdcc20b23ba17f32e8a1c3f355d3a306755e921fd6c5a9e2e817719de53bc7631943b940ff048447cc69027e37555f2311df0edb7bdb6558d515a511ce62b4589d3feb89b4ea6b49665b4679c397982b9bdbaa38adbdec298cb6c8cd289d7814fb279b480e792512dcd0af701dbaf8aaa1365f76e3322ad841e793c3c4d5bead4acdbd7c10de9360b0d4df74d756c707ebbef"}, @op={0x10, 0x117, 0x3, 0x1}], 0x100, 0x4}, 0x20000100)
openat$drirender128(0xffffff9c, &(0x7f0000000600), 0x218040, 0x0)
r2 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000640), 0x20880, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000680)={0x0, 0x0, r0})
r3 = openat$nvme_fabrics(0xffffff9c, &(0x7f00000006c0), 0x408002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@bloom_filter={0x1e, 0x8, 0x6, 0x7, 0x400, r2, 0x9, '\x00', 0x0, r3, 0x4, 0x4, 0x3, 0x8000}, 0x48)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000007c0)={&(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000940)={&(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0], 0x8, 0x4, 0x3, 0x3})
r4 = openat$ppp(0xffffff9c, &(0x7f0000000980), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f00000009c0))
ioctl$PPPIOCATTCHAN(r0, 0x40047438, &(0x7f0000000a00)=0x4)
ioctl$IOMMU_DESTROY$device(0xffffffffffffffff, 0x3b80, &(0x7f0000004f00)={0x8})

04:48:02 executing program 5:
request_key(0x0, 0x0, &(0x7f00000003c0)='\x00', 0x0)
keyctl$get_keyring_id(0x0, 0x0, 0x0)
request_key(&(0x7f00000017c0)='rxrpc\x00', &(0x7f0000001800)={'syz', 0x3}, &(0x7f0000001840)='asymmetric\x00', 0xffffffffffffffff)
keyctl$revoke(0x3, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)

04:48:02 executing program 4:
syz_genetlink_get_family_id$tipc(&(0x7f0000003580), 0xffffffffffffffff)
openat$binder_debug(0xffffff9c, &(0x7f0000003780)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)

04:48:02 executing program 2:
add_key(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0x0)
request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0)
request_key(&(0x7f00000017c0)='rxrpc\x00', &(0x7f0000001800)={'syz', 0x3}, &(0x7f0000001840)='asymmetric\x00', 0xffffffffffffffff)
keyctl$revoke(0x3, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000001d80), 0xffffffffffffffff)

04:48:02 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 50)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:02 executing program 5:
openat$ocfs2_control(0xffffff9c, &(0x7f0000000000), 0x4001, 0x0)

04:48:02 executing program 4:
syz_open_dev$loop(&(0x7f0000000bc0), 0x0, 0x490080)

[ 2826.903331][T24869] FAULT_INJECTION: forcing a failure.
[ 2826.903331][T24869] name failslab, interval 1, probability 0, space 0, times 0
[ 2826.947402][T24869] CPU: 1 PID: 24869 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2826.957970][T24869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2826.968051][T24869] Call Trace:
[ 2826.971359][T24869]  <TASK>
[ 2826.974313][T24869]  dump_stack_lvl+0x125/0x1b0
[ 2826.979037][T24869]  should_fail_ex+0x496/0x5b0
[ 2826.983768][T24869]  should_failslab+0x9/0x20
[ 2826.988318][T24869]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2826.993836][T24869]  ? call_usermodehelper_setup+0x9a/0x340
[ 2826.999608][T24869]  kmalloc_trace+0x25/0xe0
[ 2827.004080][T24869]  ? kobj_ns_initial+0x90/0x90
[ 2827.008897][T24869]  call_usermodehelper_setup+0x9a/0x340
[ 2827.014481][T24869]  kobject_uevent_env+0xf4e/0x1800
[ 2827.019627][T24869]  ? bus_add_driver+0x1e2/0x630
[ 2827.024500][T24869]  ? internal_create_groups+0x11a/0x150
[ 2827.030103][T24869]  driver_register+0x2cf/0x4a0
[ 2827.034905][T24869]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2827.041091][T24869]  raw_ioctl+0x172f/0x2b80
[ 2827.045541][T24869]  ? raw_open+0x510/0x510
[ 2827.049960][T24869]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2827.054920][T24869]  ? raw_open+0x510/0x510
[ 2827.059268][T24869]  __x64_sys_ioctl+0x18f/0x210
[ 2827.064050][T24869]  do_syscall_64+0x38/0xb0
[ 2827.068490][T24869]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2827.074404][T24869] RIP: 0033:0x7f410aa7c84b
[ 2827.078833][T24869] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2827.098476][T24869] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2827.106907][T24869] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2827.114889][T24869] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2827.122869][T24869] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2827.130858][T24869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2827.138842][T24869] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2827.146857][T24869]  </TASK>
04:48:02 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r0, &(0x7f0000000340)="13", 0x1, 0x0, &(0x7f0000000040)={0x10, 0x2}, 0x10)

04:48:03 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
gettid()

04:48:03 executing program 5:
syz_io_uring_setup(0x2637, &(0x7f0000000040), 0x0, 0x0)
syz_io_uring_setup(0x74b4, &(0x7f0000000380), &(0x7f0000000400), 0x0)
syz_io_uring_setup(0x4363, &(0x7f0000000300), &(0x7f0000000440), 0x0)
syz_io_uring_setup(0x518, &(0x7f00000000c0), &(0x7f0000000000), 0x0)
syz_io_uring_setup(0x344a, &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000240))

04:48:03 executing program 2:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000047c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
fchown(r0, 0x0, 0xffffffffffffffff)

[ 2827.351039][ T2543] usb 1-1: new high-speed USB device number 82 using dummy_hcd
04:48:03 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:03 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x14, r1, 0x2294a2617cb1e733}, 0x14}}, 0x0)

04:48:03 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000005e7c3d"], 0x84}}, 0x0)

04:48:03 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
gettid()

04:48:03 executing program 5:
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000053d40)={0x0, ""/256, 0x0, <r2=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000053f40))
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000054140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}], 0x0, "081e0d78e38844"})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000010000000000000000000850000000700000095e33e095bdb36d39605d821cdb05b89065efbe845bb6613c7ecb8ba79decf65bb9a05fba386c38a83e5d5a8b4135ccb836b5e9e4cdb47594955c69a4f74620cc927a9c841f75970c4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)

[ 2827.711577][ T2543] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2827.891052][ T2543] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2827.920208][ T2543] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2827.945395][ T2543] usb 1-1: Product: syz
[ 2827.949622][ T2543] usb 1-1: Manufacturer: syz
[ 2827.973497][ T2543] usb 1-1: SerialNumber: syz
[ 2829.171396][ T2543] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2829.177918][ T2543] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2829.200950][ T2543] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2829.602776][ T2543] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2829.661740][ T2543] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2829.712235][ T2543] usb 1-1: USB disconnect, device number 82
[ 2829.719714][ T2543] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:05 executing program 1:
r0 = syz_open_dev$usbfs(&(0x7f0000000300), 0x7e20623c, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, 0x0)

04:48:05 executing program 2:
syz_open_dev$usbfs(&(0x7f0000000300), 0x7e20623c, 0x0)

04:48:05 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r1, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:05 executing program 4:
syz_open_dev$rtc(&(0x7f0000000080), 0x3, 0xc0043)

04:48:05 executing program 5:
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000053d40)={0x0, ""/256, 0x0, <r2=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000053f40))
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000054140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}], 0x0, "081e0d78e38844"})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000010000000000000000000850000000700000095e33e095bdb36d39605d821cdb05b89065efbe845bb6613c7ecb8ba79decf65bb9a05fba386c38a83e5d5a8b4135ccb836b5e9e4cdb47594955c69a4f74620cc927a9c841f75970c4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)

04:48:05 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 51)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:06 executing program 2:
sigaltstack(&(0x7f0000ffa000), 0x0)
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000300)={{0xffffffffffffffff, 0xffffffffffffffff}})
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[ 2830.265415][T24953] FAULT_INJECTION: forcing a failure.
[ 2830.265415][T24953] name failslab, interval 1, probability 0, space 0, times 0
04:48:06 executing program 1:
semget(0x1, 0x0, 0xee78fa7cc97faf4e)

04:48:06 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r0, &(0x7f0000000000)="5de0c6443f69ca60ac35408e510e7f148585eed8b98ff783652b8b93b17cdc4f139fb978c96a336d456dd1435605ac20d18cebef7740c1d0ca46c473cfd18552ff93322c88d9a19f506bd558cd43018c816458cef794a71deaaa9b32827c71641468ef0ea40fad0b3941c66df2be8fad4f51a1abeeb611c3524b1ec098450732327b3198ca027a9738c5c65ef77e612ed87bcaff0b10154139ed9b1ac86a278a928643d17de8a83cb4ea14cb4e32b058d6116cf2d8392fcbf74a5e9419231b2afca839505257df65d8474851e1c5e2d62997c80a0c32bc3cabddee176592237703", 0xe1, 0x0, &(0x7f0000000100)={0x10, 0x2}, 0x10)

[ 2830.351025][T24953] CPU: 0 PID: 24953 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2830.361512][T24953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2830.371607][T24953] Call Trace:
[ 2830.374922][T24953]  <TASK>
[ 2830.377887][T24953]  dump_stack_lvl+0x125/0x1b0
[ 2830.382622][T24953]  should_fail_ex+0x496/0x5b0
[ 2830.387352][T24953]  should_failslab+0x9/0x20
[ 2830.391901][T24953]  kmem_cache_alloc+0x334/0x3b0
[ 2830.396825][T24953]  skb_clone+0x171/0x3c0
04:48:06 executing program 1:
sigaltstack(&(0x7f0000ffb000), 0x0)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000)

[ 2830.401115][T24953]  netlink_broadcast_filtered+0xaf9/0xf00
[ 2830.406891][T24953]  ? sprintf+0xcd/0x100
[ 2830.411126][T24953]  ? netlink_connect+0x550/0x550
[ 2830.416130][T24953]  netlink_broadcast+0x39/0x50
[ 2830.420951][T24953]  kobject_uevent_env+0xbd2/0x1800
[ 2830.426126][T24953]  ? bus_add_driver+0x1e2/0x630
[ 2830.431027][T24953]  ? internal_create_groups+0x11a/0x150
[ 2830.436633][T24953]  driver_register+0x2cf/0x4a0
[ 2830.441556][T24953]  usb_gadget_register_driver_owner+0xfd/0x2d0
[ 2830.447773][T24953]  raw_ioctl+0x172f/0x2b80
[ 2830.452244][T24953]  ? raw_open+0x510/0x510
[ 2830.456616][T24953]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2830.461613][T24953]  ? raw_open+0x510/0x510
[ 2830.465994][T24953]  __x64_sys_ioctl+0x18f/0x210
[ 2830.470807][T24953]  do_syscall_64+0x38/0xb0
[ 2830.475277][T24953]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2830.481219][T24953] RIP: 0033:0x7f410aa7c84b
[ 2830.485667][T24953] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2830.505316][T24953] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2830.513766][T24953] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2830.521786][T24953] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[ 2830.529791][T24953] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2830.530775][ T2543] usb 1-1: new high-speed USB device number 83 using dummy_hcd
04:48:06 executing program 1:
symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00')
utimensat(0xffffffffffffff9c, &(0x7f0000001140)='./file0\x00', 0x0, 0x200)

[ 2830.537776][T24953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2830.553390][T24953] R13: 00007f410b7f1040 R14: 0000000020000480 R15: 00007f410acc0320
[ 2830.561421][T24953]  </TASK>
[ 2830.564525][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2830.580652][    C1] raw-gadget.1 gadget.0: ignoring, device is not running
04:48:06 executing program 2:
mlock(&(0x7f0000002000/0x1000)=nil, 0x1000)
mincore(&(0x7f0000002000/0x4000)=nil, 0x4000, &(0x7f0000001100)=""/26)

04:48:06 executing program 4:
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x5000, 0x3, &(0x7f0000ff6000/0x5000)=nil)
mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0)

04:48:06 executing program 1:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x42880, 0x0)
r1 = getpid()
fcntl$setownex(r0, 0xf, &(0x7f0000000000)={0x2, r1})

[ 2830.780808][ T2543] usb 1-1: device descriptor read/64, error -32
04:48:06 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r1, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:06 executing program 2:
mlock2(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000ff9000/0x2000)=nil)

04:48:06 executing program 5:
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000053d40)={0x0, ""/256, 0x0, <r2=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000053f40))
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000054140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}], 0x0, "081e0d78e38844"})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000010000000000000000000850000000700000095e33e095bdb36d39605d821cdb05b89065efbe845bb6613c7ecb8ba79decf65bb9a05fba386c38a83e5d5a8b4135ccb836b5e9e4cdb47594955c69a4f74620cc927a9c841f75970c4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)

[ 2831.051370][ T2543] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[ 2831.411028][ T2543] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2831.581279][ T2543] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2831.590378][ T2543] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2831.610589][ T2543] usb 1-1: Product: syz
[ 2831.620083][ T2543] usb 1-1: Manufacturer: syz
[ 2831.633161][ T2543] usb 1-1: SerialNumber: syz
[ 2832.811072][ T2543] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2832.817571][ T2543] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2832.840967][ T2543] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2833.222496][ T2543] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2833.266821][ T2543] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2833.306412][ T2543] usb 1-1: USB disconnect, device number 84
[ 2833.322440][ T2543] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:09 executing program 2:
r0 = shmget$private(0x0, 0x800000, 0x0, &(0x7f0000800000/0x800000)=nil)
shmat(r0, &(0x7f0000ffb000/0x4000)=nil, 0x0)

04:48:09 executing program 4:
mlock2(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000ff8000/0x2000)=nil)

04:48:09 executing program 1:
r0 = epoll_create1(0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0x50002009})

04:48:09 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r1, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:09 executing program 5:
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000053d40)={0x0, ""/256, 0x0, <r2=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000053f40))
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000054140)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}], 0x0, "081e0d78e38844"})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000010000000000000000000850000000700000095e33e095bdb36d39605d821cdb05b89065efbe845bb6613c7ecb8ba79decf65bb9a05fba386c38a83e5d5a8b4135ccb836b5e9e4cdb47594955c69a4f74620cc927a9c841f75970c4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0)

04:48:09 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 52)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:09 executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000034c0)={0x11, 0x1, &(0x7f00000032c0)=@raw=[@ldst], &(0x7f0000003300)='syzkaller\x00', 0x1}, 0x90)

04:48:09 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0x1f, 0x4)

04:48:09 executing program 4:
bpf$BPF_PROG_GET_NEXT_ID(0xc, 0x0, 0x0)

[ 2833.895338][T25022] FAULT_INJECTION: forcing a failure.
[ 2833.895338][T25022] name failslab, interval 1, probability 0, space 0, times 0
[ 2833.969290][T25022] CPU: 0 PID: 25022 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2833.979876][T25022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2833.989962][T25022] Call Trace:
[ 2833.993266][T25022]  <TASK>
[ 2833.996224][T25022]  dump_stack_lvl+0x125/0x1b0
[ 2834.000946][T25022]  should_fail_ex+0x496/0x5b0
[ 2834.005672][T25022]  should_failslab+0x9/0x20
[ 2834.010214][T25022]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2834.015745][T25022]  ? tomoyo_encode2+0x100/0x3d0
[ 2834.020652][T25022]  ? tomoyo_encode2+0x100/0x3d0
[ 2834.025560][T25022]  __kmalloc+0x4f/0x100
[ 2834.029754][T25022]  tomoyo_encode2+0x100/0x3d0
[ 2834.034491][T25022]  ? rcu_is_watching+0x12/0xb0
[ 2834.039313][T25022]  tomoyo_encode+0x29/0x50
[ 2834.043789][T25022]  tomoyo_realpath_from_path+0x196/0x710
[ 2834.049491][T25022]  tomoyo_path_number_perm+0x241/0x580
[ 2834.055007][T25022]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2834.060698][T25022]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2834.066571][T25022]  ? __might_fault+0x13f/0x1a0
[ 2834.071395][T25022]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2834.076828][T25022]  ? rcu_is_watching+0x12/0xb0
[ 2834.081632][T25022]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 2834.087485][T25022]  ? xfd_validate_state+0x5d/0x180
[ 2834.092663][T25022]  ? __fget_files+0x272/0x410
[ 2834.097397][T25022]  security_file_ioctl+0x72/0xb0
[ 2834.102390][T25022]  __x64_sys_ioctl+0xbb/0x210
[ 2834.107116][T25022]  do_syscall_64+0x38/0xb0
[ 2834.111581][T25022]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
04:48:09 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="a940a2f985640b6729c99d8f925e803c2215a6ab80118418ee7213f3431fc7a96e"], 0xe535e40b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x11, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000457e813000000021f2000008000300", @ANYRES32=r4, @ANYBLOB="08009e00"], 0x24}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendfile(r5, r1, 0x0, 0x10000a006)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)

[ 2834.117527][T25022] RIP: 0033:0x7f410aa7c84b
[ 2834.121977][T25022] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2834.142410][T25022] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2834.150906][T25022] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2834.158912][T25022] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2834.166915][T25022] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2834.174918][T25022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2834.182920][T25022] R13: 0000000800000000 R14: 0000000020000480 R15: 00007f410aad07e0
[ 2834.190946][T25022]  </TASK>
[ 2834.194068][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:10 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x20)

04:48:10 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x26e1, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000040))

[ 2834.253143][T25022] ERROR: Out of memory at tomoyo_realpath_from_path.
04:48:10 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0)
pipe2(&(0x7f0000000280)={<r1=>0xffffffffffffffff}, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r0)
r3 = dup(r2)
write(r3, &(0x7f0000000140)="f4137941439bd1612568bf879c3ea918227867fbff7122ee8310ae85b305f9ae812f6460c5ff6f3cdb0cc04b7712fb4785eb105ee9b64e564b82d857a3b1702f8d6fed4946ee5a1143d6abbd85b2c53792a5438c0000000094deb7d2fd57bbf2c84b870e4937e99cbbe75536aab0a98fb9d13860ab5db46e564cba36a822de000000000000000000000000000000a55277cf03da25e83c2f9459a42c18d46eb645db163b472dfac68bb8d1f044540000000000000000", 0xfffffd0d)

04:48:10 executing program 1:
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x200, 0x0)
fcntl$lock(r0, 0x7, 0x0)

04:48:10 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:10 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$unix(r0, 0x0, 0xfffffffffffffef1)

[ 2834.531161][T17130] usb 1-1: new high-speed USB device number 85 using dummy_hcd
04:48:10 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup2(r1, r0)
poll(&(0x7f0000000200)=[{r1}], 0x1, 0x0)

[ 2834.931288][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2835.121322][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2835.130486][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2835.145866][T17130] usb 1-1: Product: syz
[ 2835.154773][T17130] usb 1-1: Manufacturer: syz
[ 2835.165108][T17130] usb 1-1: SerialNumber: syz
[ 2836.321562][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2836.334758][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2836.350856][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2836.604737][ T1236] ieee802154 phy0 wpan0: encryption failed: -22
[ 2836.611762][ T1236] ieee802154 phy1 wpan1: encryption failed: -22
[ 2836.750999][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2836.793808][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2836.841118][T17130] usb 1-1: USB disconnect, device number 85
[ 2836.853194][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:13 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 53)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:13 executing program 4:
mlock(&(0x7f0000001000/0x3000)=nil, 0x3000)
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0)
munlock(&(0x7f0000001000/0x4000)=nil, 0x4000)

04:48:13 executing program 1:
utimes(0x0, &(0x7f0000000040)={{0x0, 0x780f29f2}})

04:48:13 executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = geteuid()
lchown(&(0x7f0000000040)='./file0\x00', r0, 0xffffffffffffffff)

04:48:13 executing program 5:
syz_emit_ethernet(0x52, &(0x7f0000000000)={@broadcast, @empty, @val, {@ipv4}}, 0x0)

04:48:13 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:13 executing program 2:
r0 = semget(0x0, 0x1, 0x4)
semctl$SETVAL(r0, 0x0, 0x8, 0x0)
r1 = semget(0x1, 0x1, 0x0)
semctl$GETALL(r1, 0x0, 0x6, &(0x7f0000000000)=""/245)

[ 2837.345438][T25089] FAULT_INJECTION: forcing a failure.
[ 2837.345438][T25089] name fail_usercopy, interval 1, probability 0, space 0, times 0
04:48:13 executing program 4:
setuid(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001440))

04:48:13 executing program 1:
r0 = socket$unix(0x1, 0x5, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001440)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
poll(&(0x7f0000000000)=[{r1}], 0x1, 0x1000)
dup2(r0, r1)

04:48:13 executing program 5:
r0 = socket$unix(0x1, 0x5, 0x0)
pipe(&(0x7f0000001a80)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
poll(&(0x7f0000002340)=[{r1}], 0x1, 0x0)
dup2(r0, r1)

[ 2837.476395][T25089] CPU: 0 PID: 25089 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2837.486886][T25089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2837.496972][T25089] Call Trace:
[ 2837.500277][T25089]  <TASK>
[ 2837.503236][T25089]  dump_stack_lvl+0x125/0x1b0
[ 2837.507968][T25089]  should_fail_ex+0x496/0x5b0
[ 2837.512696][T25089]  _copy_from_user+0x30/0xf0
[ 2837.517343][T25089]  raw_ioctl+0x1102/0x2b80
[ 2837.521811][T25089]  ? raw_open+0x510/0x510
[ 2837.526185][T25089]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2837.531191][T25089]  ? raw_open+0x510/0x510
[ 2837.535561][T25089]  __x64_sys_ioctl+0x18f/0x210
[ 2837.540374][T25089]  do_syscall_64+0x38/0xb0
[ 2837.544838][T25089]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2837.550782][T25089] RIP: 0033:0x7f410aa7c84b
[ 2837.555238][T25089] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2837.574883][T25089] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2837.583331][T25089] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2837.591338][T25089] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2837.599340][T25089] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2837.607350][T25089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2837.615355][T25089] R13: 0000000800000000 R14: 0000000020000480 R15: 00007f410aad07e0
[ 2837.623387][T25089]  </TASK>
04:48:13 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=@base={0x15, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)

04:48:13 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
setrlimit(0x1, &(0x7f0000000100)={0xffffffff, 0xffffffffffffffff})
fallocate(r0, 0x0, 0x0, 0x7fffffff)
pwritev2(r0, &(0x7f0000000040)=[{&(0x7f0000000140)='J', 0x1}], 0x1, 0x0, 0x0, 0x0)

[ 2837.626555][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:14 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 54)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:14 executing program 5:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
setrlimit(0x1, &(0x7f0000000100)={0xffffffff, 0xffffffffffffffff})
fallocate(r0, 0x0, 0x0, 0x7fffffff)
utime(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = msgget$private(0x0, 0x0)
msgrcv(r1, 0x0, 0x0, 0x2, 0x0)
rt_sigreturn()
utime(&(0x7f00000002c0)='./bus\x00', 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
msgrcv(0x0, 0x0, 0xad, 0x0, 0x0)
renameat2(r0, &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', r0, &(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', 0x0)
msgctl$IPC_RMID(r1, 0x0)

04:48:14 executing program 4:
r0 = open(&(0x7f00000001c0)='./bus\x00', 0x4042, 0x0)
msgget$private(0x0, 0x0)
r1 = msgget$private(0x0, 0x0)
msgrcv(r1, 0x0, 0x0, 0x0, 0x0)
setxattr$incfs_metadata(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000000c0), &(0x7f0000000200)="b5", 0x1, 0x0)
rt_sigreturn()
mknodat$loop(r0, &(0x7f0000000040)='.\x00', 0x0, 0x0)
msgsnd(r1, &(0x7f0000000100)={0x6}, 0x8, 0x0)
msgctl$IPC_RMID(0x0, 0x0)

04:48:14 executing program 3:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:14 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'macvlan0\x00', 0x1})
pread64(r0, 0x0, 0x0, 0x0)

[ 2838.364653][T25122] FAULT_INJECTION: forcing a failure.
[ 2838.364653][T25122] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2838.419969][T25122] CPU: 1 PID: 25122 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2838.430458][T25122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2838.440546][T25122] Call Trace:
[ 2838.443855][T25122]  <TASK>
[ 2838.446812][T25122]  dump_stack_lvl+0x125/0x1b0
[ 2838.451532][T25122]  should_fail_ex+0x496/0x5b0
[ 2838.456256][T25122]  _copy_to_user+0x30/0xb0
[ 2838.460721][T25122]  raw_ioctl+0x12ac/0x2b80
[ 2838.465186][T25122]  ? raw_open+0x510/0x510
[ 2838.469642][T25122]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2838.474631][T25122]  ? raw_open+0x510/0x510
[ 2838.479007][T25122]  __x64_sys_ioctl+0x18f/0x210
[ 2838.483821][T25122]  do_syscall_64+0x38/0xb0
[ 2838.488282][T25122]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2838.494224][T25122] RIP: 0033:0x7f410aa7c84b
[ 2838.498674][T25122] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2838.518316][T25122] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2838.526763][T25122] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2838.534765][T25122] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2838.542762][T25122] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2838.550764][T25122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2838.558763][T25122] R13: 0000000800000000 R14: 0000000020000480 R15: 00007f410aad07e0
[ 2838.566783][T25122]  </TASK>
04:48:14 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x274882, 0x80)
rt_sigreturn()

04:48:14 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2838.771056][ T2543] usb 1-1: new high-speed USB device number 86 using dummy_hcd
04:48:14 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[], 0x18}, 0x0)

04:48:14 executing program 2:
syz_clone(0x80360100, 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0)

04:48:14 executing program 1:
r0 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001740)={r0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)

04:48:14 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000080)={'lo\x00', 0x200})

04:48:14 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xa, 0x0, 0x0, 0x0, 0x200}, 0x48)

04:48:15 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 55)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

[ 2839.424509][T25157] FAULT_INJECTION: forcing a failure.
[ 2839.424509][T25157] name failslab, interval 1, probability 0, space 0, times 0
[ 2839.441282][T25157] CPU: 0 PID: 25157 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2839.451759][T25157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2839.461849][T25157] Call Trace:
[ 2839.465157][T25157]  <TASK>
[ 2839.468111][T25157]  dump_stack_lvl+0x125/0x1b0
[ 2839.472840][T25157]  should_fail_ex+0x496/0x5b0
[ 2839.477575][T25157]  should_failslab+0x9/0x20
[ 2839.482118][T25157]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2839.487634][T25157]  ? tomoyo_encode2+0x100/0x3d0
[ 2839.492542][T25157]  ? tomoyo_encode2+0x100/0x3d0
[ 2839.497451][T25157]  __kmalloc+0x4f/0x100
[ 2839.501653][T25157]  tomoyo_encode2+0x100/0x3d0
[ 2839.506387][T25157]  ? rcu_is_watching+0x12/0xb0
[ 2839.511198][T25157]  tomoyo_encode+0x29/0x50
[ 2839.515673][T25157]  tomoyo_realpath_from_path+0x196/0x710
[ 2839.521373][T25157]  tomoyo_path_number_perm+0x241/0x580
[ 2839.526891][T25157]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2839.532587][T25157]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2839.538459][T25157]  ? __might_fault+0x13f/0x1a0
[ 2839.543278][T25157]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2839.548702][T25157]  ? rcu_is_watching+0x12/0xb0
[ 2839.553509][T25157]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 2839.559359][T25157]  ? xfd_validate_state+0x5d/0x180
[ 2839.564536][T25157]  ? __fget_files+0x272/0x410
[ 2839.569260][T25157]  security_file_ioctl+0x72/0xb0
[ 2839.574242][T25157]  __x64_sys_ioctl+0xbb/0x210
[ 2839.578962][T25157]  do_syscall_64+0x38/0xb0
[ 2839.583425][T25157]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2839.589365][T25157] RIP: 0033:0x7f410aa7c84b
[ 2839.593812][T25157] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2839.613460][T25157] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2839.621915][T25157] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2839.629923][T25157] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2839.637926][T25157] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2839.645956][T25157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2839.653991][T25157] R13: 0000000800000000 R14: 0000000020000480 R15: 00007f410aad07e0
[ 2839.662014][T25157]  </TASK>
[ 2839.665146][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:15 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xa}, 0x48)

04:48:15 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee01}}}], 0x20}, 0x0)

04:48:15 executing program 1:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f0000000080)=""/94}, 0x20)

04:48:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2839.740953][T25157] ERROR: Out of memory at tomoyo_realpath_from_path.
04:48:15 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/98, 0x62}], 0x1}, 0x0)

04:48:15 executing program 4:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000500))

04:48:15 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40000140)

[ 2839.901193][ T2543] usb 1-1: device descriptor read/64, error -71
04:48:15 executing program 1:
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@generic={&(0x7f00000001c0)='./file0\x00'}, 0x18)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)=@generic={&(0x7f0000000280)='./file0\x00'}, 0x18)

04:48:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:15 executing program 4:
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$FUSE_DIRENT(r0, 0x0, 0x34)

[ 2840.171032][ T2543] usb 1-1: new high-speed USB device number 87 using dummy_hcd
04:48:16 executing program 1:
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = dup3(r0, r1, 0x0)
write$FUSE_BMAP(r2, 0x0, 0x0)

[ 2840.531134][ T2543] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2840.703295][ T2543] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2840.712713][ T2543] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2840.726485][ T2543] usb 1-1: Product: syz
[ 2840.735326][ T2543] usb 1-1: Manufacturer: syz
[ 2840.745519][ T2543] usb 1-1: SerialNumber: syz
[ 2841.901143][ T2543] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2841.907952][ T2543] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2841.924404][ T2543] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2842.311157][ T2543] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2842.350467][ T2543] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2842.408370][ T2543] usb 1-1: USB disconnect, device number 87
[ 2842.424734][ T2543] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:18 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 56)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:18 executing program 4:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
dup3(r0, r1, 0x0)
write$FUSE_DIRENTPLUS(r1, 0x0, 0x0)

04:48:18 executing program 1:
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
dup3(r0, r1, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r1, 0x0, 0x0)

04:48:18 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:18 executing program 5:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
dup3(r0, r1, 0x0)
write$FUSE_LSEEK(r1, 0x0, 0x0)

04:48:18 executing program 2:
openat$dir(0xffffffffffffff9c, &(0x7f0000004340)='./file0\x00', 0x1a1840, 0x8)

04:48:18 executing program 4:
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)

04:48:18 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0)
ioctl$TUNSETQUEUE(r0, 0x894c, 0x0)

04:48:18 executing program 5:
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)=@o_path={0x0}, 0x18)

04:48:18 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'vxcan1\x00', 0x2})

[ 2842.971351][T25225] FAULT_INJECTION: forcing a failure.
[ 2842.971351][T25225] name failslab, interval 1, probability 0, space 0, times 0
[ 2843.035101][T25225] CPU: 1 PID: 25225 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2843.045587][T25225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2843.055677][T25225] Call Trace:
[ 2843.058987][T25225]  <TASK>
[ 2843.061948][T25225]  dump_stack_lvl+0x125/0x1b0
[ 2843.066675][T25225]  should_fail_ex+0x496/0x5b0
[ 2843.071402][T25225]  should_failslab+0x9/0x20
[ 2843.075942][T25225]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2843.081455][T25225]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2843.087228][T25225]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2843.093003][T25225]  __kmalloc+0x4f/0x100
[ 2843.097202][T25225]  tomoyo_realpath_from_path+0xb9/0x710
[ 2843.102800][T25225]  ? tomoyo_profile+0x47/0x60
[ 2843.107504][T25225]  tomoyo_path_number_perm+0x241/0x580
[ 2843.112991][T25225]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2843.118654][T25225]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2843.124503][T25225]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2843.129755][T25225]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2843.135148][T25225]  ? __phys_addr+0xc6/0x140
[ 2843.139674][T25225]  ? raw_ioctl+0x10d/0x2b80
[ 2843.144202][T25225]  ? __fget_files+0x272/0x410
[ 2843.148899][T25225]  security_file_ioctl+0x72/0xb0
[ 2843.153861][T25225]  __x64_sys_ioctl+0xbb/0x210
[ 2843.158557][T25225]  do_syscall_64+0x38/0xb0
[ 2843.162990][T25225]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2843.168904][T25225] RIP: 0033:0x7f410aa7c84b
[ 2843.173327][T25225] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2843.192951][T25225] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2843.201379][T25225] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2843.209357][T25225] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2843.217338][T25225] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2843.225321][T25225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2843.233300][T25225] R13: 0000000800000000 R14: 0000000020000480 R15: 00007f410aad07e0
[ 2843.241302][T25225]  </TASK>
04:48:19 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0)
ioctl$TUNSETQUEUE(r0, 0xc0189436, &(0x7f0000000840)={'gretap0\x00', 0x600})

04:48:19 executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001200)=[{0x10}, {0x10}], 0x20}, 0x0)

[ 2843.373989][T25225] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2843.411459][T17130] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[ 2843.811306][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2843.981747][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2843.991384][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2844.002972][T17130] usb 1-1: Product: syz
[ 2844.011684][T17130] usb 1-1: Manufacturer: syz
[ 2844.021945][T17130] usb 1-1: SerialNumber: syz
[ 2845.161858][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2845.168364][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2845.176723][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2845.584212][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2845.623753][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2845.671192][T17130] usb 1-1: USB disconnect, device number 88
[ 2845.682639][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:21 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 57)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:21 executing program 2:
r0 = add_key$fscrypt_v1(&(0x7f00000004c0), &(0x7f0000000500)={'fscrypt:', @desc2}, &(0x7f0000000540)={0x0, "b04d9cffec7b8c43c10c04a93251f28424e7f3672abade0c7bcacbd9482944ddbef05dd3f5c502baa1906b32c22c41df8fa276a81c3e1d70cb0f76e60a6c9da7"}, 0x48, 0xfffffffffffffffe)
add_key(&(0x7f0000000000)='id_legacy\x00', 0x0, 0x0, 0x0, r0)

04:48:21 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:21 executing program 5:
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0)

04:48:21 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000009e40)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0)

04:48:21 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x2, 0xb, &(0x7f00000000c0)=@framed={{}, [@printk={@integer, {}, {0x7, 0x1, 0xb, 0xb}}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90)

04:48:21 executing program 2:
mount_setattr(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x120000}, 0x20)

04:48:22 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
unlinkat(r0, &(0x7f00000008c0)='./file0\x00', 0x200)

04:48:22 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000800)={'gre0\x00', &(0x7f0000000740)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @broadcast}}}})

04:48:22 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x0, 0x0, 0x0, 0x0, 0xde, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5}, 0x48)

04:48:22 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000009e40)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0)

[ 2846.301086][T25279] FAULT_INJECTION: forcing a failure.
[ 2846.301086][T25279] name failslab, interval 1, probability 0, space 0, times 0
04:48:22 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000180)=0xc)
sendmmsg$unix(r2, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)='V', 0x1}, {&(0x7f00000000c0)='1', 0x1}], 0x2}}], 0x1, 0x1)
recvmmsg$unix(r1, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000480)=""/49, 0x31}], 0x1, &(0x7f0000000a40)}}], 0x1, 0x100, 0x0)

[ 2846.378084][T25279] CPU: 0 PID: 25279 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2846.388574][T25279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2846.398931][T25279] Call Trace:
[ 2846.402267][T25279]  <TASK>
[ 2846.405229][T25279]  dump_stack_lvl+0x125/0x1b0
[ 2846.409961][T25279]  should_fail_ex+0x496/0x5b0
[ 2846.414692][T25279]  should_failslab+0x9/0x20
[ 2846.419248][T25279]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2846.424765][T25279]  ? tomoyo_encode2+0x100/0x3d0
[ 2846.429685][T25279]  ? tomoyo_encode2+0x100/0x3d0
[ 2846.434589][T25279]  __kmalloc+0x4f/0x100
[ 2846.438784][T25279]  tomoyo_encode2+0x100/0x3d0
[ 2846.443519][T25279]  ? rcu_is_watching+0x12/0xb0
[ 2846.448326][T25279]  tomoyo_encode+0x29/0x50
[ 2846.452791][T25279]  tomoyo_realpath_from_path+0x196/0x710
[ 2846.458498][T25279]  tomoyo_path_number_perm+0x241/0x580
[ 2846.464011][T25279]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2846.469706][T25279]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2846.475582][T25279]  ? __might_fault+0x13f/0x1a0
[ 2846.480403][T25279]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2846.485824][T25279]  ? rcu_is_watching+0x12/0xb0
[ 2846.490637][T25279]  ? __fget_files+0x272/0x410
[ 2846.495364][T25279]  security_file_ioctl+0x72/0xb0
[ 2846.500353][T25279]  __x64_sys_ioctl+0xbb/0x210
[ 2846.505070][T25279]  do_syscall_64+0x38/0xb0
[ 2846.509537][T25279]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2846.515479][T25279] RIP: 0033:0x7f410aa7c84b
[ 2846.519931][T25279] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2846.539575][T25279] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2846.548030][T25279] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2846.556033][T25279] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2846.564036][T25279] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2846.572043][T25279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2846.580047][T25279] R13: 0000000800000000 R14: 0000000020000480 R15: 00007f410aad07e0
[ 2846.588074][T25279]  </TASK>
[ 2846.591637][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2846.750820][T25279] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2846.940746][T17130] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[ 2847.331258][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2847.541047][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2847.550143][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2847.582369][T17130] usb 1-1: Product: syz
[ 2847.586583][T17130] usb 1-1: Manufacturer: syz
[ 2847.600738][T17130] usb 1-1: SerialNumber: syz
[ 2848.740975][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2848.747464][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2848.773665][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2849.181099][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2849.216039][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2849.261802][T17130] usb 1-1: USB disconnect, device number 89
[ 2849.269243][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:25 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 58)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:25 executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r2, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:25 executing program 5:
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000140)={0xc})

04:48:25 executing program 1:
r0 = mq_open(&(0x7f0000000040)='$\x10\x00', 0x41, 0x0, 0x0)
mq_timedreceive(r0, 0x0, 0x0, 0x0, 0x0)

04:48:25 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x83, 0x0, &(0x7f0000000240))

04:48:25 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000780)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @empty}})

04:48:25 executing program 5:
syz_clone(0x8000200, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)

04:48:25 executing program 4:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_tracing={0x1a, 0x2, &(0x7f0000000000)=@raw=[@map_fd], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x12df0, r0}, 0x90)

04:48:25 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@bloom_filter={0x1e, 0x0, 0x8001, 0x3f}, 0x48)

04:48:25 executing program 1:
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@cgroup, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

[ 2849.802384][T25332] FAULT_INJECTION: forcing a failure.
[ 2849.802384][T25332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2849.842683][T25332] CPU: 1 PID: 25332 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2849.853166][T25332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2849.863259][T25332] Call Trace:
[ 2849.866570][T25332]  <TASK>
[ 2849.869539][T25332]  dump_stack_lvl+0x125/0x1b0
[ 2849.874277][T25332]  should_fail_ex+0x496/0x5b0
[ 2849.879012][T25332]  _copy_from_user+0x30/0xf0
[ 2849.883656][T25332]  raw_ioctl+0x1102/0x2b80
[ 2849.888122][T25332]  ? raw_open+0x510/0x510
[ 2849.892500][T25332]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2849.897485][T25332]  ? raw_open+0x510/0x510
[ 2849.901864][T25332]  __x64_sys_ioctl+0x18f/0x210
[ 2849.906680][T25332]  do_syscall_64+0x38/0xb0
[ 2849.911147][T25332]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2849.917098][T25332] RIP: 0033:0x7f410aa7c84b
[ 2849.921557][T25332] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2849.941205][T25332] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2849.949665][T25332] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2849.957667][T25332] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2849.965655][T25332] RBP: 00007f410b7f2070 R08: 0000000000000010 R09: 00302e6364755f79
[ 2849.973641][T25332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2849.981625][T25332] R13: 0000000800000000 R14: 0000000020000480 R15: 00007f410aad07e0
[ 2849.989644][T25332]  </TASK>
04:48:25 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x7b, &(0x7f0000000180)=""/153, &(0x7f0000000240)=0x99)

04:48:25 executing program 2:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x2103, 0x0)

[ 2850.201001][   T28] audit: type=1326 audit(1697604505.970:2134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25351 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f83ef47cae9 code=0x0
[ 2850.211190][ T3987] usb 1-1: new high-speed USB device number 90 using dummy_hcd
04:48:26 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 59)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:26 executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x25}, {0x16}]})

04:48:26 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000016c0)=@base={0x12, 0x0, 0x0, 0x200, 0x0, 0x1}, 0x48)

04:48:26 executing program 5:
syz_open_dev$evdev(&(0x7f00000001c0), 0xffffffffffffffff, 0x41)

04:48:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:26 executing program 5:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, 0x0)

04:48:26 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000016c0)=@base={0x12, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)

04:48:26 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountstats\x00')
read$ptp(r0, 0x0, 0x2)

[ 2850.840324][   T28] audit: type=1326 audit(1697604506.620:2135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25362 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f073a47cae9 code=0x0
[ 2850.862779][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:26 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})

[ 2850.993753][   T28] audit: type=1326 audit(1697604506.780:2136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25375 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f818947cae9 code=0x0
04:48:26 executing program 2:
r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3w\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0)
write(r0, &(0x7f0000000040)="0600", 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
getrlimit(0x9, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffd0b)
getpgid(0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='rcu_utilization\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xa, 0x0, &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000840)={0x0, 0x0, 0x8000, 0x200}, 0x10, 0x0, r4}, 0x90)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000001000), 0xffff)
syz_open_dev$vcsu(&(0x7f0000000340), 0x8, 0x0)

04:48:26 executing program 1:
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000a}, 0xa}], 0x1, 0x0)

04:48:27 executing program 1:
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0)
sigaltstack(&(0x7f0000ffc000), &(0x7f00000000c0))
madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

[ 2851.360794][ T3987] usb 1-1: device descriptor read/64, error -71
[ 2851.630902][ T3987] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 2851.650840][T25369] FAULT_INJECTION: forcing a failure.
[ 2851.650840][T25369] name failslab, interval 1, probability 0, space 0, times 0
[ 2851.671067][T25369] CPU: 0 PID: 25369 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2851.681626][T25369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2851.691729][T25369] Call Trace:
[ 2851.695017][T25369]  <TASK>
[ 2851.697951][T25369]  dump_stack_lvl+0x125/0x1b0
[ 2851.702650][T25369]  should_fail_ex+0x496/0x5b0
[ 2851.707347][T25369]  should_failslab+0x9/0x20
[ 2851.711864][T25369]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2851.717351][T25369]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2851.723254][T25369]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2851.729013][T25369]  __kmalloc+0x4f/0x100
[ 2851.733204][T25369]  tomoyo_realpath_from_path+0xb9/0x710
[ 2851.738783][T25369]  ? tomoyo_profile+0x47/0x60
[ 2851.743485][T25369]  tomoyo_path_number_perm+0x241/0x580
[ 2851.748972][T25369]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2851.754632][T25369]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2851.760473][T25369]  ? __might_fault+0x13f/0x1a0
[ 2851.765367][T25369]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2851.770763][T25369]  ? rcu_is_watching+0x12/0xb0
[ 2851.775558][T25369]  ? xfd_validate_state+0x5d/0x180
[ 2851.780701][T25369]  ? __fget_files+0x272/0x410
[ 2851.785395][T25369]  security_file_ioctl+0x72/0xb0
[ 2851.790357][T25369]  __x64_sys_ioctl+0xbb/0x210
[ 2851.795054][T25369]  do_syscall_64+0x38/0xb0
[ 2851.799488][T25369]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2851.805401][T25369] RIP: 0033:0x7f410aa7c84b
[ 2851.809828][T25369] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2851.829450][T25369] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2851.837879][T25369] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2851.845858][T25369] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2851.853850][T25369] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2851.861839][T25369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2851.869825][T25369] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2851.877828][T25369]  </TASK>
[ 2851.880912][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2852.071187][T25369] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2852.451171][ T3987] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2852.621185][ T3987] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2852.638205][ T3987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2852.663064][ T3987] usb 1-1: Product: syz
[ 2852.677516][ T3987] usb 1-1: Manufacturer: syz
[ 2852.694957][ T3987] usb 1-1: SerialNumber: syz
[ 2853.860984][ T3987] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2853.867508][ T3987] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2853.879711][ T3987] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2854.291302][ T3987] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2854.328206][ T3987] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2854.372523][ T3987] usb 1-1: USB disconnect, device number 91
[ 2854.394047][ T3987] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:30 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 60)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x28, r1, 0x1, 0x0, 0x0, {{}, {}, {0x3, 0x14, 'syz1\x00'}}}, 0x28}}, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x0)

04:48:30 executing program 1:
rt_sigqueueinfo(0xffffffffffffffff, 0x0, &(0x7f0000000000))
prctl$PR_GET_NAME(0x10, &(0x7f0000000100)=""/4096)

04:48:30 executing program 5:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, 0x0)

04:48:30 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:30 executing program 2:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000001a40), 0x0, 0x0)
ioctl$TIOCSERGETLSR(r0, 0x5459, 0x0)

04:48:30 executing program 2:
syz_open_dev$loop(&(0x7f0000000400), 0x0, 0x0)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
read$FUSE(r0, &(0x7f00000007c0)={0x2020}, 0x2020)

[ 2854.836572][   T28] audit: type=1326 audit(1697604510.620:2137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25421 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f818947cae9 code=0x0
[ 2854.859043][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:30 executing program 4:
r0 = epoll_create1(0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
epoll_pwait2(r0, &(0x7f0000000040)=[{}], 0x1, &(0x7f0000000080)={0x77359400}, 0x0, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x541c, 0x0)
getpgrp(0xffffffffffffffff)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f00000002c0), 0x8)

04:48:30 executing program 1:
renameat2(0xffffffffffffffff, &(0x7f0000002880)='./file0\x00', 0xffffffffffffffff, 0x0, 0x7)

04:48:30 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0)
ioctl$TIOCSCTTY(r0, 0x540e, 0x0)

04:48:30 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual', 0x0, 0x0)
statx(r0, &(0x7f0000000100)='.\x00', 0x100, 0x40, &(0x7f0000000000))

04:48:31 executing program 1:
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0xfb)

[ 2855.222768][ T8761] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 2855.261146][T25432] FAULT_INJECTION: forcing a failure.
[ 2855.261146][T25432] name failslab, interval 1, probability 0, space 0, times 0
[ 2855.297667][T25432] CPU: 1 PID: 25432 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2855.308135][T25432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2855.318198][T25432] Call Trace:
[ 2855.321484][T25432]  <TASK>
[ 2855.324419][T25432]  dump_stack_lvl+0x125/0x1b0
[ 2855.329120][T25432]  should_fail_ex+0x496/0x5b0
[ 2855.333816][T25432]  should_failslab+0x9/0x20
[ 2855.338328][T25432]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2855.343818][T25432]  ? tomoyo_encode2+0x100/0x3d0
[ 2855.348697][T25432]  ? tomoyo_encode2+0x100/0x3d0
[ 2855.353574][T25432]  __kmalloc+0x4f/0x100
[ 2855.357744][T25432]  tomoyo_encode2+0x100/0x3d0
[ 2855.362447][T25432]  ? rcu_is_watching+0x12/0xb0
[ 2855.367227][T25432]  tomoyo_encode+0x29/0x50
[ 2855.371668][T25432]  tomoyo_realpath_from_path+0x196/0x710
[ 2855.377336][T25432]  tomoyo_path_number_perm+0x241/0x580
[ 2855.382824][T25432]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2855.388481][T25432]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2855.394323][T25432]  ? __might_fault+0x13f/0x1a0
[ 2855.399112][T25432]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2855.404503][T25432]  ? rcu_is_watching+0x12/0xb0
[ 2855.409285][T25432]  ? xfd_validate_state+0x5d/0x180
[ 2855.414429][T25432]  ? __fget_files+0x272/0x410
[ 2855.419131][T25432]  security_file_ioctl+0x72/0xb0
[ 2855.424091][T25432]  __x64_sys_ioctl+0xbb/0x210
[ 2855.428781][T25432]  do_syscall_64+0x38/0xb0
[ 2855.433224][T25432]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2855.439135][T25432] RIP: 0033:0x7f410aa7c84b
[ 2855.443556][T25432] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2855.463182][T25432] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2855.471612][T25432] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2855.479593][T25432] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2855.487569][T25432] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2855.495546][T25432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2855.503524][T25432] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2855.511521][T25432]  </TASK>
[ 2855.519976][T25432] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2855.891136][ T8761] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2856.061197][ T8761] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2856.070476][ T8761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2856.089804][ T8761] usb 1-1: Product: syz
[ 2856.098984][ T8761] usb 1-1: Manufacturer: syz
[ 2856.109668][ T8761] usb 1-1: SerialNumber: syz
[ 2857.271289][ T8761] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2857.277809][ T8761] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2857.292406][ T8761] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2857.694318][ T8761] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2857.734253][ T8761] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2857.781148][ T8761] usb 1-1: USB disconnect, device number 92
[ 2857.791504][ T8761] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:34 executing program 5:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, 0x0)

04:48:34 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:34 executing program 1:
statx(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x4, &(0x7f0000010080))

04:48:34 executing program 4:
statx(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x100, 0x800, &(0x7f0000000040))

04:48:34 executing program 2:
r0 = socket$inet(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000000)={0x2, 0x0, @dev}, 0x10, 0x0, 0xfffffffffffffd0a}}], 0x1, 0x0)

04:48:34 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 61)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:34 executing program 4:
statx(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x800, 0x80, &(0x7f0000010080))

04:48:34 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x2, 0xb, &(0x7f00000000c0)=@framed={{}, [@printk={@integer, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7}}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90)

[ 2858.311340][   T28] audit: type=1326 audit(1697604514.090:2138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25481 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f818947cae9 code=0x0
04:48:34 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x902, &(0x7f00000001c0), 0x4)

04:48:34 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
recvmsg(r0, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/168, 0xa8}, 0x80)

04:48:34 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000280), &(0x7f00000002c0)=0x14)

04:48:34 executing program 2:
r0 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r0, &(0x7f0000000200)=@file={0xa}, 0xa)

[ 2858.660883][ T2543] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 2858.720985][T25490] FAULT_INJECTION: forcing a failure.
[ 2858.720985][T25490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2858.751141][T25490] CPU: 0 PID: 25490 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2858.761613][T25490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2858.771698][T25490] Call Trace:
[ 2858.774997][T25490]  <TASK>
[ 2858.777954][T25490]  dump_stack_lvl+0x125/0x1b0
[ 2858.782672][T25490]  should_fail_ex+0x496/0x5b0
[ 2858.787391][T25490]  _copy_from_user+0x30/0xf0
[ 2858.792034][T25490]  raw_alloc_io_data+0x32/0x1c0
[ 2858.796935][T25490]  raw_ioctl+0xa81/0x2b80
[ 2858.801319][T25490]  ? raw_open+0x510/0x510
[ 2858.805694][T25490]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2858.810675][T25490]  ? raw_open+0x510/0x510
[ 2858.815034][T25490]  __x64_sys_ioctl+0x18f/0x210
[ 2858.819817][T25490]  do_syscall_64+0x38/0xb0
[ 2858.824255][T25490]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2858.830186][T25490] RIP: 0033:0x7f410aa7c84b
[ 2858.834622][T25490] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2858.854255][T25490] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2858.862687][T25490] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2858.870679][T25490] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2858.878672][T25490] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2858.886658][T25490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2858.895697][T25490] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2858.903701][T25490]  </TASK>
[ 2858.906833][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:34 executing program 5:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r0, 0x40082102, 0x0)

[ 2859.213879][   T28] audit: type=1326 audit(1697604515.000:2139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25520 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f818947cae9 code=0x0
04:48:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:35 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x10, 0x2}, 0x10)

04:48:35 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r1, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r2 = dup2(r1, r0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000100)=ANY=[@ANYBLOB="01", @ANYRES32=<r3=>0x0], &(0x7f0000000380)=0x8)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x902, &(0x7f0000000000)=r3, 0x4)

04:48:35 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xf521}, 0x14)

04:48:35 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 62)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:35 executing program 2:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = fcntl$dupfd(r0, 0x0, r0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7, &(0x7f0000000000), &(0x7f00000000c0)=0x88)

04:48:35 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x14, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)=0xa)

04:48:35 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_group_source_req(r0, 0x84, 0x0, &(0x7f0000000140)={0x0, {{0x10}}, {{0x10, 0x2}}}, 0x108)

04:48:35 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
connect$inet(r0, &(0x7f0000000080)={0x10, 0x2}, 0x10)
sendto$inet(r0, &(0x7f00000000c0)="08fb2caf7fa740691bae75d289af296e50c86cf3a31c4991cec01b485bf645a2ab67de70047cde5d64ac52245394e86b51e2bba70b77df680e36bdc1f19eab1be80f78f7a93b605a8efdcac4ad66dc1e57012d5b74", 0x55, 0x0, 0x0, 0x0)

04:48:35 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000140)={0x10, 0x2}, 0x10)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00', @ANYRES32=0x0], &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x107, &(0x7f0000001640), &(0x7f0000001680)=0x18)

04:48:35 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000040)={0x10}, 0x10)

04:48:35 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_group_source_req(r0, 0x84, 0xb, &(0x7f0000000140)={0x0, {{0x10}}, {{0x10, 0x2}}}, 0x108)

[ 2860.030808][ T2543] usb 1-1: device descriptor read/64, error -71
04:48:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:35 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x10, 0x2}, 0x10)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x902, &(0x7f0000000000), 0x4)

04:48:35 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet6_udplite(0x1c, 0x2, 0x88)
r2 = dup2(r0, r1)
r3 = dup(r2)
connect$unix(r3, &(0x7f0000000000)=@file={0xa}, 0xa)

04:48:35 executing program 5:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000280), &(0x7f0000000000)=0x90)

[ 2860.300746][ T2543] usb 1-1: new high-speed USB device number 94 using dummy_hcd
04:48:36 executing program 5:
r0 = socket$unix(0x1, 0x2, 0x0)
getsockopt$sock_cred(r0, 0xffff, 0x1022, &(0x7f0000001e00), &(0x7f0000001e40)=0xc)

04:48:36 executing program 2:
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

04:48:36 executing program 4:
openat$null(0xffffffffffffff9c, &(0x7f0000000240), 0x20, 0x0)

04:48:36 executing program 1:
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
fcntl$lock(r0, 0x9, 0x0)

04:48:36 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 63)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:36 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:36 executing program 5:
dup2(0xffffffffffffffff, 0xffffffffffffff9c)

04:48:36 executing program 4:
r0 = socket(0x2, 0x2, 0x0)
pipe2(&(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
dup2(r0, r1)
pipe2(&(0x7f0000000540)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
dup2(r3, r2)

04:48:36 executing program 1:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902f80101"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0})

04:48:36 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000540)="e8d174ff7ef4ae66dc", 0x9)

04:48:36 executing program 5:
mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000ff3000/0x1000)=nil, 0x1000)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)

04:48:36 executing program 4:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x5423, 0x0)

04:48:37 executing program 2:
openat$pidfd(0xffffffffffffff9c, &(0x7f0000001640), 0x2040, 0x0)

04:48:37 executing program 5:
syz_clone3(&(0x7f0000000b80)={0x40000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

04:48:37 executing program 4:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x6e, 0x0}]})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)

04:48:37 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2861.363466][T25628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2861.383232][T25628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2861.462549][ T2543] usb 1-1: device descriptor read/64, error -71
[ 2861.592319][ T2543] usb usb1-port1: attempt power cycle
[ 2862.011184][ T2543] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 2862.100714][T25596] FAULT_INJECTION: forcing a failure.
[ 2862.100714][T25596] name failslab, interval 1, probability 0, space 0, times 0
[ 2862.140661][T25596] CPU: 0 PID: 25596 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2862.151162][T25596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2862.161263][T25596] Call Trace:
[ 2862.164788][T25596]  <TASK>
[ 2862.167742][T25596]  dump_stack_lvl+0x125/0x1b0
[ 2862.172560][T25596]  should_fail_ex+0x496/0x5b0
[ 2862.177289][T25596]  should_failslab+0x9/0x20
[ 2862.181824][T25596]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2862.187325][T25596]  ? tomoyo_encode2+0x100/0x3d0
[ 2862.192212][T25596]  ? tomoyo_encode2+0x100/0x3d0
[ 2862.197096][T25596]  __kmalloc+0x4f/0x100
[ 2862.201288][T25596]  tomoyo_encode2+0x100/0x3d0
[ 2862.205996][T25596]  ? rcu_is_watching+0x12/0xb0
[ 2862.210785][T25596]  tomoyo_encode+0x29/0x50
[ 2862.215231][T25596]  tomoyo_realpath_from_path+0x196/0x710
[ 2862.220904][T25596]  tomoyo_path_number_perm+0x241/0x580
[ 2862.226395][T25596]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2862.232061][T25596]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2862.237934][T25596]  ? __might_fault+0x13f/0x1a0
[ 2862.242735][T25596]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2862.248138][T25596]  ? rcu_is_watching+0x12/0xb0
[ 2862.252926][T25596]  ? xfd_validate_state+0x5d/0x180
[ 2862.258070][T25596]  ? __fget_files+0x272/0x410
[ 2862.262773][T25596]  security_file_ioctl+0x72/0xb0
[ 2862.267765][T25596]  __x64_sys_ioctl+0xbb/0x210
[ 2862.272463][T25596]  do_syscall_64+0x38/0xb0
[ 2862.276903][T25596]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2862.282839][T25596] RIP: 0033:0x7f410aa7c84b
[ 2862.287265][T25596] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2862.306895][T25596] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2862.315327][T25596] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2862.323315][T25596] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2862.331308][T25596] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2862.339293][T25596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2862.347284][T25596] R13: 0000000800000000 R14: 0000000000000008 R15: 00007f410aad07e0
[ 2862.355303][T25596]  </TASK>
[ 2862.358424][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2862.451373][T25596] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2862.611339][ T2543] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2862.781265][ T2543] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2862.790414][ T2543] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2862.810110][ T2543] usb 1-1: Product: syz
[ 2862.820762][ T2543] usb 1-1: Manufacturer: syz
[ 2862.830109][ T2543] usb 1-1: SerialNumber: syz
[ 2864.016891][ T2543] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2864.026493][ T2543] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2864.061036][ T2543] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2864.441223][ T2543] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2864.468776][ T2543] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2864.514352][ T2543] usb 1-1: USB disconnect, device number 95
[ 2864.522490][ T2543] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:40 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 64)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:40 executing program 2:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x6e, 0x0}, {0x4, &(0x7f0000000040)=@lang_id={0x4}}]})

04:48:40 executing program 5:
ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
bpf$OBJ_GET_PROG(0x9, &(0x7f0000001780)=@generic={0x0}, 0x18)
getpid()
syz_clone3(&(0x7f0000000940)={0x0, &(0x7f0000000780), &(0x7f00000007c0), &(0x7f0000000800), {0x11}, 0x0, 0x0, &(0x7f0000000880)=""/128, &(0x7f0000000900)=[0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x5}, 0x58)
syz_clone3(&(0x7f0000000b80)={0x40000000, &(0x7f00000009c0), &(0x7f0000000a00), &(0x7f0000000a40), {0x36}, &(0x7f0000000a80)=""/3, 0x3, &(0x7f0000000ac0)=""/105, 0x0}, 0x58)
getpid()
getresuid(&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300))
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:48:40 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:40 executing program 4:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902f801010105b028090400f102020600ff05"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0})

04:48:40 executing program 1:
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000000), 0x4)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000003280)='/proc/cgroups\x00', 0x0, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f00000032c0))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000080)="0a686cb1b26c5d289bfc572ca562762111e39c31b2539b20390106e50749bf62", &(0x7f0000000180)=@tcp6}, 0x20)
bpf$OBJ_GET_PROG(0x9, 0x0, 0x0)
getpid()
syz_clone3(0x0, 0x0)
syz_clone3(&(0x7f0000000b80)={0x40000000, 0x0, &(0x7f0000000a00), &(0x7f0000000a40), {0x36}, &(0x7f0000000a80)=""/3, 0x3, 0x0, 0x0, 0x0, {r0}}, 0x58)
r1 = getpid()
sched_rr_get_interval(r1, &(0x7f0000000240))
getresuid(0x0, &(0x7f00000012c0), &(0x7f0000001300))
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[ 2865.043262][T25697] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2865.103493][T25697] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2865.423933][ T2543] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[ 2865.462347][T25706] FAULT_INJECTION: forcing a failure.
[ 2865.462347][T25706] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2865.493520][T25706] CPU: 1 PID: 25706 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2865.504006][T25706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2865.514187][T25706] Call Trace:
[ 2865.517506][T25706]  <TASK>
04:48:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2865.520468][T25706]  dump_stack_lvl+0x125/0x1b0
[ 2865.525192][T25706]  should_fail_ex+0x496/0x5b0
[ 2865.529914][T25706]  _copy_from_user+0x30/0xf0
[ 2865.534570][T25706]  memdup_user+0x71/0xd0
[ 2865.538880][T25706]  raw_alloc_io_data+0x182/0x1c0
[ 2865.543868][T25706]  raw_ioctl+0xa81/0x2b80
[ 2865.548511][T25706]  ? raw_open+0x510/0x510
[ 2865.552896][T25706]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2865.557876][T25706]  ? raw_open+0x510/0x510
[ 2865.562230][T25706]  __x64_sys_ioctl+0x18f/0x210
[ 2865.567023][T25706]  do_syscall_64+0x38/0xb0
[ 2865.571463][T25706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2865.577382][T25706] RIP: 0033:0x7f410aa7c84b
[ 2865.581810][T25706] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2865.602151][T25706] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2865.610581][T25706] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2865.618569][T25706] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2865.626551][T25706] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2865.634529][T25706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2865.642596][T25706] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2865.650593][T25706]  </TASK>
04:48:41 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x9, 0xdd, 0x8001, 0xc34, 0x2}, 0x48)

04:48:41 executing program 4:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0)
read$FUSE(r0, 0x0, 0x0)

04:48:41 executing program 4:
fsopen(&(0x7f0000000000)='sysv\x00', 0x0)

04:48:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:41 executing program 4:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000002140), 0x0, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

04:48:42 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 65)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

[ 2866.860821][ T2543] usb 1-1: device descriptor read/64, error -71
[ 2867.131771][ T2543] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[ 2867.171324][T25811] FAULT_INJECTION: forcing a failure.
[ 2867.171324][T25811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2867.191032][T25811] CPU: 0 PID: 25811 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2867.201512][T25811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2867.211769][T25811] Call Trace:
[ 2867.215069][T25811]  <TASK>
[ 2867.218021][T25811]  dump_stack_lvl+0x125/0x1b0
[ 2867.222758][T25811]  should_fail_ex+0x496/0x5b0
[ 2867.227498][T25811]  _copy_from_user+0x30/0xf0
[ 2867.232143][T25811]  memdup_user+0x71/0xd0
[ 2867.236447][T25811]  raw_alloc_io_data+0x182/0x1c0
[ 2867.241431][T25811]  raw_ioctl+0xa81/0x2b80
[ 2867.245804][T25811]  ? raw_open+0x510/0x510
[ 2867.250183][T25811]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2867.255163][T25811]  ? raw_open+0x510/0x510
[ 2867.259565][T25811]  __x64_sys_ioctl+0x18f/0x210
[ 2867.264376][T25811]  do_syscall_64+0x38/0xb0
[ 2867.268839][T25811]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2867.274775][T25811] RIP: 0033:0x7f410aa7c84b
[ 2867.279207][T25811] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2867.298832][T25811] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2867.307352][T25811] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2867.315335][T25811] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2867.323339][T25811] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2867.331321][T25811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2867.339399][T25811] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2867.347403][T25811]  </TASK>
[ 2867.350537][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:43 executing program 2:
fchown(0xffffffffffffffff, 0xee00, 0x0)

04:48:44 executing program 5:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, 0x0)

04:48:44 executing program 4:
statx(0xffffffffffffffff, &(0x7f0000005f00)='./file0\x00', 0x6000, 0x0, 0x0)

04:48:44 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:44 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 66)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:44 executing program 2:
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

04:48:44 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0x1a}]}, 0x3c}}, 0x0)

04:48:44 executing program 4:
r0 = syz_io_uring_setup(0x74b4, &(0x7f0000000380), &(0x7f0000000400), &(0x7f0000000440))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000540), 0x1)

04:48:44 executing program 2:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x2, &(0x7f0000000000)=@raw=[@map_val], &(0x7f0000000080)='GPL\x00', 0x0, 0xb6, &(0x7f00000000c0)=""/182}, 0x90)

04:48:44 executing program 5:
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={@ifindex, 0xffffffffffffffff, 0x17, 0x20, 0xffffffffffffffff, @link_id}, 0x20)

04:48:44 executing program 1:
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@map, 0xffffffffffffffff, 0x13, 0x8, 0x0, @prog_id=0xffffffffffffffff}, 0x20)

04:48:45 executing program 2:
syz_emit_ethernet(0x10e, &(0x7f00000026c0)={@local, @local, @val, {@ipv4}}, 0x0)

04:48:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000026000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5}]})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0xe02})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

04:48:45 executing program 2:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@pointer, {}, {}, {0x7, 0x0, 0x9}}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

04:48:45 executing program 1:
syz_emit_ethernet(0x7e, &(0x7f0000000500)={@local, @remote, @val, {@ipv6}}, 0x0)

[ 2869.431213][ T8761] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[ 2869.471395][T25850] FAULT_INJECTION: forcing a failure.
[ 2869.471395][T25850] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2869.504921][T25850] CPU: 0 PID: 25850 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2869.515401][T25850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2869.525468][T25850] Call Trace:
[ 2869.528752][T25850]  <TASK>
[ 2869.531690][T25850]  dump_stack_lvl+0x125/0x1b0
[ 2869.536387][T25850]  should_fail_ex+0x496/0x5b0
[ 2869.541084][T25850]  _copy_from_user+0x30/0xf0
[ 2869.545697][T25850]  raw_ioctl+0x1102/0x2b80
[ 2869.550134][T25850]  ? raw_open+0x510/0x510
[ 2869.554483][T25850]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2869.559451][T25850]  ? raw_open+0x510/0x510
[ 2869.563797][T25850]  __x64_sys_ioctl+0x18f/0x210
[ 2869.568585][T25850]  do_syscall_64+0x38/0xb0
[ 2869.573024][T25850]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2869.578944][T25850] RIP: 0033:0x7f410aa7c84b
[ 2869.583372][T25850] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2869.602995][T25850] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2869.611429][T25850] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2869.619411][T25850] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2869.627400][T25850] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2869.635386][T25850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2869.643470][T25850] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2869.651483][T25850]  </TASK>
[ 2869.654651][    C0] vkms_vblank_simulate: vblank timer overrun
04:48:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:46 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 67)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:46 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r1, &(0x7f0000000100)={0x1c, 0x1c, 0x2}, 0x1c)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = dup2(r1, r2)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f0000000580)=ANY=[@ANYBLOB='!', @ANYRES32=<r4=>0x0], &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x2, &(0x7f0000000000)={r4}, &(0x7f00000005c0)=0x14)

04:48:46 executing program 2:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)

04:48:46 executing program 1:
syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr, @private}, {0x0, 0x4e23, 0xc, 0x0, @opaque="2fa98b63"}}}}}, 0x0)

04:48:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x24}}, 0x0)
getsockname(r0, &(0x7f00000000c0)=@xdp={0x2c, 0x0, <r1=>0x0}, &(0x7f0000000140)=0x80)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a80100006c00010028bd7000fedb000000000000", @ANYRES32=r1, @ANYBLOB="3c0000008000000008002000070000002c0034801400350073797a6b616c6c657231000000000000140035006e6574706369300000000000000000000a000100aaaaaaaaaa410000340118802000018014000500883766de12c818360b95273168f49d89080001000000000040000180050006003f000000050006003f0000000e00020027f45d215c7d7b232c00000008000100fdffffff140005001206dc7fc36cdf16f7ea609ac83a7645580001800c0002006e6c383032313100050006000100000014000500dcb3b7726775e224300aa32ce48feae605000600030000000600020026000000050006000600000014000500214c6d6a62c079b94504133d591993d4040001805c00018006000200240000001400040042be1131b53b7d521e473afdb575bb700a00020029233a2d2b000000050006000100000014000400ad55ab87de1445b3f6c3517b4930298a14000500ccd765b2a41519ae5d9de32ff586301b1800018014000400a20f93c5c2ea67464d6fd645b0751b88140024"], 0x1a8}}, 0x0)

04:48:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:46 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x0, 0x0, 0x2000, &(0x7f0000019000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000200)="c74424007f000000c744240262a70000c7442406000000000f011c2466baf80cb8e2ac328cef66bafc0c66b8000066ef0f20c035000000800f22c00f20d835080000000f22d866bad004b000ee2e64440f080f35b9800000c00f3235000400000f303e430f09c4a26d9e7b00", 0x6c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0xe02})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

04:48:46 executing program 5:
syz_emit_ethernet(0x6e, &(0x7f0000000500)={@local, @remote, @val, {@ipv6}}, 0x0)

04:48:46 executing program 2:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x121582, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)

04:48:46 executing program 4:
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000040), 0xcb002, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000000c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000000080), 0x2)

04:48:46 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000680)=[@in={0x2, 0x4e24, @remote}, @in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x20)

04:48:46 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000001740)={'sit0\x00', &(0x7f0000001680)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1}}}})

[ 2870.931047][T25908] FAULT_INJECTION: forcing a failure.
[ 2870.931047][T25908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2870.960908][T25908] CPU: 1 PID: 25908 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2870.971393][T25908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2870.981478][T25908] Call Trace:
[ 2870.984779][T25908]  <TASK>
[ 2870.987732][T25908]  dump_stack_lvl+0x125/0x1b0
[ 2870.992454][T25908]  should_fail_ex+0x496/0x5b0
[ 2870.997172][T25908]  _copy_from_user+0x30/0xf0
[ 2871.001814][T25908]  raw_ioctl+0x1102/0x2b80
[ 2871.006288][T25908]  ? raw_open+0x510/0x510
[ 2871.010656][T25908]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2871.015645][T25908]  ? raw_open+0x510/0x510
[ 2871.020011][T25908]  __x64_sys_ioctl+0x18f/0x210
[ 2871.024840][T25908]  do_syscall_64+0x38/0xb0
[ 2871.029292][T25908]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2871.035213][T25908] RIP: 0033:0x7f410aa7c84b
[ 2871.039643][T25908] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2871.059275][T25908] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2871.068226][T25908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2871.076211][T25908] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2871.084198][T25908] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2871.092183][T25908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2871.100168][T25908] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2871.108165][T25908]  </TASK>
[ 2871.291389][ T8761] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 2871.299156][ T8761] usb 1-1: can't read configurations, error -71
04:48:47 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 68)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:47 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000006640)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
recvmmsg$unix(r0, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001cc0)=[{0x0, 0x4000000000000}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}}], 0x2, 0x0, 0x0)

04:48:47 executing program 5:
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000640)={0x28})

04:48:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:47 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8948, &(0x7f0000000000))

04:48:47 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0xc, &(0x7f0000000640), 0x10)

04:48:47 executing program 5:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8918, &(0x7f0000000000))

04:48:47 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r0, &(0x7f0000000300)={&(0x7f0000000000), 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x160, r1, 0x1, 0x0, 0x25dfdbfc, {}, [@ETHTOOL_A_EEE_MODES_OURS={0x118, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x18, 0x4, "06b2845b592aedb593ac111867099c75a2938d45"}, @ETHTOOL_A_BITSET_VALUE={0x46, 0x4, "380b8433abf2ff8a5d925f12a562851dbf1e4a9f4613ceee9a158337f5f06350dbdabf374d4a8654d71e7513a2e8a9d796fc4195f60bd6c56a6b685309b3e2061585"}, @ETHTOOL_A_BITSET_VALUE={0xae, 0x4, "ab363cc5c6796724d899aa7823f238cf1aa4de1c66623284e94f72f9277df74a51d9c0aef343b5100560e6de56d51284c74eecbe748a933716aebb2c017b2ffdf22dccadc9274abb1019a89ad1dbeba81d931609940c7810e3dea363914ae443d8a51539b553facbeb777aae5ad076f65268d473dc101205615988a89ad5ad45e7fc3b8f275b34a0551f29f3016570c2c9e51a5990519296eddb57c7e80a555f43b144f83c975124601c"}]}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}, @ETHTOOL_A_EEE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0xfffffffffffffd26, 0x3, 0x1}]}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}]}, 0x160}}, 0x20000000)

04:48:47 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0x1c, 0x0, &(0x7f0000000800))

04:48:47 executing program 5:
r0 = socket(0x11, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, 0x0, 0x0)

04:48:47 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0x76, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x0, 0x0, @mcast2}}}}, &(0x7f0000000800)=0xb0)

[ 2871.994248][T25961] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
04:48:47 executing program 4:
openat$vsock(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)

[ 2872.240997][ T8761] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 2872.281551][T25948] FAULT_INJECTION: forcing a failure.
[ 2872.281551][T25948] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2872.304346][T25948] CPU: 0 PID: 25948 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2872.314819][T25948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2872.324911][T25948] Call Trace:
[ 2872.328218][T25948]  <TASK>
[ 2872.331183][T25948]  dump_stack_lvl+0x125/0x1b0
[ 2872.335907][T25948]  should_fail_ex+0x496/0x5b0
[ 2872.340808][T25948]  _copy_from_user+0x30/0xf0
[ 2872.345461][T25948]  raw_ioctl+0x1102/0x2b80
[ 2872.349919][T25948]  ? raw_open+0x510/0x510
[ 2872.354285][T25948]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2872.359265][T25948]  ? raw_open+0x510/0x510
[ 2872.363635][T25948]  __x64_sys_ioctl+0x18f/0x210
[ 2872.368448][T25948]  do_syscall_64+0x38/0xb0
[ 2872.372953][T25948]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2872.378899][T25948] RIP: 0033:0x7f410aa7c84b
[ 2872.383353][T25948] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2872.403008][T25948] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2872.411470][T25948] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2872.419479][T25948] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2872.427487][T25948] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2872.435490][T25948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2872.443494][T25948] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2872.451518][T25948]  </TASK>
[ 2872.454614][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2872.791127][ T8761] usb 1-1: device not accepting address 99, error -71
[ 2872.798643][ T8761] usb usb1-port1: attempt power cycle
04:48:48 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0x80081270, 0x20000000)

04:48:48 executing program 1:
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xc0481273, 0x0)

04:48:48 executing program 4:
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0x1260, 0x20000000)

04:48:48 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:48 executing program 2:
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0xab04, 0x0)

04:48:48 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 69)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:48 executing program 5:
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r0, 0x5421, 0x20001100)

04:48:48 executing program 1:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000440)={0x0, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0, 0x0], 0x0, 0x1, 0x1, 0x2})

04:48:48 executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TIOCL_SCROLLCONSOLE(r1, 0x4b31, &(0x7f0000000040))

04:48:49 executing program 4:
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r0 = syz_io_uring_setup(0x5169, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, &(0x7f00000000c0), &(0x7f0000000000)=<r1=>0x0)
syz_io_uring_setup(0x5e2, &(0x7f0000000280), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x1dc3, 0x0, 0x0, 0x0, 0x0)

04:48:49 executing program 5:
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x181401, 0x0)
write$fb(r0, 0x0, 0x0)

04:48:49 executing program 1:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x182, 0x0)
write$capi20_data(r0, &(0x7f0000000bc0)={{0x10}, 0xfef, "ac7d93acfd83a65a3c64c48b9224110b6d284fe0a6d2d73287e1353f387fea9184f5a43958a432dfdf0094810d1bb6a349551e0f6c6056bf4199b5159e18347e4942cffc174c73aef358fcbee50650d36bcdce5b6dcab4f708f87d927dfeb2784bfc426bce63d3eedeb6180c8a70f7fdbea3c063e66cc41941540a74151cf1611043ab16252477c4c1bc4f142856e01b45e88149d4e5c6147bdba76adf07a40573a059cf125e4c78c1bd9505f035892b663dba1b6531de358d624d5e3cb6264d350541ac137bcf74a0a1f809f0fe161dabc8cf2fd2e59416eb8e761459cb5bffa09ad6965368fa0a0c76318d28029e1acda8d36b24e3ce09f934620140b42335fb5c523eae24b14904c3268cfa51f9b3f0662aca11cbc2712ebef2bfdc3a7e02cff993cbd912693ce34dbcea36567144c6ca65476e49c042ecf6ecefd3be505900fe4b77e4b276b1fdc6417e0894a378c208b600e0f3ea98b304e746907dba94003b2e146273774712e519d35f9aa15efbfd5ceb801992eebe035a37179fc10f4aa8cb4cb9abd299e7918facad5c7bb0f5bcbda268a9dac078ba93bf6e03bc86c96a774c1e924f0009fdcdf87d4d1b426634b3a7764b41196fec582b8b005e3a800946177f3e15b889e7b86ccc871fd355912799ffbfa87fcda0654122f8d904ed514be8c1e05ed0c81a5669e8a98461c7888c752748e776a0c6de919564b59dd6f844dca38eef603a0c2464bab9643f84be1a161a44a50b4a21ea0b398f0a6108801e4f16e8d6722d5bb685ff644ff878a8c3d32611962c4e3a843fa8bdd3dda12d578c3e8c5a12a4144a53bf804802fd50bf0e86494e65498eba304c6a4c50f556b5b483864d27fc7890796aa18927bd501cd4e639a5fe2848245252492c26549f36b590b2f872ef53846852cd430a6468b838ac106b14339da62dc4e2dbc5f2c5b9d4eedc58cd19757979c5bed7285398c6e517d28957f886904bf730c6673ea89f820b4a3920d088f8e39c82fd1dde416d2d844358570c945ccd88bee8301601a84dbd76836a3c1db48e9803141eed6f9a1fcd87f5d9ab6f8536718daef70220589ed474c0a93335cbcec61e901bda9014aa0e82c37dc2886a601ae1069945c56a2e91e9b846ad432bda094facb62ad8aff034abfec100a46f0f505a63f0934e3e163b201ca2a27fc7ac4147d7a18574987c700d96544706158b08e2b5435e508e6e3337935228701bb482451d3db71f21c68046f87ce5ee376cb4e8a35920511cf5e75075884be4325ba8c48df2f1bae7a5fe50f5e468dc435826a3274309b0df9ceb23c169da741bafc1685a9dcea9c599c7d9740bd201bb09f67f53d86381ad29588e1a9c3c1259efe6988fc1659b941f9b9e39f8232ac00f825d9247c5aa8d26d957dd3fe89b40092a046edeecd3a411f79837fc25d0dd22925589de8965bbb8b21c87fed7796703848ccf142bb5c8cee9158d30958c6156ce2559112521a894e8243b4c647af437e83ab45c2b6c5f6aed3a6985e612844ed3e3549a0775c071d1937bc6dc570d57b9d5bc2a781fc4665f2396bc6980105d11f6e4ae9aca513c0a5f6ed0606b6bcf446c223a027966a9b2d842de74137b54448ca726bdd56f38ae56b825d89b7437d004e11b01e42542077d7cc4c2d024db187ca12e1f48462631596399f9b33002d86fa62594c9be66e53a880bf794a567190eb950f4835e492015007183627a25ab80a710287f569362fe8d42e46164ab3912bfe3619b5125d29311284ba79213ddc568f7af7ee23a36446b10dd8fc904ec05c961a3a6a893ee4f6651719e49a3e1697ddc77504bd38b3b73808567c55e334af40ebdcb37d41922355db88e6ffdd9cc423752924e2cd7407b47e0c1487cf5d06acb5ed3ba1ce170a5a5a29ba11d51e802420aa1948df8c66d2736618d7fe468ccbe4bd0bd98da1fcccaf2344fd67ca111bf3eae7460becddc3059cbcb86b14b0567ff6da7f8926a1eef219fed85a4f142d1fe6dc6a4e3ad18b9c947abc49233f4756a3ffa606323201e438a7c6522f01d27a3b8c5b633c7adaa9f0e3e38e58eb304762237f29d798cb17b134927ad374b70701549de8f1892e65fbacf2f0e4fd9c86245743de3d886d92717bc0d70c604b19d48414f76c77879058e00b9b6050971a78f1ace5df8ad4584f83e8a6d46a3970a6940706c635a38522da840223441e15e2479a461a5d8b092de57abf7c30b59a952ebd373521b5988789df25b6c1308e2e0b92783b48064e320cb728064af579f03e4b1b5186dca7580be3372dac68ba8c65a46a980c544a19d64120cb37df874149fa7ae68506257548b1efcd5b236e0e6425c84f91a41ab4d03b3c066a830d45fd89433fbf00402a5edc169f98b4a46bede97375e73f410d79e649a4e5e6d942ea65984fadf899f54e78d5c079eb7f1f5f4cf16a1980e150ade83a408c9b67ddccbe9cbe05700c5f7678db3545d0845df4df735473d6a81d3f19f33f06bdaac87877cbb609d49a94bf2d58912f524fae46e72a9d960712c3591d9295c2a9d3b66f50008e603a5da296058982697971a68b360856dd4dd9bcd5354c0ca456a61b4b8dca2efe8bd11f78a90bdb7a66cf5fa77bd66847b66011b8b7bb7c463c386c41bf06ceec55df4ac25b7784ac553fe4796d3001b69df68be239f9cf0b73ddcf399e6821d004aac66fc985c00c23ac3abe8b9c9e4c609f0c65265ea3e0d05c92f131a9d0041fb03f3caf9842b3207048e7bb905d8a193a0a4c33ea96b3c96ebdb4cd75ea485a9569e5783cc660ca93e52c7817950c5d1beee2b632f6ec6dd666555b39df3d2f1d9e19090cfaa70c92324d55e53e9d079a0b37c0c7ef6265c760b8331a44d0107b12c9884d32865d61aa7e8eb9fdc7ee0d325b115c5a73999dcbf9ba23a568300806b6e7768dc61a0c07258937a94987eb824510d8fe39607ad63474278185334986bfc62a39993a7afd6f29cb529c80fd4ce04fa57c26844b5364aed84dffd81f501d44280c1360a53a09279e819344956333792fe1be2d0bc3eb803365a54bb0c11fe46d3ded215615598fb8c5ace92280311f45b675a6b8dae7f5b0ce53d4f828eb9add1fd47efe5825796cf1d65251bce664b5d3383d10be93f31d172a316135ed7351970f6e45c4621f65723e92747bbb06337495e80bdddf975eacab31c25490c2739e1a5a7c4a9c1daadb7347e3fdd9551f678da4428fbb9095a44eed21f8d74e5050a406c1b54a3bb8f184111df509032d23295fa04c0006de57e651d34bab30e1c635f2a8ed18eb144d364990b5eee127f3192df7d8c5b2373d1955d7520b10461edecdce6fb5b7c8ab683d4078a0a30520f743f2f3752aefc5272715bc7a38e0c4de6632823a9f3c6e4512ab787dafd9eaa5f717148a19b60ebbe0e73b68ccfb995b3fc396f9e3e700a38f0895f65bf10184833ca1a323aea7518e089b393cfac02d44f66046ce5df884c3e6a0e09707134c1cdb40172c384947b5ad24186de9523878119a2bc3f4d3b520bd536fd7426d0add3d8f52da313576d958d44530c64f984222ca697c359b0d3a3e377aff66646e76ed6d7c35fdbefb2387109d61a7d2880ded3a4b5bee1fbd78e76e2cc1e5041a02c48672c016015c298b036d35d99dfdbd34ccb417abdaa50240c5f1ee27ce340c68fe4852ca416c53e7a9ceebebceffab60453eaaf0d434b3610f22c30fb874962e76a2c00c98bbd3501a00ede58b8e58ee61822f18a7b3346970ddc683546e6c322c3c5e34a4ae5d19625fe42da004b1fe3c9dc1b30f86a7632c4c31bb34f9c606080b21656c33ed05b86c10958a3c0f709bdb6e864b284ecae8daeea9214468985b1f1f0c5dd09413f3f508932a73f146e477a5bdcb8ded18e09d484f977f343bfd1a5f29aa1f75e1dd47cd052f8e60f2970f0b9fee2ea95989f39af74be6511d1ac02a3a8960055319c2580f4ad36cdf02e6d927d4114ce07d854344e00fa8bc812d586318412eaec4e17e58e4726fd73695d8324493c0a53609a0ba7f86099b146412b4470c7766e188757c4228a046f51be32e4d994041b10eee536973422b2bd5c45f3fc166ac385d8323a3bf464b78a26bc180b9d9d8592d3e010eeb2ea4fe7850770f09867014b1bf9cc95707595b17509b7afe3f03085377e736ddfc9ac3eed50edc556df96e4c92408a02b835bbcfc3dccda98465a66b61418cce3f02e5c6cb23ad724e0b3521bbb3779786fad2ea5b8d51708c0c9193def349118b15d10e2da469bc751871ad98d1aac742cb35d0f16fdd29280be82938de99a2bb02a5babda2f16c273492b6ee5b1490ecc153d91e22bf4d56a633b0d97b5b57beace63f1f227f89be7108db6ea57d582132d845222c28390e721e9c23db63c1afef2a00d71db91dfca4fa76dff042b1a8d4048099adc1814aaee1d0fed9eab9061db32b099219612060ef22a6b0eb67607c6677c3e40ca8b8d4c90a32974db683ccce38c86d1dba34dd459f06cbfecc1ffb6906243b2c014a5c7202d98dc0d5b00591add1a207cee5e8d1f43f46e6d24e31d97edfb9438fb67d2c314c4ac510213ee87bcc6c88a0f9ae768450fccfe5bc908504df62d6e1dbcee8fbb51011e3c9a337312f002bae89ee5c85c17ef80b1fc7a392b12d3b012fa164a368ddcb60dd5ad667466da3ca3ed067f8cec30a992356ee0440f8db3037101f71601faf8d3937d072e57c0353614a9b4c43f3ff5c9e93148beceab05ca2af0e412b0624a1941e5d377edc4b9e2adbc9eba15359c4c436ee35a0c54c52777698856e1bd6a3dec3942ecb131dc6d4647139e039ad578818f49c52edb366519de6226796c08423e1a9ceeaec352b577db647632709ad8dba62a66b0cf0ee5f7ae6f65976420867245f7bca7b4793682be4e78f1ba6712ca51174dc1f3b5810a6e7b047a8ba290d7a079dce0f7aaa2bfecaaf54e00a0b6b99e1443d5d26628952cba4956fd7fe8aab18e58bee7c6d51f07098987e67193d24ba87cc99fe5ab19241d46cf85cf495d3a688918d82990a8dedf6f3e2d083a6892aaa341407282fd54bd94a5b91399c191da937ee7b294b6c31db24d7a726780c223bf036ec8f5002ee6a3f9d158a626fa1423056972565144ca712c5cd677cd9ff4e974bf5639a0304f2ba3b0614d769f1abe8923163970a3d86d082bcc36532acb2417a60647d18154ab54b915c046e4803bed27761e75a6954d7d4eee1c6fc26dbeb032533ad7619ea22c6e8b98cb7bb49b4142aed8349e1b6e69c27fadc6bb4e9299bfc824259fcd3b169d4bc8eefd02b16f5805bc8ffc99e6133001a9563e1db81cab8238ef508fd3692969dd829d2a9a15b075b3fcef1c260942be7e9e3b13d10a7efb6b9d3f35a266954171ecec28c29d468e4338386711b43da9b267f428631d51d390626cf2a41b902f1b28f04f706ccb4f0d696699cc61a314dda111dfd1c0ed056e82467f6eb36cb70c9af3d513c2bd5767dbc88afe9379825421602526f6b57b6d6c9c7a574ee269ac2433145bc3b162444020bd3c5c4c4396bb56e32a4c3d26883a68b9d96701fe5fb45a5822e44cdc1bf1854594ea4983fff28fa34fe6f2f1a10f5ab945afc8673001433a5a836a1401f7751cb4d8c9bbcf07aed5c0ef076a2641bcf5fd2cd3006be609a700c3762d0e6b383ed1d6ec15cc5837c3308ca6be1f9bf22312531b7340c4f22dcb7b6f61fa1453c6c24404024484ac04db6a24956d626b54b48b29c931"}, 0x1001)

04:48:49 executing program 4:
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCL_SCROLLCONSOLE(r0, 0x5412, &(0x7f0000000000))

04:48:49 executing program 5:
openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
read$ptp(r0, &(0x7f0000001140)=""/4074, 0xfea)

04:48:49 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x10, 0x2}, 0x10)

[ 2873.570995][ T8761] usb 1-1: new high-speed USB device number 100 using dummy_hcd
04:48:49 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:49 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000340)={0x29, 0x4, 0x0, {0x1, 0x9, 0x1, 0x0, [0x0]}}, 0x29)

[ 2873.732159][T25985] FAULT_INJECTION: forcing a failure.
[ 2873.732159][T25985] name failslab, interval 1, probability 0, space 0, times 0
[ 2873.750902][T25985] CPU: 1 PID: 25985 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2873.761386][T25985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2873.771485][T25985] Call Trace:
[ 2873.774796][T25985]  <TASK>
[ 2873.777755][T25985]  dump_stack_lvl+0x125/0x1b0
[ 2873.782567][T25985]  should_fail_ex+0x496/0x5b0
[ 2873.787284][T25985]  should_failslab+0x9/0x20
[ 2873.791828][T25985]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2873.797341][T25985]  ? tomoyo_encode2+0x100/0x3d0
[ 2873.802263][T25985]  ? tomoyo_encode2+0x100/0x3d0
[ 2873.807165][T25985]  __kmalloc+0x4f/0x100
[ 2873.811354][T25985]  tomoyo_encode2+0x100/0x3d0
[ 2873.816096][T25985]  ? rcu_is_watching+0x12/0xb0
[ 2873.820901][T25985]  tomoyo_encode+0x29/0x50
[ 2873.825366][T25985]  tomoyo_realpath_from_path+0x196/0x710
[ 2873.831071][T25985]  tomoyo_path_number_perm+0x241/0x580
[ 2873.836584][T25985]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2873.842270][T25985]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2873.848149][T25985]  ? __might_fault+0x13f/0x1a0
[ 2873.852969][T25985]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2873.858399][T25985]  ? rcu_is_watching+0x12/0xb0
[ 2873.863201][T25985]  ? xfd_validate_state+0x5d/0x180
[ 2873.868371][T25985]  ? __fget_files+0x272/0x410
[ 2873.873081][T25985]  security_file_ioctl+0x72/0xb0
[ 2873.878049][T25985]  __x64_sys_ioctl+0xbb/0x210
[ 2873.882751][T25985]  do_syscall_64+0x38/0xb0
[ 2873.887201][T25985]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2873.893122][T25985] RIP: 0033:0x7f410aa7c84b
[ 2873.897549][T25985] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2873.917182][T25985] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2873.925619][T25985] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2873.933605][T25985] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2873.941619][T25985] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2873.949604][T25985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2873.957584][T25985] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2873.965589][T25985]  </TASK>
[ 2874.062389][T25985] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2874.181089][ T8761] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2874.350956][ T8761] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2874.360551][ T8761] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2874.374233][ T8761] usb 1-1: Product: syz
[ 2874.382954][ T8761] usb 1-1: Manufacturer: syz
[ 2874.393194][ T8761] usb 1-1: SerialNumber: syz
[ 2875.551343][ T8761] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2875.557869][ T8761] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2875.576198][ T8761] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2875.981535][ T8761] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2876.013044][ T8761] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2876.055069][ T8761] usb 1-1: USB disconnect, device number 100
[ 2876.073416][ T8761] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:48:52 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 70)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:52 executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TIOCL_SCROLLCONSOLE(r1, 0x4b4c, 0x0)

04:48:52 executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000400))

04:48:52 executing program 5:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TIOCL_SCROLLCONSOLE(r1, 0x4b62, &(0x7f0000000040))

04:48:52 executing program 1:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TIOCL_SCROLLCONSOLE(r1, 0x5412, &(0x7f0000000040))

04:48:52 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:52 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000001a00), 0x88)

04:48:52 executing program 4:
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
accept4$unix(r0, &(0x7f0000000280), &(0x7f00000003c0)=0x10b, 0x0)

04:48:52 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
connect$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c, 0x3}, 0x1c)

04:48:52 executing program 2:
pipe2(&(0x7f0000002ec0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
getpeername$inet(r0, 0x0, &(0x7f0000000140))

04:48:52 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0x101, &(0x7f0000000140), &(0x7f0000000200)=0x98)

04:48:52 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r1, r0)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x21, &(0x7f0000000040), &(0x7f0000000100)=0x10)

[ 2876.872309][T28690] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 2877.131700][T26061] FAULT_INJECTION: forcing a failure.
[ 2877.131700][T26061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2877.149795][T26061] CPU: 1 PID: 26061 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2877.160275][T26061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2877.170370][T26061] Call Trace:
[ 2877.173672][T26061]  <TASK>
[ 2877.176627][T26061]  dump_stack_lvl+0x125/0x1b0
[ 2877.181347][T26061]  should_fail_ex+0x496/0x5b0
[ 2877.186068][T26061]  _copy_from_user+0x30/0xf0
[ 2877.190706][T26061]  raw_alloc_io_data+0x32/0x1c0
[ 2877.195607][T26061]  raw_ioctl+0xa81/0x2b80
[ 2877.199990][T26061]  ? raw_open+0x510/0x510
[ 2877.204636][T26061]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2877.209885][T26061]  ? raw_open+0x510/0x510
[ 2877.214255][T26061]  __x64_sys_ioctl+0x18f/0x210
[ 2877.219148][T26061]  do_syscall_64+0x38/0xb0
[ 2877.223609][T26061]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2877.229555][T26061] RIP: 0033:0x7f410aa7c84b
[ 2877.234003][T26061] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2877.253658][T26061] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2877.262117][T26061] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2877.270296][T26061] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2877.278297][T26061] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2877.286301][T26061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2877.294306][T26061] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2877.302333][T26061]  </TASK>
[ 2877.441140][T28690] usb 1-1: device descriptor read/all, error -71
04:48:53 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 71)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:53 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="c3"], 0x4c}}, 0x0)

04:48:53 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0)

04:48:53 executing program 1:
socket(0xa, 0x0, 0x7fff)

04:48:53 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:53 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0)

04:48:53 executing program 5:
pipe(&(0x7f0000000040))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, 0x0, 0x0)

04:48:53 executing program 2:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000340)=[{}], &(0x7f0000000380)=0x8)

04:48:53 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='comm\x00')
write$cgroup_subtree(r0, 0x0, 0x1108d8265747972a)

04:48:53 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='comm\x00')
write$char_usb(r0, 0x0, 0x2f)

04:48:54 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, 0x0, 0x0, 0x0)

04:48:54 executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='uid_map\x00')
write$FUSE_ATTR(r0, 0x0, 0x0)

[ 2878.331042][T28690] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 2878.651138][T28690] usb 1-1: device descriptor read/all, error -71
[ 2878.658262][T28690] usb usb1-port1: attempt power cycle
04:48:54 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 72)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:54 executing program 4:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='comm\x00')
write$tcp_congestion(r0, 0x0, 0x60)

04:48:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

04:48:54 executing program 2:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmmsg(r0, &(0x7f0000003f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40)

04:48:54 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40006020, &(0x7f0000000080))

04:48:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:55 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmmsg(r0, &(0x7f0000003f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000)

04:48:55 executing program 4:
r0 = socket(0xa, 0x2, 0x0)
write$P9_RSTATu(r0, 0x0, 0x0)

04:48:55 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
recvmmsg(r0, 0x0, 0x0, 0x160, &(0x7f00000000c0))

04:48:55 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000000)={'caif0\x00'})

04:48:55 executing program 5:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x4, 0xeb, &(0x7f00000002c0)=""/235}, 0x90)

04:48:55 executing program 4:
r0 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000000c0))

[ 2879.601113][T28690] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 2879.721630][T26145] FAULT_INJECTION: forcing a failure.
[ 2879.721630][T26145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2879.740839][T26145] CPU: 1 PID: 26145 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2879.751332][T26145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2879.761427][T26145] Call Trace:
[ 2879.764816][T26145]  <TASK>
[ 2879.767777][T26145]  dump_stack_lvl+0x125/0x1b0
[ 2879.772504][T26145]  should_fail_ex+0x496/0x5b0
[ 2879.777224][T26145]  _copy_from_user+0x30/0xf0
[ 2879.781860][T26145]  memdup_user+0x71/0xd0
[ 2879.786160][T26145]  raw_alloc_io_data+0x182/0x1c0
[ 2879.791143][T26145]  raw_ioctl+0xa81/0x2b80
[ 2879.795519][T26145]  ? raw_open+0x510/0x510
[ 2879.799889][T26145]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2879.804880][T26145]  ? raw_open+0x510/0x510
[ 2879.809253][T26145]  __x64_sys_ioctl+0x18f/0x210
[ 2879.814061][T26145]  do_syscall_64+0x38/0xb0
[ 2879.818533][T26145]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2879.824482][T26145] RIP: 0033:0x7f410aa7c84b
[ 2879.828939][T26145] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2879.849115][T26145] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2879.857579][T26145] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2879.865585][T26145] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2879.873597][T26145] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2879.881611][T26145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2879.889617][T26145] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2879.897725][T26145]  </TASK>
[ 2879.960906][T28690] usb 1-1: device descriptor read/all, error -71
04:48:56 executing program 2:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000100)='syzkaller\x00'}, 0x90)

04:48:56 executing program 1:
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000480)=@generic={&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}, 0x18)

04:48:56 executing program 5:
syz_open_procfs$namespace(0x0, &(0x7f0000000a40)='ns/mnt\x00')

04:48:56 executing program 4:
r0 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0xf, 0x1}, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000))

04:48:56 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:56 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 73)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:56 executing program 5:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0x100, &(0x7f0000000140), &(0x7f0000000080)=0xb0)

04:48:56 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000140)={0x10, 0x2}, 0x10)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f00000000c0)=0x8)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
r4 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r5 = dup2(r3, r4)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x105, &(0x7f0000000100)=ANY=[@ANYBLOB="050000ce", @ANYRES32=<r6=>0x0], &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x1, &(0x7f00000001c0)={r6, 0x6, 0x7, 0x80}, 0x10)

04:48:56 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000000240), &(0x7f0000000280)=0x8)

04:48:56 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_int(r0, 0x0, 0x42, &(0x7f00000000c0)=0x8000, 0x4)

04:48:56 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0xf, &(0x7f0000000080), 0xc)

04:48:56 executing program 2:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x3, &(0x7f0000000180)={0x8003}, 0x8)
connect$inet(r0, &(0x7f0000000140)={0x10, 0x2}, 0x10)

04:48:56 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="6ffb3394e55e08a46cca9c5c13db4c3a7fc0ad17453c1aa997a6f7303411146fee9d11511d770d35991c1e851b911e9981e225d454e715169d9392c77cc770642cc4248dbf6cd762eedc8ce6cdf76d43511525d3decff9239d30f26701ceb3f62fb08de6c7a048bf693e86f582244d7dcc9bf447b2", 0x75}, {&(0x7f0000000140)="64f2523f9dbdddda1c13fa5c4c82874b6c6036d37395d04efaeca5e7", 0x1c}], 0x2}, 0x408)

[ 2880.850896][T28690] usb 1-1: new high-speed USB device number 104 using dummy_hcd
04:48:56 executing program 1:
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x0)
ioctl$FIONREAD(r0, 0x4004667f, &(0x7f0000000000))

[ 2880.961189][T26183] FAULT_INJECTION: forcing a failure.
[ 2880.961189][T26183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2880.994821][T26183] CPU: 1 PID: 26183 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2881.005302][T26183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2881.015392][T26183] Call Trace:
[ 2881.018698][T26183]  <TASK>
[ 2881.021658][T26183]  dump_stack_lvl+0x125/0x1b0
[ 2881.026385][T26183]  should_fail_ex+0x496/0x5b0
[ 2881.031114][T26183]  _copy_from_user+0x30/0xf0
[ 2881.035757][T26183]  memdup_user+0x71/0xd0
[ 2881.040491][T26183]  raw_alloc_io_data+0x182/0x1c0
[ 2881.045476][T26183]  raw_ioctl+0xa81/0x2b80
[ 2881.049859][T26183]  ? raw_open+0x510/0x510
[ 2881.054235][T26183]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2881.059208][T26183]  ? raw_open+0x510/0x510
[ 2881.063566][T26183]  __x64_sys_ioctl+0x18f/0x210
[ 2881.068357][T26183]  do_syscall_64+0x38/0xb0
[ 2881.072797][T26183]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2881.078715][T26183] RIP: 0033:0x7f410aa7c84b
[ 2881.083141][T26183] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2881.102770][T26183] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2881.111202][T26183] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2881.119188][T26183] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2881.127174][T26183] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2881.135165][T26183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2881.143581][T26183] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2881.151582][T26183]  </TASK>
04:48:57 executing program 4:
syz_emit_ethernet(0x76, &(0x7f00000000c0)={@local, @remote, @val, {@ipv4}}, 0x0)

04:48:57 executing program 5:
setitimer(0x0, &(0x7f0000000180)={{}, {0x2000000000000e0}}, 0x0)

[ 2881.291712][T28690] usb 1-1: device descriptor read/all, error -71
[ 2881.334504][T28690] usb usb1-port1: unable to enumerate USB device
04:48:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:57 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 74)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:48:57 executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000140)='FREEZING\x00', 0x9)
write$cgroup_int(r0, &(0x7f0000000200), 0x23019)

04:48:57 executing program 2:
syz_emit_ethernet(0x22, &(0x7f0000000180)={@local, @random="172b4e57674c", @val, {@ipv4}}, 0x0)

04:48:57 executing program 1:
syz_emit_ethernet(0x4e, &(0x7f0000000040)={@broadcast, @remote, @val, {@ipv6}}, 0x0)

04:48:57 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x10}, [@ldst={0x3, 0x0, 0x6}], {0x95, 0x0, 0x5}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)

04:48:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:48:57 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x43, &(0x7f0000000040), 0x4)

04:48:57 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x2, 0x9, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

04:48:57 executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x10, 0x0, 0x79, 0x10}, [@ldst={0x5}], {0x95, 0x0, 0x5}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)

04:48:57 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x7, 0xe, &(0x7f00000005c0)=ANY=[@ANYBLOB="b700000030000000bca3000000000000240300001afeffff720af0fff8ffffff71a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000a61140800000000001d430000000000007a0a00fe003f001f6114040000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d601009393bf52d2105bd901128c7e0ec82701c8204a09eeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b2045024a982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700e89a56fe8e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a896192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12b92d7ae633d44086b3f03b20d54abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a44434000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b512e34182084a3a3b2beb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b1457c64baeaf8d23f30097126ef7586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddffff070000d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23541320d8579c5ab42bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267c451ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de01fdee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598232ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe88100000000000003568bbc2f89596ceacbcbd1c76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0044f57d15e77e34fc5915499b88ae780a7bae4df603bd3c72808cf300440b1b63615b454a161d5fc1d1308f39b3aff5c03eef2e63a013f8a5bf4da6aa1b7d5ec55e8c7a0405fe718e42d4d613f992a0cbc16cb251386acae02f665544c9c02adae5839f1e00006e42fc051a0cb8685667c2edf4522f0f2a8eb7c7b56063a959c4b881e3dbff3c911435e84bc57f36afb8ff78168719dc5ed47eb309f8a12db461beffd0d091a132330579c9afac1a4ad2794987927eb61ad82a61a144d33283eaeda44830a97426b3dc836a684a6e2716d83e60f5e0e1ab6376960224dc96c839a1fef49475cc0e3053eeb4aebd0e1696f20d458f1aac2d2d871221d3a2d0e1790584ba14b9145a3f81298ae7871f0191a740a8e53b0b6f152dc4d8f28eaa2a5acadd2313f55287aa6ea469b90575839cd763b4703e87fbd6bd134c2cb62996c5d28e73df35744f19143c0b57a26d692dd9a5cf3ab615e432e38b0cbbcced5c39a73fc8e50e6590605cc0b7db1dbca3ea6fbcdff0e18fdeeb5360642d77171433e78bd9300fd171fc83700f0e92b116e7846719eecd94331354b35b9aac42b34fac350decfe5c2eac926f0a007cb6e3bda3effb84b4607468aaad19dcf0d54e5f4ed4ade1fca17d39be192a10516fb34eb6cde71136bb2b4ce1306c17744fefc2b884bdfebad17314"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

04:48:57 executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000002c00)={0x2020}, 0x2020)

04:48:57 executing program 1:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902f801010105b028090400f102020600ff05240600000524003e000d240f0100020000200000001f08241c01003f000206241a01ff1f06241a060001b1241304403316edba1f019653389b88ad14e3b11168bb9ee25303daada941fbdab761f5d6557c30465d9d83f5ff02d456c00254466001b461a7417cbfc73b03e0b47ca07773eeb12ffb8466100281a561830f61ff0c4f0c673890a21bfec4d6c8f887ab54fdb1bf979c9eda1e08c9ea38a609e16d06b5cd0f5908a6f399accdb2e452b448eaa769da694bc154befd551319bacd8ec4d0988d5e3a864a58f1c80333fa3c113d8ff9dae798745d2bb7ea310c240705c2086d00fdff0100e324130803349d9cb8079d64430bcbd3126651723486d867975249b37735e14ae9c0dceda03c7795a93aaed6ca0c3fa32726fd362451ac02d72137956c31711008d9875a62fece9e76b08b961b362aa12f3ff67d896a70cb07bb513b907e6c48a4706ec85447281a30eefcee42cf09ec0742669da2cc2be534aeb0d50c9ecf514ef5dd575edc4fb8979a8ffeaba706475d12f9391954d729c3aec38bad67ec10911c1583005afe22bd596690a9332db8e4a6e58d5223617ef2adf58daeadf5761ef2a9578432462ab91a6d8cb3dde5b50e455ed170814753e0f2d36b315db347de2d6b0905810308007f06040905"], &(0x7f00000004c0)={0x0, 0x0, 0x22, &(0x7f0000000000)={0x5, 0xf, 0x22, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x0, 0x0, 0x8}, @wireless={0xb, 0x10, 0x1, 0x0, 0x0, 0x0, 0xfc}, @wireless={0xb, 0x10, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}, 0x1, [{0x0, 0x0}]})
openat$hwrng(0xffffffffffffff9c, &(0x7f0000004600), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)

[ 2882.250763][T28690] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 2882.531130][T26246] FAULT_INJECTION: forcing a failure.
[ 2882.531130][T26246] name failslab, interval 1, probability 0, space 0, times 0
[ 2882.560670][T26246] CPU: 0 PID: 26246 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2882.571150][T26246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2882.581683][T26246] Call Trace:
[ 2882.584989][T26246]  <TASK>
[ 2882.587946][T26246]  dump_stack_lvl+0x125/0x1b0
[ 2882.592671][T26246]  should_fail_ex+0x496/0x5b0
[ 2882.597395][T26246]  should_failslab+0x9/0x20
[ 2882.601931][T26246]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2882.607442][T26246]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2882.613222][T26246]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2882.619003][T26246]  __kmalloc+0x4f/0x100
[ 2882.623210][T26246]  tomoyo_realpath_from_path+0xb9/0x710
[ 2882.628809][T26246]  ? tomoyo_profile+0x47/0x60
[ 2882.633534][T26246]  tomoyo_path_number_perm+0x241/0x580
[ 2882.639050][T26246]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2882.644910][T26246]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2882.650774][T26246]  ? __might_fault+0x13f/0x1a0
[ 2882.655593][T26246]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2882.661010][T26246]  ? rcu_is_watching+0x12/0xb0
[ 2882.665818][T26246]  ? xfd_validate_state+0x5d/0x180
[ 2882.671007][T26246]  ? __fget_files+0x272/0x410
[ 2882.675728][T26246]  security_file_ioctl+0x72/0xb0
[ 2882.680711][T26246]  __x64_sys_ioctl+0xbb/0x210
[ 2882.685430][T26246]  do_syscall_64+0x38/0xb0
[ 2882.689893][T26246]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2882.695833][T26246] RIP: 0033:0x7f410aa7c84b
[ 2882.700289][T26246] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2882.719932][T26246] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2882.728471][T26246] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2882.736486][T26246] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2882.744593][T26246] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2882.752631][T26246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2882.760632][T26246] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2882.768649][T26246]  </TASK>
[ 2882.771835][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2882.902893][T26246] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2882.973519][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2883.142860][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2883.154345][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2883.175280][T28690] usb 1-1: Product: syz
[ 2883.184610][T28690] usb 1-1: Manufacturer: syz
[ 2883.194950][T28690] usb 1-1: SerialNumber: syz
[ 2884.351083][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2884.357578][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2884.372342][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2884.781263][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2884.817318][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2884.862960][T28690] usb 1-1: USB disconnect, device number 105
[ 2884.882409][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:01 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 75)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:01 executing program 5:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x0, 0x2}})

04:49:01 executing program 2:
syz_usb_connect$cdc_ecm(0x0, 0x20a, &(0x7f0000000540)=ANY=[@ANYBLOB="12010102020000402505a1a44000010203010902f801010105b028090400f102020600ff05240600000524003e000d240f0100020000200000001f08241c01003f000206241a01ff1f06241a060001b1241304403316edba1f019653389b88ad14e3b11168bb9ee25303daada941fbdab761f5d6557c30465d9d83f5ff02d456c00254466001b461a7417cbfc73b03e0b47ca07773eeb12ffb8466100281a561830f61ff0c4f0c673890a21bfec4d6c8f887ab54fdb1bf979c9eda1e08c9ea38a609e16d06b5cd0f5908a6f399accdb2e452b448eaa769da694bc154befd551319bacd8ec4d0988d5e3a864a58f1c80333fa3c113d8ff9dae798745d2bb7ea310c240705c2086d00fdff0100e324130803349d9cb8079d64430bcbd3126651723486d867975249b37735e14ae9c0dceda03c7795a93aaed6ca0c3fa32726fd362451ac02d72137956c31711008d9875a62fece9e76b08b961b362aa12f3ff67d896a70cb07bb513b907e6c48a4706ec85447281a30eefcee42cf09ec0742669da2cc2be534aeb0d50c9ecf514ef5dd575edc4fb8979a8ffeaba706475d12f9391954d729c3aec38bad67ec10911c1583005afe22bd596690a9332db8e4a6e58d5223617ef2adf58daeadf5761ef2a9578432462ab91a6d8cb3dde5b50e455ed170814753e0f2d36b315db347de2d6b0905810308007f0604090582020002200907090503021f"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x0, 0x0}]})

04:49:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:01 executing program 4:
openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000300))
syz_clone(0x50140000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0)

04:49:01 executing program 1:
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
syz_clone(0x50140000, 0x0, 0x0, 0x0, 0x0, 0x0)

04:49:01 executing program 5:
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82840, 0x100)

04:49:01 executing program 4:
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x64)

04:49:01 executing program 1:
openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x103081, 0x0)

04:49:01 executing program 5:
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
getpeername$netlink(r0, 0x0, &(0x7f0000000040))

04:49:01 executing program 1:
semget$private(0x0, 0x7, 0x38)

04:49:01 executing program 4:
signalfd4(0xffffffffffffffff, &(0x7f0000001ec0), 0x8, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fd/4\x00')

[ 2885.683580][T28690] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 2885.991120][T26308] FAULT_INJECTION: forcing a failure.
[ 2885.991120][T26308] name failslab, interval 1, probability 0, space 0, times 0
[ 2886.006497][T26308] CPU: 1 PID: 26308 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2886.016968][T26308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2886.027056][T26308] Call Trace:
[ 2886.030358][T26308]  <TASK>
[ 2886.033317][T26308]  dump_stack_lvl+0x125/0x1b0
[ 2886.038037][T26308]  should_fail_ex+0x496/0x5b0
[ 2886.042762][T26308]  should_failslab+0x9/0x20
[ 2886.047303][T26308]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2886.052812][T26308]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2886.058591][T26308]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2886.064371][T26308]  __kmalloc+0x4f/0x100
[ 2886.068567][T26308]  tomoyo_realpath_from_path+0xb9/0x710
[ 2886.074169][T26308]  ? tomoyo_profile+0x47/0x60
[ 2886.078893][T26308]  tomoyo_path_number_perm+0x241/0x580
[ 2886.084397][T26308]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2886.090083][T26308]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2886.095996][T26308]  ? __might_fault+0x13f/0x1a0
[ 2886.100815][T26308]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2886.106234][T26308]  ? rcu_is_watching+0x12/0xb0
[ 2886.111043][T26308]  ? xfd_validate_state+0x5d/0x180
[ 2886.116231][T26308]  ? __fget_files+0x272/0x410
[ 2886.120956][T26308]  security_file_ioctl+0x72/0xb0
[ 2886.125935][T26308]  __x64_sys_ioctl+0xbb/0x210
[ 2886.130647][T26308]  do_syscall_64+0x38/0xb0
[ 2886.135106][T26308]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2886.141040][T26308] RIP: 0033:0x7f410aa7c84b
[ 2886.145481][T26308] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2886.165127][T26308] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2886.173594][T26308] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2886.181594][T26308] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2886.189585][T26308] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2886.197584][T26308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2886.205585][T26308] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2886.213602][T26308]  </TASK>
[ 2886.230126][T26308] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2886.290950][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2886.463277][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2886.478187][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2886.496492][T28690] usb 1-1: Product: syz
[ 2886.505353][T28690] usb 1-1: Manufacturer: syz
[ 2886.515700][T28690] usb 1-1: SerialNumber: syz
[ 2887.700928][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2887.709727][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2887.733866][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2888.120906][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2888.170961][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2888.221243][T28690] usb 1-1: USB disconnect, device number 106
[ 2888.228871][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:04 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 76)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:04 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000bc0), 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)

04:49:04 executing program 5:
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101041, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101002, 0x32)

04:49:04 executing program 4:
signalfd4(0xffffffffffffffff, &(0x7f0000001ec0), 0x8, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fd/4\x00')

04:49:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:04 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
write$cgroup_type(r0, 0x0, 0x0)

04:49:04 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x30802, 0x0)
write$tun(r0, 0x0, 0xffffffd7)

04:49:04 executing program 2:
r0 = semget(0x2, 0x0, 0x0)
semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000040)=""/253)

04:49:04 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x4a081, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r0, 0x0, 0x36)

04:49:04 executing program 1:
r0 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2)
poll(&(0x7f0000000140)=[{r0}], 0x1, 0x2)

04:49:04 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(r0, &(0x7f0000000100)=""/231, 0xe7)

04:49:04 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000006640)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg$unix(r1, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=[@cred={{0x1c}}], 0x20}}], 0x1, 0x0, 0x0)
sendmmsg$unix(r0, &(0x7f00000015c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)=[@rights={{0x14, 0x1, 0x1, [r1]}}, @rights={{0x14, 0x1, 0x1, [r0]}}], 0x30}}], 0x1, 0x0)

[ 2889.100744][T17130] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 2889.440885][T26371] FAULT_INJECTION: forcing a failure.
[ 2889.440885][T26371] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2889.472409][T26371] CPU: 0 PID: 26371 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2889.482893][T26371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2889.492984][T26371] Call Trace:
[ 2889.496283][T26371]  <TASK>
[ 2889.499235][T26371]  dump_stack_lvl+0x125/0x1b0
[ 2889.503951][T26371]  should_fail_ex+0x496/0x5b0
[ 2889.508650][T26371]  _copy_to_user+0x30/0xb0
[ 2889.513092][T26371]  raw_ioctl+0x12ac/0x2b80
[ 2889.517537][T26371]  ? raw_open+0x510/0x510
[ 2889.521890][T26371]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2889.526851][T26371]  ? raw_open+0x510/0x510
[ 2889.531196][T26371]  __x64_sys_ioctl+0x18f/0x210
[ 2889.536004][T26371]  do_syscall_64+0x38/0xb0
[ 2889.540446][T26371]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2889.546362][T26371] RIP: 0033:0x7f410aa7c84b
[ 2889.550793][T26371] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2889.570593][T26371] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2889.579033][T26371] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2889.587018][T26371] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2889.595030][T26371] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2889.603098][T26371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2889.611096][T26371] R13: 0000000800000000 R14: 0000000000000012 R15: 00007f410aad07e0
[ 2889.619109][T26371]  </TASK>
[ 2889.622209][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2889.781041][T17130] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 2889.801221][T17130] usb 1-1: can't read configurations, error -71
04:49:06 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000006640)={<r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001640)="344f2466d9a35df470a8f492d62b41316487e7a7bea1fb32ac78f67dc65223ed62956419108d3d6c3941b1f65346e611f4554f5afbe4e506cec28fa069f0e115c8816c096b245b611d8051eabae9c5b6d800df183f6368bd8e5782526a98508fe62849c2b4c31b98e97aa1174adcdac8c036ecd0f4c7d5f7312be358d465b800a247189f6d4479a0d924929cdbd3e28a0ae8b58e5100bd8a61c32d01588651034441256df9fc032bc159306f270baacc11a8ba5303f3efae32e658434bfe3545ce35be93a9908703e82b13217ba0f97d01cd371e39df3cb71c8f8469ccf73e2b718ffbe26efbd3dab2dbab0483e24993a18c9c6f4a5c781ff9f99de529aa04772150141226913ce64b62a96164db2e400c64afa2ff7ab328934b720c5d85ac796d2acb04c783cac9d5f62b496fc38e3f7de13945d5818fe5cb99d21b0b2746dcf6081d8e0e3289046400ece2c2e3212ba2490fcb75d11982d1d434ac580e7aeef9dafa85a581e3064449bb890f4f27e64e3640ffe0fae5d6f6b7302589d7f22c6d80835ccb3a495211df232c55c51c452c95c850d58fdf47e66e3d8007240c4dec249c63f08fcc41b0f8392f27992b79e822d7fb498a83dcdd04d0605987ef8c091c6920b56324ca056dd2b09a85d50c4858b39c4bfefe7d8138d8860f61a6d26043ee40ab82453610bcd0d0b667a32b4c782c64ca16aac77fae14cefb6111d4bf3781fec9bde86493dcb4ff49cb254af773b8f1809f3a7cf7b9a7f6bbc0970b186e14e20a1055694d665f19659ffbf4446137862927e36b553834f37b7c613a43716218d16dba586b1fc6d00efafdafef558472195d937522f0a3fa56d6fc557ac7afe96ed2c68a2bc5660ad79a3fde76e181b926a1b3907e3ac782dc323d897cb24f508d1e661e17a8ae836b70e9e782bcdb7f40b0401715a07f8c1d36dbe4c6989e347430f1fdc83859f769cddae54ecc3cdbc7594c5a99334aa3c7782812a232e58bbe64236c567e1c1a3d3350afc3f6ed5ee78a5a56f5e9c6a6165286785461f820e1c59ed7a213d4b359f1ebb0bb15d23f40680ca6f93dbd2857076ae86c72e62661ce426c20af1d3bd9a52d237d798b85f1b86b1a4aeb20fffe7f10f47fb506628207a323a70bdb2296b53d99d84f8d4dc246c771f9d2d02c11a4ca6d843f44a681fc019647013cb7d5c41002c6e0e0ad74498db4520905f07b12721fff0468ab045543ded8cb5107d5851608ba2a69ae6422fb59d59dd2c3908413ac0941e5493df06a8986a98436466b71bb6bb6f825d21d0332b8e9c4b9abb24cdff09f4aeab2cab5a417018242703e627d2dd66314058eb3c2d1fce4b105e4bbd3bf4951e25daa5f90a454bd5af3ef5f7648e231c685a33b1a2487a3a5f13060bd304652b89831dd6c3619161b6c3297b20e1db1cdb0c00c8546e094dbd8653fd8d55779c3ce0daabc9e336de5c18381520b436d2fb0e4aa2071f11077c3c832373fe79940e8168371881c9cba85d48b594c335252608085255b7f91ea833d879eddc69038cf077cd72dc9a28693b5d017e6b0a40ebd2cc380445bcf3718e799cf3a48deaa6a5dae209106094ebca15d6a92b8f6e94a3ed13b9880c20dc86d902e76ce0d73beb98c49c035b738628b78580e41c80f71205cc0c1ba9dffb3a7a5b42ccdcec9938d756f517fbad2b4a9613c35751163474540d895bbfcd9186d94dc44ddbfd2e7cb18de883707bc4c45c232b441027883113bdecb6bd6998c3079db299833bfe4ecc252c2d30a0f16db17e3790bc69269d948f20cb6a5335247165e4aad5125fda1bdd4be9fd7fea9b24b8da41233401c1b6843f0e9d6345dea952385f0cf2c94d451019e8d0b4daa1378f52d2d4581cb436d795b4ec3b20c0b4ce0ba44543317fe5827383033eadc6fee43b4af06d1a0dcad7614ebf1fa8efd9d3d89ccd606dd0099e4306197a9dc460a1649c5cdd063d677f80bb10507cecd95dc20981a78f0ee62784673a259c20506687e031ccfba862a851b9061c9dd2df8fd9752e7490b72b7a3c1fd7272c4c3aa6c940d7b43132041c779566f35e527c861409e2016b98b2418a4e6c3d15f2f754e07ae8b23f4e225ee7b5bfb974160f2cc749a8b3f69ee9ac1884fa11d04feebe49221be05dce81f7b3c868cb6c262ba0882c4f6785c1e7d60f48ff81672b4c54334aec156b3b0648ed1a351dde265860ad6f5f490eb7bac0c97ad43c924bd60de05b7b655d0cfee75884233fd7d0bd0a83c7fe6deb2a8afa392726a2fe4a4bd5bfd6b1204f423849f07cd0c0c501b47c39a2d73d5de4b994ca981d0b37d0f50a881f7fb87ea87200ad541d85b720f7d4afde306b6e6e648ff15a86c8bdb5a26e10f72ea7af97513bdf8d85e26964aa3e42f0e3becd7365e584ebe17f57ead45dead3c61a576cff3fbff91348a5a5e93e4b473b7e6a0c140d2ce82a52cd642915a1937876b548ac6bc9966f48b3eef5dec1d15224adc802be52333935d23b9b8000d3ca9fc60c5ae5b7b254f54c4aab318b260eb5192525870faf659415f239ef07d94283ebd9cf7131bf069118307910a21f380a822cc8fedc6d85f9e23a5973b4cd96d77a1265977776e47d0fa9d998a7638769b419221b149935249d895ee4ab402124fb7fb9abc5938a5bd77fb0308084f900fa6b2f8423edfcbb5be9ba8ebd5ce6e8ff1468e893580b62e9d1232d6995023905b3c89bf98e18e836eea05ab774364d1f9535fa34ed95a7996283ae02663a60279529d4cee2cc23a95848d579435dfdcc985ad724340b8a5f21cebceab83423fa50fb4245d973b11d16475dcaa82431bbc17ba4c84d48973f96c1fb2f333af7759b7030d303bbfb6904557dcf03ae5dcd10606477585fc718b1cb75053f585b56f17697059ed9714186e1748252da4fe71d419d1c76a2c3f692784df8e9daae1c9e1b59bfadec1c840f95699b8ac17758b47ba0a48c170a0fe15710bd6d818d7653ce7e1c7198c4ccee5822bab343e5383600e5d38d54914ac929d710eaa7a6f6e355c8f4b514e18723c3e37b7c9a644c00a41c9e58fbdae1a44a67fe1ca5e590b9d5326377949dbebfef0388d4fa5f35f4ab21102cbde0c8f3f92412a5e21177aa9f6f115b8083f1d5483384b38689b25fdf1a519fa381355dd482885070bbe2762d157f413f335b543c56cc6a70b2dc7c6198a6536f2ae214faf73bfb03829010417d0f4f05f65cd1f4d2f25deada9ed6c74fbe58e625600342986ea2c27bc132f5f54058d7a7b1fd0fb648cb59bfb84631369028e78f172ab53ccbbdd1344c0b2a7e8546d960281fa829d161608ff6b909e4e01ee6affb79de674aedbf7f3f6b72cde3edc1f935ab7157e4780d4799c14976307176e50f782fe348b9686d1a5dcd108549217a8384a831b0536e8380c6548787fb563d22004475f2b3872c81150f707a1452ee053b180f3584f4100806514ca957e4944788488677103eae78681fbfba45414b7a27e8947433daed8121566502abb767f3a215d8c87dc480e4d1d3f2f85e5aff7affdc91ef6f396fc05b6ec07d7ab429148e8195ebcea37666a5085b16bf4b9619926fa26b62381327d61a865a94f69f58d08ff7493cbe026fb8bb96228a8c8f8db8e8cbdbcca08f041c1a2a295bd326d980a9fa6e8cff4400b398870013da04a56e787fd4efef8d05c7bff2bbcdde08f6ea1ad76d1c68e62b66f9dce8ac1a4fa450f7ad6af94b8c9fafcfea2633a4dabaf11076974cd3544910684f1519e2b86bf0eca23622f95f8a5bfad997380d180d0bd2a11b8af18b11ac1004257407ea3cc779dff0c42aefd10cc5b40c812e52cf5c4bd56cb7126a73c6847dce421cb1829fbaf349caf576e4894df34d1ee69c0493fef97f1beac1c0d6fa4b2a278d4e8bc795814562d2109198ee725bf4293c93c557daae8554da29958dd248020862e8f3920a6ae62dd96b11c62877d4a0149a02c672585d73afcdc7453be1eb18e874a11414aadfb670623ed30d35d61bb1ed523b612c5c7883053131896b689f2e8b05e76654df3fdbb0624c3eea6f4ecc199055a47ad8728fad5744bf41b1b43aeaebcd0d2547e6f7bcf2b6a825ded17a52f6f966503d650cbf85951032fddb66c7baa76941e0fc9baa8a470877fca909d3212da8501767456aa4ca701060982537b525b4127c1af8341b8100230c1403541b3eb4cdb0436a4b43daa991ce8a540e30b4304d6a0eac3bbd4cc4ef35271c29a28303bcb2280fd4a1a9d33c6e896a20bcd5bf5ced9f6b88255e72367054bf5ec03d9844dc8f632591195896aed23e67bbc49d5f92a55ce07ae2372a3ca64ffb318a091aa99496418ac1807dc9101a3c82973ab6233b04d1142c47d7a9431c8a8a79dc827f60ab424631db6b80c586a1c9e42ad055bc48ee7401aef41f81a3ad0cabc334f845a670c8cd62ee3605585e7932c116a2fbaa65b7ddaf4438510d1b7ae31639e35a46b07888e932b26e5f333bc2d522f0bc7928c9bfce7c0624a4e761a515e641350d4f3301571c51f14e785ba0f2884fa46d1d1aa7863dfe799f1f428c82c07b52365f2df879ac3d5bc8645bb8a9ae093ce31a1b3e00dd469935551eb74b7d20ce57cc940c61dec1fd930d0644c926b601b26bcf8b310b39768666036de13a5e68b117a83983f64e5a8186c8a03e6c7fbc606feb4525e9b501a18aa381214461fd292374e8a07946ee38efa634c3d40020892f9f7e1e9f546524be3b8c164690f50bebdb5f466f64e7dee4101bcf3f648ff24420b89dcf94bd694c099492a0253fd5de6c4649b10c727aa73f0716b952d1b0b846e135378e4aaf6b14fb8b1e8a52b961bae3cf8a6d10c5be2f8f8de5f053bc858385bebf4e644bb17eacef21ab83c1ba5a531b270b34afbaced809e5261cf56f9b61ebc65b1e1adece001bdb0adf41b451c9e937f239648aec4fb1dab7731f2915d62e587db7aebf5db208d71315fc78af3b610eb8ad50e00c87f93c69bc68d2139c845e77dbd0c43abea4d09e0b7c57364fab91a36eae4b9bc7706d5546acdca8a86c800a41beacb57d6deeafda07b44a84e6e474190fe23ed3de9b531e38e66039c7e5a06307db62a9e175fc1ff52ac962aa7d18be85e183ead903d60c7d214a5d85c6c424369f21a8509bcec7a5936d894f4ca1c325250096e42555822050b0936086575c6dac214821c04df9234b89c75efe57a88721f24fa1be499f33cd9df2cb68dd89ab50280c020d469ba5f2c75ee13f84c51605a5997d44dde46235cc09473ab8bee1ac66920d023acc9dbe2d0e5011cbb36c94119f16bec6a5450991f11e11990f44df6e027995250e3387b1ff18d0c6dceada8222e509939c4ec6286da777235d94c295126e3a61670babd36ab8d65fb6442c652d46f474fb1896febc8daa1b328de0c82e87fbcf9ba5dac5125499dbc2a60a555f2b772b92e412e24b622d8da96e2e998a50ff59aaeacce2c20899d333701e203bd0a787be8bc4b60a7de3e3af24994f6525376c9714156ace43c41145aaff3f5004c0482f3780e88372f44e535dd8a631eb56227ea59539611ca764804c13d0f51c31e0c728b2b99856b3538c56c2ae188642a3457b0f2cd4622050ac6dbb6bf74b768d48dfd6bb652e75fcfe111faa38499274b3c2de8c15ba43bd235620b37d4b6fe3fb84d4af6235ee6c6b1e718facada1118006ffed518b7b325ebd745efbe869f8e183b70d60be5735028e69876144909d5546a9194394a2bbd318539aaf07845756d6971dcf2103e46a95123c70f84", 0x1000}, {&(0x7f0000000040)="f7a60d7f47fd37fbd7a3089f93f6edeb4cbb0e37ac2518a81f3cc6e264e9d180b934e534a1acade997aa682b6babbc27cfe6967208065a3f7aadcd50c7ea2f405b20461ac114291fab050cfd28a8e0963bccdc75e4e15dfe2507cad4eb4aa4fd37215cf67e71d5e359cbc8", 0x6b}], 0x2, 0x0, 0x17, 0x40000}}], 0x3, 0x0)

04:49:06 executing program 4:
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x60b02, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0x4d00, 0x0)

04:49:06 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(r0, &(0x7f0000000100)=""/231, 0xe7)

04:49:06 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000000))
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)='ns/time_for_children\x00')
bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={0x0}, 0x18)
r0 = openat$drirender128(0xffffffffffffff9c, 0x0, 0x428200, 0x0)
ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000700)=0x1, 0x4)
ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffe000/0x1000)=nil})
socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000780)={0x7, 0x2, 0x8, 0x6}, 0x10)
ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f00000007c0))
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0)
ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, 0x0)
ioctl$DRM_IOCTL_VERSION(0xffffffffffffffff, 0xc0406400, 0x0)
ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000000c40)={0x45, &(0x7f0000000bc0)=""/69})
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000c80), &(0x7f0000000cc0)=0x4)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000d40)={0x0, 0x3, 0x10, 0x200, 0x8}, 0x0)
ioctl$DRM_IOCTL_SG_ALLOC(0xffffffffffffffff, 0xc0106438, 0x0)

04:49:06 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:06 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 77)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:06 executing program 1:
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000240)={0x2, 0x0, @private}, 0x10)

[ 2890.326720][T26398] sctp: [Deprecated]: syz-executor.5 (pid 26398) Use of int in max_burst socket option.
[ 2890.326720][T26398] Use struct sctp_assoc_value instead
04:49:06 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(r0, &(0x7f0000000100)=""/231, 0xe7)

04:49:06 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$unlink(0x9, r0, 0xfffffffffffffffb)

04:49:06 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(r0, &(0x7f0000000100)=""/231, 0xe7)

04:49:06 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000780), 0x10)

04:49:06 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000400), &(0x7f0000000440)=0x14)

04:49:06 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000c80), &(0x7f0000000cc0)=0x4)

[ 2890.720789][T17130] usb 1-1: new high-speed USB device number 108 using dummy_hcd
04:49:06 executing program 2:
read$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=""/231, 0xe7)

04:49:06 executing program 1:
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x41}, 0x18)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x801c581f, &(0x7f0000000200))

04:49:06 executing program 5:
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, "", {{}, [{{0x9, 0x5, 0x82, 0x2, 0x10}}]}}}]}}]}}, 0x0)

04:49:06 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2891.031584][T26409] FAULT_INJECTION: forcing a failure.
[ 2891.031584][T26409] name failslab, interval 1, probability 0, space 0, times 0
[ 2891.053385][T26409] CPU: 0 PID: 26409 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2891.063860][T26409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2891.073948][T26409] Call Trace:
[ 2891.077252][T26409]  <TASK>
[ 2891.080212][T26409]  dump_stack_lvl+0x125/0x1b0
[ 2891.085023][T26409]  should_fail_ex+0x496/0x5b0
[ 2891.089747][T26409]  should_failslab+0x9/0x20
[ 2891.094297][T26409]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2891.099815][T26409]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2891.105598][T26409]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2891.111373][T26409]  __kmalloc+0x4f/0x100
[ 2891.115571][T26409]  tomoyo_realpath_from_path+0xb9/0x710
[ 2891.121182][T26409]  ? tomoyo_profile+0x47/0x60
[ 2891.125909][T26409]  tomoyo_path_number_perm+0x241/0x580
[ 2891.131420][T26409]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2891.137112][T26409]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2891.142980][T26409]  ? __might_fault+0x13f/0x1a0
[ 2891.147802][T26409]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2891.153219][T26409]  ? rcu_is_watching+0x12/0xb0
[ 2891.158026][T26409]  ? xfd_validate_state+0x5d/0x180
[ 2891.163194][T26409]  ? __fget_files+0x272/0x410
[ 2891.167915][T26409]  security_file_ioctl+0x72/0xb0
[ 2891.172902][T26409]  __x64_sys_ioctl+0xbb/0x210
[ 2891.177628][T26409]  do_syscall_64+0x38/0xb0
[ 2891.182102][T26409]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2891.188042][T26409] RIP: 0033:0x7f410aa7c84b
[ 2891.192491][T26409] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2891.212135][T26409] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2891.220567][T26409] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2891.228562][T26409] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2891.236546][T26409] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2891.244529][T26409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2891.252511][T26409] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2891.260512][T26409]  </TASK>
[ 2891.263703][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2891.361403][T26409] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2891.430828][T28690] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[ 2891.431241][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2891.600968][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2891.610199][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2891.626053][T17130] usb 1-1: Product: syz
[ 2891.630328][T17130] usb 1-1: Manufacturer: syz
[ 2891.635771][T17130] usb 1-1: SerialNumber: syz
[ 2891.671869][T28690] usb 6-1: Using ep0 maxpacket: 32
[ 2891.793506][T28690] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 2891.980920][T28690] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2891.990018][T28690] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2892.014107][T28690] usb 6-1: Product: syz
[ 2892.023138][T28690] usb 6-1: Manufacturer: syz
[ 2892.033366][T28690] usb 6-1: SerialNumber: syz
[ 2892.071568][T26442] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 2892.318504][T28690] usb 6-1: USB disconnect, device number 63
[ 2892.772595][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2892.779091][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2892.802195][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2893.210995][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2893.252499][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2893.301994][T17130] usb 1-1: USB disconnect, device number 108
[ 2893.309532][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:09 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 78)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:09 executing program 5:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1}}]}}]}}, 0x0)

04:49:09 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x0)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000140)={0x0, 0x0, 0x0, {}, {}, @ramp})

04:49:09 executing program 2:
read$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=""/231, 0xe7)

04:49:09 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f00000008c0), 0x0, 0x0)
ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000900)=""/158)

04:49:09 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:09 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000001640), 0x0, 0x0)
ioctl$EVIOCGKEYCODE_V2(r0, 0x40049409, &(0x7f0000001140)=""/51)

04:49:09 executing program 2:
read$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=""/231, 0xe7)

04:49:09 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000a40), 0x0, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000b80)={0x0, 0x38, &(0x7f0000000a80)="db29f662673504751647c6276049ba9dbbbe0e237b3e680bf58058eae9d7cd4d7a50c8fe7c4c5eef666860fb08733dd7d6e556c825eca140"})

04:49:09 executing program 1:
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$inet(r0, &(0x7f0000003040)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}}], 0x1, 0x0)

04:49:09 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$proc_mixer(r0, &(0x7f0000000100)=""/231, 0xe7)

04:49:09 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000080)=[@window, @mss, @mss, @timestamp, @sack_perm], 0x20000235)

[ 2894.051442][ T8761] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[ 2894.081117][T28690] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 2894.313197][ T8761] usb 6-1: Using ep0 maxpacket: 32
[ 2894.380972][T26491] FAULT_INJECTION: forcing a failure.
[ 2894.380972][T26491] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2894.401059][T26491] CPU: 0 PID: 26491 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2894.411528][T26491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2894.421613][T26491] Call Trace:
[ 2894.424917][T26491]  <TASK>
[ 2894.427880][T26491]  dump_stack_lvl+0x125/0x1b0
[ 2894.432605][T26491]  should_fail_ex+0x496/0x5b0
[ 2894.437330][T26491]  _copy_from_user+0x30/0xf0
[ 2894.441978][T26491]  raw_alloc_io_data+0x32/0x1c0
[ 2894.446878][T26491]  raw_ioctl+0xa81/0x2b80
[ 2894.451257][T26491]  ? raw_open+0x510/0x510
[ 2894.455631][T26491]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2894.460611][T26491]  ? raw_open+0x510/0x510
[ 2894.464974][T26491]  __x64_sys_ioctl+0x18f/0x210
[ 2894.469779][T26491]  do_syscall_64+0x38/0xb0
[ 2894.474240][T26491]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2894.480180][T26491] RIP: 0033:0x7f410aa7c84b
[ 2894.484624][T26491] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2894.504263][T26491] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2894.512698][T26491] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2894.520684][T26491] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2894.528666][T26491] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2894.536648][T26491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2894.544628][T26491] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2894.552631][T26491]  </TASK>
[ 2894.555694][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2894.621111][ T8761] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2894.650676][ T8761] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2894.660399][ T8761] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2894.681814][T28690] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 2894.689571][T28690] usb 1-1: can't read configurations, error -71
[ 2894.851081][ T8761] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2894.860206][ T8761] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2894.869671][ T8761] usb 6-1: Product: syz
[ 2894.880848][ T8761] usb 6-1: Manufacturer: syz
[ 2894.885485][ T8761] usb 6-1: SerialNumber: syz
04:49:10 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$proc_mixer(r0, &(0x7f0000000100)=""/231, 0xe7)

[ 2895.173561][ T8761] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 64 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 2895.213175][ T8761] usb 6-1: USB disconnect, device number 64
[ 2895.239421][ T8761] usblp0: removed
04:49:11 executing program 5:
statx(0xffffffffffffffff, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0)

04:49:11 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$proc_mixer(r0, &(0x7f0000000100)=""/231, 0xe7)

04:49:11 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, 0x0)

04:49:11 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$cgroup_netprio_ifpriomap(r0, 0x0, 0xfffffffffffffe78)

04:49:11 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003]})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:11 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 79)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:11 executing program 2:
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=""/231, 0xe7)

04:49:11 executing program 1:
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendto$unix(r0, 0x0, 0x0, 0x200000c4, 0x0, 0xffffffffffffff59)

04:49:11 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/dmi', 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)

04:49:11 executing program 4:
setresuid(0x0, 0xee01, 0x0)
setresuid(0x0, 0xee00, 0x0)

04:49:11 executing program 4:
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/dmi', 0x393481, 0x106)

04:49:11 executing program 1:
r0 = socket$inet(0x2, 0x2, 0x0)
getsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000000)=""/190, &(0x7f00000000c0)=0xbe)

04:49:11 executing program 5:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x11, 0x0, 0x0)

04:49:11 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003]})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2896.081114][T28690] usb 1-1: new high-speed USB device number 111 using dummy_hcd
04:49:11 executing program 2:
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=""/231, 0xe7)

04:49:11 executing program 4:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002140), 0x2, 0x0)
write$FUSE_LSEEK(r0, &(0x7f0000002080)={0x18}, 0xffffffffffffff27)

04:49:11 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000002240), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
getpriority(0x0, r1)

[ 2896.402765][T26549] FAULT_INJECTION: forcing a failure.
[ 2896.402765][T26549] name failslab, interval 1, probability 0, space 0, times 0
[ 2896.431097][T26549] CPU: 1 PID: 26549 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2896.441562][T26549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2896.451620][T26549] Call Trace:
[ 2896.454900][T26549]  <TASK>
[ 2896.457833][T26549]  dump_stack_lvl+0x125/0x1b0
[ 2896.462528][T26549]  should_fail_ex+0x496/0x5b0
[ 2896.467224][T26549]  should_failslab+0x9/0x20
[ 2896.471741][T26549]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2896.477225][T26549]  ? tomoyo_encode2+0x100/0x3d0
[ 2896.482109][T26549]  ? tomoyo_encode2+0x100/0x3d0
[ 2896.486982][T26549]  __kmalloc+0x4f/0x100
[ 2896.491159][T26549]  tomoyo_encode2+0x100/0x3d0
[ 2896.495892][T26549]  ? rcu_is_watching+0x12/0xb0
[ 2896.500689][T26549]  tomoyo_encode+0x29/0x50
[ 2896.505133][T26549]  tomoyo_realpath_from_path+0x196/0x710
[ 2896.510804][T26549]  tomoyo_path_number_perm+0x241/0x580
[ 2896.516292][T26549]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2896.521952][T26549]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2896.527796][T26549]  ? __might_fault+0x13f/0x1a0
[ 2896.532603][T26549]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2896.538005][T26549]  ? rcu_is_watching+0x12/0xb0
[ 2896.542790][T26549]  ? xfd_validate_state+0x5d/0x180
[ 2896.547933][T26549]  ? __fget_files+0x272/0x410
[ 2896.552628][T26549]  security_file_ioctl+0x72/0xb0
[ 2896.557592][T26549]  __x64_sys_ioctl+0xbb/0x210
[ 2896.562290][T26549]  do_syscall_64+0x38/0xb0
[ 2896.566726][T26549]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2896.572639][T26549] RIP: 0033:0x7f410aa7c84b
[ 2896.577062][T26549] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2896.596687][T26549] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2896.605117][T26549] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2896.613103][T26549] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2896.621175][T26549] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2896.629157][T26549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2896.637141][T26549] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2896.645146][T26549]  </TASK>
[ 2896.690690][T26549] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2896.761490][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2896.951192][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2896.960299][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2896.969047][T28690] usb 1-1: Product: syz
[ 2896.980932][T28690] usb 1-1: Manufacturer: syz
[ 2896.985576][T28690] usb 1-1: SerialNumber: syz
[ 2898.054559][ T1236] ieee802154 phy0 wpan0: encryption failed: -22
[ 2898.061572][ T1236] ieee802154 phy1 wpan1: encryption failed: -22
[ 2898.151293][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2898.157784][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2898.166023][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2898.581143][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2898.621191][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2898.665801][T28690] usb 1-1: USB disconnect, device number 111
[ 2898.684916][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:14 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 80)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:14 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, 0x0, 0x22)

04:49:14 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$P9_RAUTH(r0, 0x0, 0x45)

04:49:14 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone3(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
socket$inet(0x2, 0x4, 0xd23)

04:49:14 executing program 2:
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(0xffffffffffffffff, &(0x7f0000000100)=""/231, 0xe7)

04:49:14 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003]})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:15 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(r0, 0x0, 0x0)

04:49:15 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000002240), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
syz_open_procfs$namespace(r1, &(0x7f0000002080)='ns/ipc\x00')

04:49:15 executing program 5:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0)

04:49:15 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000002240), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
syz_open_procfs$namespace(r1, &(0x7f0000002080)='ns/ipc\x00')

04:49:15 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000280)={0x0, @in, 0x0, 0x0, 0x30d}, 0x98)

04:49:15 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(r0, 0x0, 0x0)

[ 2899.541158][ T3993] usb 1-1: new high-speed USB device number 112 using dummy_hcd
[ 2899.921431][ T3993] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 2899.933879][ T3993] usb 1-1: can't read configurations, error -71
04:49:16 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 81)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:16 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000002240), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
syz_open_procfs$namespace(r1, &(0x7f0000002080)='ns/ipc\x00')

04:49:16 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000300)={0x0, @in, 0x0, 0x0, 0x6}, 0x98)

04:49:16 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, 0x0, 0x0)

04:49:16 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/oops_count', 0x0, 0x0)
read$proc_mixer(r0, 0x0, 0x0)

04:49:16 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:16 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000080)={0x10, 0x2}, 0x10)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000180), &(0x7f0000000040)=0x90)

04:49:16 executing program 2:
r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a)
sendto$inet6(r0, &(0x7f00000000c0)="13bfce5a0d71498a", 0x8, 0x0, &(0x7f0000000180)={0x1c, 0x1c}, 0x1c)

04:49:16 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, &(0x7f0000000000)={0x0, 0xb7}, 0x8)

04:49:16 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000002240), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
syz_open_procfs$namespace(r1, &(0x7f0000002080)='ns/ipc\x00')

04:49:16 executing program 1:
open(&(0x7f00000004c0)='./file0\x00', 0x200, 0x0)

04:49:16 executing program 5:
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, 0x0}, 0x0)

[ 2900.880816][ T3993] usb 1-1: new high-speed USB device number 113 using dummy_hcd
[ 2901.281198][ T3993] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 2901.294546][ T3993] usb 1-1: can't read configurations, error -71
[ 2901.311180][ T3993] usb usb1-port1: attempt power cycle
04:49:17 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 82)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:17 executing program 4:
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
lchown(&(0x7f0000000740)='./file1\x00', 0x0, 0x0)

04:49:17 executing program 2:
pwritev(0xffffffffffffffff, 0x0, 0xfd71, 0x0, 0x0)

04:49:17 executing program 1:
pipe2(&(0x7f0000000300)={<r0=>0xffffffffffffffff}, 0x0)
dup(r0)

04:49:17 executing program 5:
pipe2(&(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
openat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)

04:49:17 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:17 executing program 2:
add_key$keyring(&(0x7f0000000180), 0x0, 0x1ffff000, 0xfffff, 0x0)

04:49:17 executing program 1:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)

04:49:17 executing program 4:
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$BLKBSZSET(r0, 0x1265, 0x0)

04:49:17 executing program 5:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$revoke(0x10, r0)

04:49:17 executing program 1:
add_key$keyring(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)

04:49:17 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$BLKBSZSET(r0, 0x301, &(0x7f0000000040))

[ 2902.282939][ T3993] usb 1-1: new high-speed USB device number 114 using dummy_hcd
[ 2902.471240][T26707] FAULT_INJECTION: forcing a failure.
[ 2902.471240][T26707] name failslab, interval 1, probability 0, space 0, times 0
[ 2902.489743][T26707] CPU: 0 PID: 26707 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2902.500211][T26707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2902.510295][T26707] Call Trace:
[ 2902.513603][T26707]  <TASK>
[ 2902.516556][T26707]  dump_stack_lvl+0x125/0x1b0
[ 2902.521271][T26707]  should_fail_ex+0x496/0x5b0
[ 2902.525991][T26707]  should_failslab+0x9/0x20
[ 2902.530530][T26707]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2902.536040][T26707]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2902.541824][T26707]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2902.547591][T26707]  __kmalloc+0x4f/0x100
[ 2902.551789][T26707]  tomoyo_realpath_from_path+0xb9/0x710
[ 2902.557384][T26707]  ? tomoyo_profile+0x47/0x60
[ 2902.562110][T26707]  tomoyo_path_number_perm+0x241/0x580
[ 2902.567610][T26707]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2902.573297][T26707]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2902.579166][T26707]  ? __might_fault+0x13f/0x1a0
[ 2902.583982][T26707]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2902.589394][T26707]  ? rcu_is_watching+0x12/0xb0
[ 2902.594199][T26707]  ? xfd_validate_state+0x5d/0x180
[ 2902.599374][T26707]  ? __fget_files+0x272/0x410
[ 2902.604100][T26707]  security_file_ioctl+0x72/0xb0
[ 2902.609080][T26707]  __x64_sys_ioctl+0xbb/0x210
[ 2902.613794][T26707]  do_syscall_64+0x38/0xb0
[ 2902.618251][T26707]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2902.624184][T26707] RIP: 0033:0x7f410aa7c84b
[ 2902.628628][T26707] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2902.648282][T26707] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2902.656731][T26707] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2902.664735][T26707] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2902.672739][T26707] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2902.680736][T26707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2902.688742][T26707] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2902.696765][T26707]  </TASK>
[ 2902.699872][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2902.740813][T26707] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2902.803947][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2903.001183][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2903.010328][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2903.030946][ T3993] usb 1-1: Product: syz
[ 2903.035167][ T3993] usb 1-1: Manufacturer: syz
[ 2903.039824][ T3993] usb 1-1: SerialNumber: syz
[ 2904.161221][ T3993] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2904.167705][ T3993] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2904.190642][ T3993] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2904.572545][ T3993] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2904.608204][ T3993] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2904.652755][ T3993] usb 1-1: USB disconnect, device number 114
[ 2904.660341][ T3993] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:20 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 83)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:20 executing program 4:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)
read$msr(r0, &(0x7f0000000080)=""/223, 0xdf)

04:49:20 executing program 2:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

04:49:20 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_udp_int(r0, 0x11, 0xb, &(0x7f00000003c0), 0x4)

04:49:20 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0xa, 0x7e, @default_ibss_ssid}, @NL80211_ATTR_FREQ_FIXED={0x4}]}, 0x2c}}, 0x0)

04:49:20 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1}})

04:49:21 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="500000004a000102"], 0x50}}, 0x0)

[ 2905.220118][T26759] netlink: 'syz-executor.5': attribute type 126 has an invalid length.
04:49:21 executing program 5:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@pointer, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x55}}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

04:49:21 executing program 2:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@pointer, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

04:49:21 executing program 1:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x5, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@pointer, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x4}}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

04:49:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x30, r1, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0)

[ 2905.481283][ T5145] usb 1-1: new high-speed USB device number 115 using dummy_hcd
[ 2905.831378][T26765] FAULT_INJECTION: forcing a failure.
[ 2905.831378][T26765] name failslab, interval 1, probability 0, space 0, times 0
[ 2905.863364][T26765] CPU: 1 PID: 26765 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2905.873833][T26765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2905.884004][T26765] Call Trace:
[ 2905.887303][T26765]  <TASK>
[ 2905.890256][T26765]  dump_stack_lvl+0x125/0x1b0
[ 2905.894975][T26765]  should_fail_ex+0x496/0x5b0
[ 2905.899690][T26765]  should_failslab+0x9/0x20
[ 2905.904230][T26765]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2905.909750][T26765]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2905.915552][T26765]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2905.921328][T26765]  __kmalloc+0x4f/0x100
[ 2905.925519][T26765]  tomoyo_realpath_from_path+0xb9/0x710
[ 2905.931129][T26765]  ? tomoyo_profile+0x47/0x60
[ 2905.935860][T26765]  tomoyo_path_number_perm+0x241/0x580
[ 2905.941368][T26765]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2905.947050][T26765]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2905.952927][T26765]  ? __might_fault+0x13f/0x1a0
[ 2905.957746][T26765]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2905.963165][T26765]  ? rcu_is_watching+0x12/0xb0
[ 2905.967969][T26765]  ? xfd_validate_state+0x5d/0x180
[ 2905.973137][T26765]  ? __fget_files+0x272/0x410
[ 2905.977862][T26765]  security_file_ioctl+0x72/0xb0
[ 2905.982859][T26765]  __x64_sys_ioctl+0xbb/0x210
[ 2905.987575][T26765]  do_syscall_64+0x38/0xb0
[ 2905.992029][T26765]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2905.997962][T26765] RIP: 0033:0x7f410aa7c84b
[ 2906.002406][T26765] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2906.022055][T26765] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2906.030503][T26765] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2906.038497][T26765] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2906.046499][T26765] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2906.054499][T26765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2906.062500][T26765] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2906.070522][T26765]  </TASK>
[ 2906.084654][T26765] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2906.111029][ T5145] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2906.281703][ T5145] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2906.293091][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2906.305720][ T5145] usb 1-1: Product: syz
[ 2906.317890][ T5145] usb 1-1: Manufacturer: syz
[ 2906.327122][ T5145] usb 1-1: SerialNumber: syz
[ 2907.481543][ T5145] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2907.488035][ T5145] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2907.510492][ T5145] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2907.902885][ T5145] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2907.945927][ T5145] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2907.990342][ T5145] usb 1-1: USB disconnect, device number 115
[ 2908.003513][ T5145] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:24 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 84)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:24 executing program 1:
rt_sigtimedwait(&(0x7f0000000080), 0x0, &(0x7f0000000040)={0x0, 0x3938700}, 0x8)

04:49:24 executing program 5:
socketpair(0x22, 0x0, 0x21, &(0x7f0000000140))

04:49:24 executing program 2:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file0\x00'})
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000f31b0012000c000100627269646765"], 0x3c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000024000b0e00"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff000000000900010063616b65000000001400020008000a003f00f600080005"], 0x44}}, 0x0)
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r0, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f100300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

04:49:24 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:24 executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@pointer, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb}}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

04:49:24 executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x5, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@pointer, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x37}}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

[ 2908.503416][T26812] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.2'.
04:49:24 executing program 5:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @local}, 0x10)
recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/105, 0x69}], 0x1}}], 0x1, 0x157dd, 0x0)

04:49:24 executing program 1:
socketpair(0x2b, 0x1, 0x1000, &(0x7f0000000040))

04:49:24 executing program 5:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x5, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@pointer, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)

04:49:24 executing program 2:
syz_clone(0x2000080, 0x0, 0x0, 0x0, 0x0, 0x0)

04:49:24 executing program 4:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0)

[ 2908.801148][T28690] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[ 2909.131067][T26819] FAULT_INJECTION: forcing a failure.
[ 2909.131067][T26819] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2909.152642][T26819] CPU: 1 PID: 26819 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2909.163120][T26819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2909.173208][T26819] Call Trace:
[ 2909.176514][T26819]  <TASK>
[ 2909.179472][T26819]  dump_stack_lvl+0x125/0x1b0
[ 2909.184199][T26819]  should_fail_ex+0x496/0x5b0
[ 2909.188925][T26819]  _copy_from_user+0x30/0xf0
[ 2909.193569][T26819]  raw_ioctl+0x1102/0x2b80
[ 2909.198045][T26819]  ? raw_open+0x510/0x510
[ 2909.202417][T26819]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2909.207396][T26819]  ? raw_open+0x510/0x510
[ 2909.211759][T26819]  __x64_sys_ioctl+0x18f/0x210
[ 2909.216566][T26819]  do_syscall_64+0x38/0xb0
[ 2909.221028][T26819]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2909.226965][T26819] RIP: 0033:0x7f410aa7c84b
[ 2909.231413][T26819] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2909.251055][T26819] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2909.259518][T26819] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2909.267515][T26819] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2909.275499][T26819] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2909.283480][T26819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2909.291462][T26819] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2909.299463][T26819]  </TASK>
[ 2909.460876][T28690] usb 1-1: unable to read config index 0 descriptor/all
[ 2909.468038][T28690] usb 1-1: can't read configurations, error -71
04:49:25 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 85)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:25 executing program 1:
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, 0x0)

04:49:25 executing program 4:
r0 = syz_open_dev$loop(&(0x7f00000003c0), 0x0, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000))

04:49:25 executing program 5:
add_key(&(0x7f0000000000)='.dead\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)

04:49:25 executing program 2:
r0 = syz_open_dev$vcsu(&(0x7f0000000440), 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, 0x0, 0x0)

04:49:25 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:25 executing program 4:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000300))

04:49:25 executing program 5:
request_key(&(0x7f0000000080)='.request_key_auth\x00', 0x0, 0x0, 0xfffffffffffffffa)

04:49:25 executing program 2:
r0 = syz_open_dev$loop(&(0x7f00000003c0), 0x0, 0x0)
fsync(r0)

04:49:25 executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0)

[ 2910.152115][   T28] audit: type=1326 audit(1697604565.920:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26870 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6961e7cae9 code=0x0
04:49:26 executing program 2:
pselect6(0x40, &(0x7f0000000000)={0x7}, 0x0, 0x0, &(0x7f0000000140), 0x0)

04:49:26 executing program 1:
keyctl$search(0xa, 0x0, &(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0)

[ 2910.380795][T28690] usb 1-1: new high-speed USB device number 117 using dummy_hcd
[ 2910.720838][T26864] FAULT_INJECTION: forcing a failure.
[ 2910.720838][T26864] name failslab, interval 1, probability 0, space 0, times 0
[ 2910.740880][T26864] CPU: 1 PID: 26864 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2910.751354][T26864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2910.761612][T26864] Call Trace:
[ 2910.764919][T26864]  <TASK>
[ 2910.767876][T26864]  dump_stack_lvl+0x125/0x1b0
[ 2910.772602][T26864]  should_fail_ex+0x496/0x5b0
[ 2910.777326][T26864]  should_failslab+0x9/0x20
[ 2910.781873][T26864]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2910.787387][T26864]  ? tomoyo_encode2+0x100/0x3d0
[ 2910.792298][T26864]  ? tomoyo_encode2+0x100/0x3d0
[ 2910.797206][T26864]  __kmalloc+0x4f/0x100
[ 2910.801403][T26864]  tomoyo_encode2+0x100/0x3d0
[ 2910.806119][T26864]  ? rcu_is_watching+0x12/0xb0
[ 2910.810905][T26864]  tomoyo_encode+0x29/0x50
[ 2910.815352][T26864]  tomoyo_realpath_from_path+0x196/0x710
[ 2910.821024][T26864]  tomoyo_path_number_perm+0x241/0x580
[ 2910.826509][T26864]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2910.832169][T26864]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2910.838016][T26864]  ? __might_fault+0x13f/0x1a0
[ 2910.842810][T26864]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2910.848206][T26864]  ? rcu_is_watching+0x12/0xb0
[ 2910.852995][T26864]  ? xfd_validate_state+0x5d/0x180
[ 2910.858143][T26864]  ? __fget_files+0x272/0x410
[ 2910.862845][T26864]  security_file_ioctl+0x72/0xb0
[ 2910.867805][T26864]  __x64_sys_ioctl+0xbb/0x210
[ 2910.872501][T26864]  do_syscall_64+0x38/0xb0
[ 2910.876937][T26864]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2910.882852][T26864] RIP: 0033:0x7f410aa7c84b
[ 2910.887280][T26864] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2910.906907][T26864] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2910.915339][T26864] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2910.923324][T26864] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2910.931305][T26864] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2910.939286][T26864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2910.947267][T26864] R13: 0000000800000000 R14: 000000000000005c R15: 00007f410aad07e0
[ 2910.955272][T26864]  </TASK>
[ 2910.985858][T26864] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2911.011083][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2911.222521][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2911.241386][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2911.249439][T28690] usb 1-1: Product: syz
[ 2911.260840][T28690] usb 1-1: Manufacturer: syz
[ 2911.265498][T28690] usb 1-1: SerialNumber: syz
[ 2912.441317][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2912.447905][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2912.471137][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2912.851385][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2912.891453][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2912.934923][T28690] usb 1-1: USB disconnect, device number 117
[ 2912.953986][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:29 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 86)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:29 executing program 5:
socket(0x35, 0x0, 0x0)

04:49:29 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x16, 0x0, 0x6, 0xa647}, 0x48)

04:49:29 executing program 1:
syz_clone(0xc2002080, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

04:49:29 executing program 4:
pselect6(0x40, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000280), &(0x7f0000000300)={&(0x7f00000002c0)={[0xf]}, 0x8})

04:49:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:29 executing program 4:
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000580)='ns/time\x00')

04:49:29 executing program 5:
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000400)={'team0\x00', <r2=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x64, &(0x7f0000000200)={0x11, 0x3, r2, 0x1, 0x0, 0x6, @remote}, 0x14)

04:49:29 executing program 2:
r0 = getpgrp(0xffffffffffffffff)
rt_sigqueueinfo(r0, 0x0, &(0x7f0000000280))

04:49:29 executing program 5:
socketpair(0x1, 0x0, 0x4, 0x0)

04:49:29 executing program 4:
r0 = shmget(0x1, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)
shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000040)=""/194)
shmctl$SHM_LOCK(r0, 0xb)
r1 = shmget(0x1, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)
r2 = shmget(0x1, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)
shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000040)=""/194)
shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000140)=""/209)
shmctl$IPC_RMID(r1, 0x0)
getitimer(0x2, 0x0)

04:49:29 executing program 2:
pselect6(0x40, &(0x7f0000000200), 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000340)={0x0})

[ 2913.871054][T17130] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[ 2914.253488][T26922] FAULT_INJECTION: forcing a failure.
[ 2914.253488][T26922] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2914.300916][T26922] CPU: 0 PID: 26922 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2914.311403][T26922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2914.321488][T26922] Call Trace:
[ 2914.324786][T26922]  <TASK>
[ 2914.327738][T26922]  dump_stack_lvl+0x125/0x1b0
[ 2914.332466][T26922]  should_fail_ex+0x496/0x5b0
[ 2914.337185][T26922]  _copy_from_user+0x30/0xf0
[ 2914.341818][T26922]  raw_ioctl+0x1102/0x2b80
[ 2914.346280][T26922]  ? raw_open+0x510/0x510
[ 2914.350642][T26922]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2914.355618][T26922]  ? raw_open+0x510/0x510
[ 2914.359986][T26922]  __x64_sys_ioctl+0x18f/0x210
[ 2914.364787][T26922]  do_syscall_64+0x38/0xb0
[ 2914.369250][T26922]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2914.375183][T26922] RIP: 0033:0x7f410aa7c84b
[ 2914.379637][T26922] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2914.399285][T26922] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2914.407735][T26922] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2914.415826][T26922] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2914.423827][T26922] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2914.431831][T26922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2914.439828][T26922] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2914.447845][T26922]  </TASK>
[ 2914.450901][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2914.685445][T17130] usb 1-1: unable to read config index 0 descriptor/all
[ 2914.692734][T17130] usb 1-1: can't read configurations, error -71
04:49:30 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 87)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:30 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x1a, &(0x7f0000000000)={@loopback}, &(0x7f0000000040)=0x14)

04:49:30 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:30 executing program 5:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0)

04:49:30 executing program 2:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
connect$netlink(r0, 0x0, 0x0)

04:49:30 executing program 1:
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x22)

04:49:31 executing program 1:
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, 0x0, 0x0)

04:49:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, &(0x7f00000001c0))

04:49:31 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x0, 0x0, 0x0)

04:49:31 executing program 2:
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0)

04:49:31 executing program 1:
pipe(&(0x7f0000000700)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$FUSE_WRITE(r0, 0x0, 0x0)

04:49:31 executing program 5:
semget(0x3, 0x3, 0x4f2)

[ 2915.601061][T17130] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[ 2915.972387][T26984] FAULT_INJECTION: forcing a failure.
[ 2915.972387][T26984] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2916.000807][T26984] CPU: 0 PID: 26984 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2916.011288][T26984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2916.021377][T26984] Call Trace:
[ 2916.024677][T26984]  <TASK>
[ 2916.027638][T26984]  dump_stack_lvl+0x125/0x1b0
[ 2916.032361][T26984]  should_fail_ex+0x496/0x5b0
[ 2916.037121][T26984]  _copy_to_user+0x30/0xb0
[ 2916.041580][T26984]  raw_ioctl+0x12ac/0x2b80
[ 2916.046053][T26984]  ? raw_open+0x510/0x510
[ 2916.050414][T26984]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2916.055398][T26984]  ? raw_open+0x510/0x510
[ 2916.059745][T26984]  __x64_sys_ioctl+0x18f/0x210
[ 2916.064529][T26984]  do_syscall_64+0x38/0xb0
[ 2916.068968][T26984]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2916.074885][T26984] RIP: 0033:0x7f410aa7c84b
[ 2916.079313][T26984] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2916.099024][T26984] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2916.107453][T26984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2916.115461][T26984] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2916.123443][T26984] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2916.131426][T26984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2916.139412][T26984] R13: 0000000800000000 R14: 0000000000000009 R15: 00007f410aad07e0
[ 2916.147410][T26984]  </TASK>
[ 2916.150482][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2916.382207][T17130] usb 1-1: unable to read config index 0 descriptor/all
[ 2916.389288][T17130] usb 1-1: can't read configurations, error -71
[ 2916.412074][T17130] usb usb1-port1: attempt power cycle
04:49:32 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 88)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:32 executing program 4:
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x0, 0x0, 0x0)

04:49:32 executing program 1:
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)

04:49:32 executing program 2:
setitimer(0x0, &(0x7f0000000040)={{}, {0x0, 0x2710}}, 0x0)

04:49:32 executing program 5:
getgroups(0x1, &(0x7f00000000c0)=[<r0=>0x0])
setgid(r0)

04:49:32 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:32 executing program 4:
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x80440, 0x0)

04:49:32 executing program 2:
semget(0x3, 0x1, 0x420)

04:49:32 executing program 5:
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)
utimensat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x100)

04:49:32 executing program 1:
pipe(&(0x7f0000000700)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, 0x0, 0x0)

04:49:32 executing program 2:
r0 = socket$unix(0x1, 0x2, 0x0)
sendto$unix(r0, 0x0, 0x0, 0x8840, 0x0, 0x3c)

04:49:33 executing program 5:
msgget(0x0, 0x100)

[ 2917.380878][T17130] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[ 2917.662848][T17130] usb 1-1: unable to read config index 0 descriptor/all
[ 2917.670186][T17130] usb 1-1: can't read configurations, error -71
04:49:33 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 89)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:33 executing program 4:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0)

04:49:33 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/cgroup', 0x0, 0x0)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, 0x0)

04:49:33 executing program 2:
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x440, 0x0)
statx(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000140))

04:49:33 executing program 5:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual', 0x0, 0x0)
ioctl$RNDCLEARPOOL(r0, 0x5206, 0x0)

04:49:33 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:34 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/net', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, 0x0)

04:49:34 executing program 4:
r0 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, 0x0)

04:49:34 executing program 1:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_void(r0, 0x1, 0x24, 0x0, 0x0)

04:49:34 executing program 5:
r0 = socket$inet(0x2, 0x2, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000001, &(0x7f0000000740)={0x0, 0x3938700})

04:49:34 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual', 0x0, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x0)

04:49:34 executing program 4:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual', 0x0, 0x0)
setsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0)

[ 2918.593253][T17130] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[ 2918.815115][T27061] FAULT_INJECTION: forcing a failure.
[ 2918.815115][T27061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2918.830784][T27061] CPU: 1 PID: 27061 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2918.841265][T27061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2918.851336][T27061] Call Trace:
[ 2918.854635][T27061]  <TASK>
[ 2918.857584][T27061]  dump_stack_lvl+0x125/0x1b0
[ 2918.862290][T27061]  should_fail_ex+0x496/0x5b0
[ 2918.867004][T27061]  _copy_from_user+0x30/0xf0
[ 2918.871638][T27061]  memdup_user+0x71/0xd0
[ 2918.875924][T27061]  raw_alloc_io_data+0x182/0x1c0
[ 2918.880888][T27061]  raw_ioctl+0xa81/0x2b80
[ 2918.885278][T27061]  ? raw_open+0x510/0x510
[ 2918.889626][T27061]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2918.894589][T27061]  ? raw_open+0x510/0x510
[ 2918.898944][T27061]  __x64_sys_ioctl+0x18f/0x210
[ 2918.903730][T27061]  do_syscall_64+0x38/0xb0
[ 2918.908180][T27061]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2918.914098][T27061] RIP: 0033:0x7f410aa7c84b
[ 2918.918524][T27061] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2918.938150][T27061] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2918.946584][T27061] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2918.954565][T27061] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2918.962544][T27061] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2918.970959][T27061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2918.978962][T27061] R13: 0000000800000000 R14: 000000000000005c R15: 00007f410aad07e0
[ 2918.986991][T27061]  </TASK>
[ 2919.251045][T17130] usb 1-1: unable to read config index 0 descriptor/all
[ 2919.258211][T17130] usb 1-1: can't read configurations, error -71
[ 2919.267265][T17130] usb usb1-port1: unable to enumerate USB device
04:49:35 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 90)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:35 executing program 5:
syz_clone(0x0, &(0x7f0000000240), 0x0, &(0x7f0000000140), 0x0, 0x0)

04:49:35 executing program 2:
openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x1a00, 0x0)

04:49:35 executing program 1:
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/cgroup', 0x101800, 0x44)

04:49:35 executing program 4:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual', 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0)

04:49:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:35 executing program 2:
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual', 0x80000, 0x100)

04:49:35 executing program 1:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_mtu(r0, 0x29, 0x17, 0x0, &(0x7f0000000840))

04:49:35 executing program 4:
syz_clone(0x0, &(0x7f0000000240)="ee", 0x1, 0x0, &(0x7f0000000180), 0x0)

04:49:35 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual', 0x0, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x0, 0x0, 0x0)

04:49:35 executing program 1:
msgget(0x3, 0x4b)

04:49:35 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
accept(r0, 0x0, 0x0)

[ 2920.071246][T17130] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[ 2920.451328][T27094] FAULT_INJECTION: forcing a failure.
[ 2920.451328][T27094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2920.490694][T27094] CPU: 0 PID: 27094 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2920.501194][T27094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2920.511285][T27094] Call Trace:
[ 2920.514588][T27094]  <TASK>
[ 2920.517540][T27094]  dump_stack_lvl+0x125/0x1b0
[ 2920.522267][T27094]  should_fail_ex+0x496/0x5b0
[ 2920.526984][T27094]  _copy_from_user+0x30/0xf0
[ 2920.531623][T27094]  raw_alloc_io_data+0x32/0x1c0
[ 2920.536512][T27094]  raw_ioctl+0xa81/0x2b80
[ 2920.540881][T27094]  ? raw_open+0x510/0x510
[ 2920.545249][T27094]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2920.550233][T27094]  ? raw_open+0x510/0x510
[ 2920.554605][T27094]  __x64_sys_ioctl+0x18f/0x210
[ 2920.559417][T27094]  do_syscall_64+0x38/0xb0
[ 2920.563883][T27094]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2920.569827][T27094] RIP: 0033:0x7f410aa7c84b
[ 2920.574273][T27094] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2920.593913][T27094] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2920.602347][T27094] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2920.610335][T27094] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2920.618319][T27094] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2920.626305][T27094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2920.634287][T27094] R13: 0000000800000000 R14: 000000000000005c R15: 00007f410aad07e0
[ 2920.642285][T27094]  </TASK>
[ 2920.645395][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2920.831195][T17130] usb 1-1: unable to read config index 0 descriptor/all
[ 2920.840471][T17130] usb 1-1: can't read configurations, error -71
04:49:37 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 91)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:37 executing program 4:
openat$full(0xffffffffffffff9c, &(0x7f0000006100), 0xe000, 0x0)

04:49:37 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)

04:49:37 executing program 1:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$sock_TIOCOUTQ(r0, 0x5411, 0x0)

04:49:37 executing program 5:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_pressure(r0, 0x0, 0xfffffffffffffe96)

04:49:37 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:37 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, 0x0)

04:49:37 executing program 1:
r0 = socket$inet(0x2, 0x3, 0x6)
setsockopt$inet_int(r0, 0x0, 0x31, &(0x7f0000000040), 0x4)

04:49:37 executing program 5:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000005580)={<r0=>0x0}, &(0x7f00000055c0)=0xc)
sched_setscheduler(r0, 0x0, &(0x7f0000005600))
wait4(0x0, &(0x7f0000000000), 0x40000000, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r1, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x1490c1, 0x80)

04:49:37 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x582ca2e05ef4b183, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)

04:49:37 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x274c80, 0x80)
rt_sigreturn()

04:49:37 executing program 2:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x582ca2e05ea6a503, 0x4)
rt_sigreturn()

[ 2921.820918][T17130] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 2922.230701][T27131] FAULT_INJECTION: forcing a failure.
[ 2922.230701][T27131] name failslab, interval 1, probability 0, space 0, times 0
[ 2922.231035][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2922.246075][T27131] CPU: 1 PID: 27131 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2922.264671][T27131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2922.274755][T27131] Call Trace:
[ 2922.278056][T27131]  <TASK>
[ 2922.281018][T27131]  dump_stack_lvl+0x125/0x1b0
[ 2922.285737][T27131]  should_fail_ex+0x496/0x5b0
[ 2922.290452][T27131]  should_failslab+0x9/0x20
[ 2922.294988][T27131]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2922.300489][T27131]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2922.306271][T27131]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2922.312048][T27131]  __kmalloc+0x4f/0x100
[ 2922.316235][T27131]  tomoyo_realpath_from_path+0xb9/0x710
[ 2922.321832][T27131]  ? tomoyo_profile+0x47/0x60
[ 2922.326561][T27131]  tomoyo_path_number_perm+0x241/0x580
[ 2922.332075][T27131]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2922.337755][T27131]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2922.343631][T27131]  ? __might_fault+0x13f/0x1a0
[ 2922.348444][T27131]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2922.353864][T27131]  ? rcu_is_watching+0x12/0xb0
[ 2922.358663][T27131]  ? xfd_validate_state+0x5d/0x180
[ 2922.363810][T27131]  ? __fget_files+0x272/0x410
[ 2922.368519][T27131]  security_file_ioctl+0x72/0xb0
[ 2922.373491][T27131]  __x64_sys_ioctl+0xbb/0x210
[ 2922.378185][T27131]  do_syscall_64+0x38/0xb0
[ 2922.382620][T27131]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2922.388533][T27131] RIP: 0033:0x7f410aa7c84b
[ 2922.392961][T27131] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2922.412601][T27131] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2922.421029][T27131] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2922.429010][T27131] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2922.436992][T27131] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2922.444971][T27131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2922.452950][T27131] R13: 0000000800000000 R14: 000000000000005c R15: 00007f410aad07e0
[ 2922.460948][T27131]  </TASK>
[ 2922.560682][T27131] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2922.692519][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2922.704086][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2922.718957][T17130] usb 1-1: Product: syz
[ 2922.730283][T17130] usb 1-1: Manufacturer: syz
[ 2922.739679][T17130] usb 1-1: SerialNumber: syz
[ 2923.891829][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2923.903004][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2923.920672][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2924.311256][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2924.348163][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2924.393578][T17130] usb 1-1: USB disconnect, device number 123
[ 2924.412588][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:40 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 92)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:40 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000040)={0x0, {{0xa, 0x0, 0x0, @remote}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)

04:49:40 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:40 executing program 4:
openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.pending_reads\x00', 0xc0c0, 0x88)

04:49:40 executing program 1:
semget$private(0x0, 0x3, 0x421)

04:49:40 executing program 5:
semget$private(0x0, 0x1, 0x11d)

04:49:40 executing program 1:
r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
read$char_usb(r0, &(0x7f0000000100), 0x0)

04:49:40 executing program 5:
semget(0x0, 0x3, 0x1)

04:49:40 executing program 2:
r0 = socket(0x2c, 0x3, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0)

04:49:40 executing program 4:
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = open(&(0x7f0000002000)='./bus\x00', 0x14f942, 0x0)
r2 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={<r3=>r1, 0x1, 0x8, 0x8645})
sendmsg$nl_route(r3, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@bridge_getneigh={0x30, 0x1e, 0x200, 0x70bd25, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x1114, 0x820}, [@IFLA_PROTO_DOWN={0x5, 0x27, 0x4}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x44801}, 0x4044)
sendfile(r1, r2, 0x0, 0x1000000201004)

04:49:40 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000001640)={'syztnl0\x00', &(0x7f00000015c0)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private1, @empty}})

04:49:40 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@filter={'filter\x00', 0xe, 0x4, 0x20000bf0, 0xffffffff, 0xf8, 0xf8, 0xa80, 0xffffffff, 0xffffffff, 0xa80, 0xa80, 0xa80, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@icmp6={{0x28}, {0x0, "501f"}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x888, 0x8b8, 0x0, {}, [@common=@unspec=@u32={{0x7e0}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [], 'veth1\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xbb0)

[ 2925.252998][ T3993] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 2925.681421][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2925.692723][T27204] FAULT_INJECTION: forcing a failure.
[ 2925.692723][T27204] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2925.721855][T27204] CPU: 0 PID: 27204 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2925.732326][T27204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2925.742413][T27204] Call Trace:
[ 2925.745715][T27204]  <TASK>
[ 2925.748670][T27204]  dump_stack_lvl+0x125/0x1b0
[ 2925.753388][T27204]  should_fail_ex+0x496/0x5b0
[ 2925.758092][T27204]  _copy_from_user+0x30/0xf0
[ 2925.762707][T27204]  raw_ioctl+0x1102/0x2b80
[ 2925.767155][T27204]  ? raw_open+0x510/0x510
[ 2925.771517][T27204]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2925.776477][T27204]  ? raw_open+0x510/0x510
[ 2925.780891][T27204]  __x64_sys_ioctl+0x18f/0x210
[ 2925.785695][T27204]  do_syscall_64+0x38/0xb0
[ 2925.790144][T27204]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2925.796080][T27204] RIP: 0033:0x7f410aa7c84b
[ 2925.800598][T27204] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2925.820231][T27204] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2925.828757][T27204] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2925.836744][T27204] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2925.844729][T27204] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2925.852712][T27204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2925.860697][T27204] R13: 0000000800000000 R14: 000000000000005c R15: 00007f410aad07e0
[ 2925.868696][T27204]  </TASK>
[ 2925.871820][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2926.021489][ T3993] usb 1-1: string descriptor 0 read error: -71
[ 2926.027922][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2926.037655][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2926.081509][ T3993] usb 1-1: can't set config #1, error -71
[ 2926.104651][ T3993] usb 1-1: USB disconnect, device number 124
04:49:42 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 93)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:42 executing program 2:
socket(0x1, 0x4, 0x0)

04:49:42 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x4a, &(0x7f0000000040)=@filter={'filter\x00', 0xe, 0x4, 0x348, 0xffffffff, 0xf8, 0xf8, 0xa80, 0xffffffff, 0xffffffff, 0xa80, 0xa80, 0xa80, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [], 'veth1\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a8)

04:49:42 executing program 4:
r0 = socket(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:42 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x4, 0x0, 0x0)

04:49:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:42 executing program 5:
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000f40)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)

04:49:42 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x41, &(0x7f0000000040)=@filter={'filter\x00', 0xe, 0x4, 0x348, 0xffffffff, 0xf8, 0xf8, 0xa80, 0xffffffff, 0xffffffff, 0xa80, 0xa80, 0xa80, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [], 'veth1\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a8)

04:49:42 executing program 4:
r0 = socket(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:42 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8922, &(0x7f0000001640)={'syztnl0\x00', &(0x7f00000015c0)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private1, @empty}})

04:49:42 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000000c0)=@security={'security\x00', 0xe, 0x4, 0x440, 0xffffffff, 0x318, 0x0, 0x1f8, 0xffffffff, 0xffffffff, 0x458, 0x458, 0x458, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, [], [], 'hsr0\x00', 'veth1_to_team\x00'}, 0x0, 0xa8, 0x1d0}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:dbusd_exec_t:s0\x00'}}}, {{@ipv6={@local, @loopback, [], [], 'bridge0\x00', 'veth0_to_team\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}, {{@ipv6={@private2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_1\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a0)

04:49:42 executing program 4:
r0 = socket(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

[ 2926.876286][T27265] syztnl0: mtu greater than device maximum
[ 2926.961112][ T3993] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 2927.385374][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2927.430754][T27247] FAULT_INJECTION: forcing a failure.
[ 2927.430754][T27247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2927.460715][T27247] CPU: 0 PID: 27247 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2927.471183][T27247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2927.481265][T27247] Call Trace:
[ 2927.484565][T27247]  <TASK>
[ 2927.487519][T27247]  dump_stack_lvl+0x125/0x1b0
[ 2927.492243][T27247]  should_fail_ex+0x496/0x5b0
[ 2927.496970][T27247]  _copy_to_user+0x30/0xb0
[ 2927.501440][T27247]  raw_ioctl+0x12ac/0x2b80
[ 2927.505907][T27247]  ? raw_open+0x510/0x510
[ 2927.510278][T27247]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2927.515259][T27247]  ? raw_open+0x510/0x510
[ 2927.519628][T27247]  __x64_sys_ioctl+0x18f/0x210
[ 2927.524436][T27247]  do_syscall_64+0x38/0xb0
[ 2927.528900][T27247]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2927.534840][T27247] RIP: 0033:0x7f410aa7c84b
[ 2927.539287][T27247] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2927.558928][T27247] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2927.567361][T27247] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2927.575346][T27247] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2927.583333][T27247] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2927.591314][T27247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2927.599296][T27247] R13: 0000000800000000 R14: 000000000000005c R15: 00007f410aad07e0
[ 2927.607381][T27247]  </TASK>
[ 2927.610419][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2927.738332][ T3993] usb 1-1: string descriptor 0 read error: -71
[ 2927.750797][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2927.759950][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2927.811205][ T3993] usb 1-1: can't set config #1, error -71
[ 2927.821308][ T3993] usb 1-1: USB disconnect, device number 125
04:49:43 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 94)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:43 executing program 1:
syz_clone(0x20028000, 0x0, 0x0, 0x0, 0x0, 0x0)

04:49:43 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000140)={&(0x7f0000000640)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0xfffffffffffffda9, &(0x7f0000000180)=[{&(0x7f00000001c0)="d467fa594ef6d4734a5a4bf2cf8d169b0a795c7fa907e458c73796171bdd18b6edfa7da27c9d75026988a21bdc45ac5aeccbfdd920d5679d60c73c819d87adce7d678f22db9662bc885850f782d8143c758f3ee5faabec807451dd1cf67f50c855502a02d6be9b032a139f4f29bc76315d409c0a2e8b1ecc226c8deee0afe66032347cb614c9243c74998a811fabe60b613aeb111fb1eedbdb43", 0x9a}, {&(0x7f0000000280)="95bcbc0f03490e9b32cea207051ef4a3671c27499286eef3ab93061497f78854f66e8a68cb58321bbb65b2800aae084a438d3fa06b1dcf495a877ae882ca100de50b579114133fb2455d8115130d0ef7fe3662c3ef118cf9a7afebbc4ac763364c7882e4f2fb82731437da5e53e7833d2d202eabc7851203f38b48d1492ca495e3091753614bb2bf656ef6808dd4c0d5e2e37ebe7bcadfb8ccc84c70d5e486b75294d3fcc7ef2dd257870d88acb85e2749736374af2c27f4da3848a65836b2e0dc13716b990093e485759c0991f4260c71dbafdef962e100"/232, 0xe8}], 0x2}, 0x10)

04:49:43 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

04:49:43 executing program 4:
r0 = socket(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:43 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:44 executing program 4:
getsockopt$inet6_mreq(0xffffffffffffffff, 0x11b, 0x0, 0x0, 0x0)

04:49:44 executing program 2:
r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
write$FUSE_OPEN(r0, &(0x7f0000007340)={0x20}, 0x20)
creat(&(0x7f0000000180)='./file0\x00', 0x0)

04:49:44 executing program 5:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x4)

04:49:44 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x582ca2e05ef4b183, 0x4)
socket$inet_tcp(0x2, 0x1, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

04:49:44 executing program 4:
getsockopt$inet6_mreq(0xffffffffffffffff, 0x11b, 0x0, 0x0, 0x0)

04:49:44 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)

[ 2928.590789][ T3993] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 2928.991160][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2929.040975][T27290] FAULT_INJECTION: forcing a failure.
[ 2929.040975][T27290] name failslab, interval 1, probability 0, space 0, times 0
[ 2929.061054][T27290] CPU: 1 PID: 27290 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2929.071523][T27290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2929.081614][T27290] Call Trace:
[ 2929.084917][T27290]  <TASK>
[ 2929.087869][T27290]  dump_stack_lvl+0x125/0x1b0
[ 2929.093411][T27290]  should_fail_ex+0x496/0x5b0
[ 2929.098132][T27290]  should_failslab+0x9/0x20
[ 2929.102666][T27290]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2929.108175][T27290]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2929.113954][T27290]  ? tomoyo_realpath_from_path+0xb9/0x710
[ 2929.119725][T27290]  __kmalloc+0x4f/0x100
[ 2929.123923][T27290]  tomoyo_realpath_from_path+0xb9/0x710
[ 2929.129532][T27290]  ? tomoyo_profile+0x47/0x60
[ 2929.134261][T27290]  tomoyo_path_number_perm+0x241/0x580
[ 2929.139769][T27290]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2929.145456][T27290]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2929.151327][T27290]  ? __might_fault+0x13f/0x1a0
[ 2929.156147][T27290]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2929.161560][T27290]  ? rcu_is_watching+0x12/0xb0
[ 2929.166360][T27290]  ? xfd_validate_state+0x5d/0x180
[ 2929.171531][T27290]  ? __fget_files+0x272/0x410
[ 2929.176268][T27290]  security_file_ioctl+0x72/0xb0
[ 2929.181254][T27290]  __x64_sys_ioctl+0xbb/0x210
[ 2929.185969][T27290]  do_syscall_64+0x38/0xb0
[ 2929.190422][T27290]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2929.196361][T27290] RIP: 0033:0x7f410aa7c84b
[ 2929.200807][T27290] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2929.220454][T27290] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2929.228903][T27290] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2929.236897][T27290] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2929.244902][T27290] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2929.252904][T27290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2929.260898][T27290] R13: 0000000800000000 R14: 0000000000000004 R15: 00007f410aad07e0
[ 2929.268921][T27290]  </TASK>
[ 2929.282641][T27290] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2929.431107][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2929.440244][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2929.460791][ T3993] usb 1-1: Product: syz
[ 2929.465004][ T3993] usb 1-1: Manufacturer: syz
[ 2929.469659][ T3993] usb 1-1: SerialNumber: syz
[ 2930.621432][ T3993] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2930.627941][ T3993] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2930.646154][ T3993] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2931.053066][ T3993] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2931.085035][ T3993] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2931.144479][ T3993] usb 1-1: USB disconnect, device number 126
[ 2931.160185][ T3993] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:47 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 95)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:47 executing program 4:
getsockopt$inet6_mreq(0xffffffffffffffff, 0x11b, 0x0, 0x0, 0x0)

04:49:47 executing program 5:
r0 = msgget$private(0x0, 0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000180)={{0x0, 0xee01, 0x0, 0xffffffffffffffff, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff})

04:49:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:47 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa002, 0x103)

04:49:47 executing program 2:
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000008cc0), 0x40000, 0x0)

04:49:47 executing program 5:
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0xffffffffffffffff, 0x0)

04:49:47 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)

04:49:47 executing program 2:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_LEAVE_OCB(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x28, 0x0, 0x0, 0x0, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x5f}}}}, [""]}, 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000500)={'wlan0\x00'})
syz_io_uring_setup(0x13c2, &(0x7f0000000640)={0x0, 0x429a, 0x0, 0x1}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000780)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_WOWLAN(r1, 0x0, 0x0)
openat$damon_rm_contexts(0xffffffffffffff9c, &(0x7f0000000f80), 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000001080), 0xffffffffffffffff)

04:49:47 executing program 4:
r0 = socket(0x0, 0x3, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:47 executing program 5:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000240)='syzkaller\x00', &(0x7f00000002c0)='\x00')

04:49:47 executing program 1:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/cgroup', 0x0, 0x0)
unlinkat(r0, &(0x7f0000000000)='./file0\x00', 0x0)

[ 2931.921673][ T3993] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 2932.351352][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2932.401305][T27346] FAULT_INJECTION: forcing a failure.
[ 2932.401305][T27346] name failslab, interval 1, probability 0, space 0, times 0
[ 2932.420647][T27346] CPU: 0 PID: 27346 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2932.431111][T27346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2932.441179][T27346] Call Trace:
[ 2932.444460][T27346]  <TASK>
[ 2932.447397][T27346]  dump_stack_lvl+0x125/0x1b0
[ 2932.452109][T27346]  should_fail_ex+0x496/0x5b0
[ 2932.456809][T27346]  should_failslab+0x9/0x20
[ 2932.461326][T27346]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2932.466810][T27346]  ? tomoyo_encode2+0x100/0x3d0
[ 2932.471688][T27346]  ? tomoyo_encode2+0x100/0x3d0
[ 2932.476564][T27346]  __kmalloc+0x4f/0x100
[ 2932.480740][T27346]  tomoyo_encode2+0x100/0x3d0
[ 2932.485443][T27346]  ? rcu_is_watching+0x12/0xb0
[ 2932.490222][T27346]  tomoyo_encode+0x29/0x50
[ 2932.494669][T27346]  tomoyo_realpath_from_path+0x196/0x710
[ 2932.500342][T27346]  tomoyo_path_number_perm+0x241/0x580
[ 2932.505826][T27346]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2932.511482][T27346]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2932.517332][T27346]  ? __might_fault+0x13f/0x1a0
[ 2932.522123][T27346]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2932.527514][T27346]  ? rcu_is_watching+0x12/0xb0
[ 2932.532293][T27346]  ? xfd_validate_state+0x5d/0x180
[ 2932.537435][T27346]  ? __fget_files+0x272/0x410
[ 2932.542132][T27346]  security_file_ioctl+0x72/0xb0
[ 2932.547099][T27346]  __x64_sys_ioctl+0xbb/0x210
[ 2932.551791][T27346]  do_syscall_64+0x38/0xb0
[ 2932.556230][T27346]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2932.562143][T27346] RIP: 0033:0x7f410aa7c84b
[ 2932.566566][T27346] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2932.586187][T27346] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2932.594626][T27346] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2932.602620][T27346] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2932.610607][T27346] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2932.618601][T27346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2932.626578][T27346] R13: 0000000800000000 R14: 0000000000000004 R15: 00007f410aad07e0
[ 2932.634573][T27346]  </TASK>
[ 2932.637688][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2932.752228][T27346] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2932.921285][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2932.930394][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2932.943135][ T3993] usb 1-1: Product: syz
[ 2932.947344][ T3993] usb 1-1: Manufacturer: syz
[ 2932.970616][ T3993] usb 1-1: SerialNumber: syz
[ 2934.100950][ T3993] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2934.107475][ T3993] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2934.134150][ T3993] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2934.530901][ T3993] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2934.569276][ T3993] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2934.617241][ T3993] usb 1-1: USB disconnect, device number 127
[ 2934.632358][ T3993] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:50 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 96)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:50 executing program 2:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r1, 0x0, 0x2, 0x3f00}}, 0x20)

04:49:50 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000001c80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001800)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}], 0x2, 0x0)

04:49:50 executing program 4:
r0 = socket(0x0, 0x3, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:50 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x80000000, 0x40242)
write$evdev(r0, &(0x7f00000000c0)=[{}], 0x18)

04:49:50 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:50 executing program 2:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000000), r1, 0x0, 0x0, 0x1}}, 0x20)

04:49:51 executing program 5:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x80000000, 0x40242)
write$evdev(r0, &(0x7f00000000c0)=[{}], 0xfffffdef)

04:49:51 executing program 1:
socketpair(0x2, 0x0, 0x1ff, &(0x7f0000000000))

04:49:51 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/pstore', 0x46000, 0x0)
getdents64(r0, 0x0, 0x18)

04:49:51 executing program 4:
r0 = socket(0x0, 0x3, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:51 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = getpid()
sendmmsg$unix(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=[@cred={{0x1c, 0x1, 0x2, {r2, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x38}}], 0xfd, 0x0)

[ 2935.391959][ T5145] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 2935.760901][ T5145] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2935.823866][T27403] FAULT_INJECTION: forcing a failure.
[ 2935.823866][T27403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2935.850629][T27403] CPU: 0 PID: 27403 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2935.861100][T27403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2935.871193][T27403] Call Trace:
[ 2935.874513][T27403]  <TASK>
[ 2935.877480][T27403]  dump_stack_lvl+0x125/0x1b0
[ 2935.882213][T27403]  should_fail_ex+0x496/0x5b0
[ 2935.886932][T27403]  _copy_from_user+0x30/0xf0
[ 2935.891590][T27403]  raw_alloc_io_data+0x32/0x1c0
[ 2935.896472][T27403]  raw_ioctl+0xa81/0x2b80
[ 2935.900824][T27403]  ? raw_open+0x510/0x510
[ 2935.905171][T27403]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2935.910129][T27403]  ? raw_open+0x510/0x510
[ 2935.914479][T27403]  __x64_sys_ioctl+0x18f/0x210
[ 2935.919281][T27403]  do_syscall_64+0x38/0xb0
[ 2935.923733][T27403]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2935.929651][T27403] RIP: 0033:0x7f410aa7c84b
[ 2935.934079][T27403] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2935.953710][T27403] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2935.962144][T27403] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2935.970125][T27403] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2935.978106][T27403] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2935.986085][T27403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2935.994067][T27403] R13: 0000000800000000 R14: 0000000000000004 R15: 00007f410aad07e0
[ 2936.002063][T27403]  </TASK>
[ 2936.005164][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2936.101184][ T5145] usb 1-1: string descriptor 0 read error: -71
[ 2936.107693][ T5145] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2936.130717][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2936.172110][ T5145] usb 1-1: can't set config #1, error -71
[ 2936.195526][ T5145] usb 1-1: USB disconnect, device number 2
04:49:52 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 97)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:52 executing program 1:
r0 = socket(0x23, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x541b, &(0x7f0000000040)={'geneve0\x00', {0x2, 0x0, @broadcast}})

04:49:52 executing program 2:
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x0, 0x0)
ioctl$DRM_IOCTL_VERSION(r0, 0xc0406411, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

04:49:52 executing program 4:
r0 = socket(0x2c, 0x0, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:52 executing program 5:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, 0x0)

04:49:52 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:52 executing program 5:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)

04:49:52 executing program 1:
epoll_pwait2(0xffffffffffffffff, &(0x7f0000004cc0)=[{}], 0x1, 0x0, 0x0, 0x0)

04:49:52 executing program 2:
process_vm_readv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

04:49:52 executing program 4:
r0 = socket(0x2c, 0x0, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:52 executing program 2:
process_vm_readv(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000014c0), 0x0, 0x0)

04:49:52 executing program 1:
pipe(&(0x7f00000013c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$KDSKBSENT(r0, 0x4b49, 0x0)

[ 2937.001796][ T3993] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 2937.391279][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2937.421159][T27456] FAULT_INJECTION: forcing a failure.
[ 2937.421159][T27456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2937.440661][T27456] CPU: 0 PID: 27456 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2937.451122][T27456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2937.461192][T27456] Call Trace:
[ 2937.464475][T27456]  <TASK>
[ 2937.467409][T27456]  dump_stack_lvl+0x125/0x1b0
[ 2937.472110][T27456]  should_fail_ex+0x496/0x5b0
[ 2937.476810][T27456]  _copy_from_user+0x30/0xf0
[ 2937.481422][T27456]  raw_alloc_io_data+0x32/0x1c0
[ 2937.486291][T27456]  raw_ioctl+0xa81/0x2b80
[ 2937.490650][T27456]  ? raw_open+0x510/0x510
[ 2937.495005][T27456]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2937.499959][T27456]  ? raw_open+0x510/0x510
[ 2937.504301][T27456]  __x64_sys_ioctl+0x18f/0x210
[ 2937.509080][T27456]  do_syscall_64+0x38/0xb0
[ 2937.513515][T27456]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2937.519430][T27456] RIP: 0033:0x7f410aa7c84b
[ 2937.523857][T27456] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2937.543480][T27456] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2937.551910][T27456] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2937.559887][T27456] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2937.567868][T27456] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2937.575849][T27456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2937.583827][T27456] R13: 0000000800000000 R14: 0000000000000004 R15: 00007f410aad07e0
[ 2937.591824][T27456]  </TASK>
[ 2937.594926][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2937.721320][ T3993] usb 1-1: string descriptor 0 read error: -71
[ 2937.727747][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2937.743997][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2937.791377][ T3993] usb 1-1: can't set config #1, error -71
[ 2937.804302][ T3993] usb 1-1: USB disconnect, device number 3
04:49:53 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 98)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:53 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000000), &(0x7f0000000040)=0x4)

04:49:53 executing program 4:
r0 = socket(0x2c, 0x0, 0x0)
getsockopt$inet6_mreq(r0, 0x11b, 0x0, 0x0, 0x0)

04:49:53 executing program 2:
r0 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, 0x0)

04:49:53 executing program 1:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000012c0), 0x2, 0x0)
read$FUSE(r0, 0x0, 0x0)

04:49:53 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:54 executing program 5:
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)

04:49:54 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)

04:49:54 executing program 4:
socket(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x11b, 0x0, 0x0, 0x0)

04:49:54 executing program 2:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
getsockopt$inet6_tcp_int(r0, 0x6, 0x0, 0x0, 0x0)

04:49:54 executing program 5:
r0 = socket$unix(0x1, 0x2, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0)

04:49:54 executing program 4:
socket(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x11b, 0x0, 0x0, 0x0)

[ 2938.621776][ T3993] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 2939.031275][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2939.081085][T27500] FAULT_INJECTION: forcing a failure.
[ 2939.081085][T27500] name failslab, interval 1, probability 0, space 0, times 0
[ 2939.100713][T27500] CPU: 1 PID: 27500 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2939.111173][T27500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2939.121257][T27500] Call Trace:
[ 2939.124558][T27500]  <TASK>
[ 2939.127509][T27500]  dump_stack_lvl+0x125/0x1b0
[ 2939.132236][T27500]  should_fail_ex+0x496/0x5b0
[ 2939.136968][T27500]  should_failslab+0x9/0x20
[ 2939.141508][T27500]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2939.147016][T27500]  ? tomoyo_encode2+0x100/0x3d0
[ 2939.151918][T27500]  ? tomoyo_encode2+0x100/0x3d0
[ 2939.156821][T27500]  __kmalloc+0x4f/0x100
[ 2939.161013][T27500]  tomoyo_encode2+0x100/0x3d0
[ 2939.165740][T27500]  ? rcu_is_watching+0x12/0xb0
[ 2939.170548][T27500]  tomoyo_encode+0x29/0x50
[ 2939.175012][T27500]  tomoyo_realpath_from_path+0x196/0x710
[ 2939.180706][T27500]  tomoyo_path_number_perm+0x241/0x580
[ 2939.186208][T27500]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2939.191888][T27500]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2939.197758][T27500]  ? __might_fault+0x13f/0x1a0
[ 2939.202575][T27500]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2939.208075][T27500]  ? rcu_is_watching+0x12/0xb0
[ 2939.212883][T27500]  ? xfd_validate_state+0x5d/0x180
[ 2939.218057][T27500]  ? __fget_files+0x272/0x410
[ 2939.222772][T27500]  security_file_ioctl+0x72/0xb0
[ 2939.227754][T27500]  __x64_sys_ioctl+0xbb/0x210
[ 2939.232470][T27500]  do_syscall_64+0x38/0xb0
[ 2939.236925][T27500]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2939.242862][T27500] RIP: 0033:0x7f410aa7c84b
[ 2939.247302][T27500] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2939.266945][T27500] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2939.275389][T27500] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2939.283383][T27500] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2939.291380][T27500] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2939.299380][T27500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2939.307372][T27500] R13: 0000000800000000 R14: 0000000000000004 R15: 00007f410aad07e0
[ 2939.315390][T27500]  </TASK>
[ 2939.326925][T27500] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2939.481232][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2939.490371][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2939.510680][ T3993] usb 1-1: Product: syz
[ 2939.514895][ T3993] usb 1-1: Manufacturer: syz
[ 2939.519548][ T3993] usb 1-1: SerialNumber: syz
[ 2940.671109][ T3993] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2940.677601][ T3993] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2940.701138][ T3993] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2941.101033][ T3993] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2941.138225][ T3993] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2941.183204][ T3993] usb 1-1: USB disconnect, device number 4
[ 2941.200601][ T3993] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:49:57 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0))

04:49:57 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 99)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:57 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200), 0x4)

04:49:57 executing program 4:
socket(0x2c, 0x3, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x11b, 0x0, 0x0, 0x0)

04:49:57 executing program 5:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)

04:49:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:57 executing program 5:
timer_create(0x0, 0x0, &(0x7f0000001140))
timer_settime(0x0, 0x0, &(0x7f00000011c0), 0x0)

04:49:57 executing program 2:
r0 = timerfd_create(0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000740)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}])

04:49:57 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001400)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000007a00)={&(0x7f0000005800)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private2}}, 0x80, 0x0}, 0x0)

04:49:57 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x9}, 0x8)

04:49:57 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r1, &(0x7f0000000080)={0x10, 0x2}, 0x10)
r2 = dup2(r1, r0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000380)={0x1, [<r3=>0x0]}, &(0x7f0000001700)=0x8)
r4 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r5, &(0x7f0000000080)={0x10, 0x2}, 0x10)
r6 = dup2(r5, r4)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r6, 0x84, 0x902, &(0x7f0000000000)=r3, 0x4)

04:49:57 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x102, &(0x7f00000001c0)=ANY=[@ANYRES32], &(0x7f00000002c0)=0xc4)

04:49:57 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r0, r1)
connect$inet(r2, &(0x7f0000000000)={0x10, 0x2}, 0x10)

[ 2942.043023][ T3987] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 2942.441048][ T3987] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2942.471313][T27555] FAULT_INJECTION: forcing a failure.
[ 2942.471313][T27555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2942.490104][T27555] CPU: 1 PID: 27555 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2942.500571][T27555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2942.510653][T27555] Call Trace:
[ 2942.513953][T27555]  <TASK>
[ 2942.516904][T27555]  dump_stack_lvl+0x125/0x1b0
[ 2942.521624][T27555]  should_fail_ex+0x496/0x5b0
[ 2942.526347][T27555]  _copy_from_user+0x30/0xf0
[ 2942.530989][T27555]  memdup_user+0x71/0xd0
[ 2942.535279][T27555]  raw_alloc_io_data+0x182/0x1c0
[ 2942.540257][T27555]  raw_ioctl+0xa81/0x2b80
[ 2942.544630][T27555]  ? raw_open+0x510/0x510
[ 2942.548992][T27555]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 2942.553972][T27555]  ? raw_open+0x510/0x510
[ 2942.558334][T27555]  __x64_sys_ioctl+0x18f/0x210
[ 2942.563129][T27555]  do_syscall_64+0x38/0xb0
[ 2942.567586][T27555]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2942.573521][T27555] RIP: 0033:0x7f410aa7c84b
[ 2942.577962][T27555] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2942.597607][T27555] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2942.606052][T27555] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2942.614036][T27555] RDX: 00007f410b7f1060 RSI: 0000000040085503 RDI: 0000000000000004
[ 2942.622015][T27555] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2942.629993][T27555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2942.637969][T27555] R13: 0000000800000000 R14: 0000000000000004 R15: 00007f410aad07e0
[ 2942.645968][T27555]  </TASK>
[ 2942.720994][ T3987] usb 1-1: string descriptor 0 read error: -71
[ 2942.727670][ T3987] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2942.743141][ T3987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2942.802055][ T3987] usb 1-1: can't set config #1, error -71
[ 2942.817102][ T3987] usb 1-1: USB disconnect, device number 5
04:49:59 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) (fail_nth: 100)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:49:59 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:49:59 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000040)={0x0, 0x0, 0xfc}, 0xb)
getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000), &(0x7f00000000c0)=0xb)

04:49:59 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000001080), 0x8)

04:49:59 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x3}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup(r0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x15, &(0x7f0000000000), 0x8)

04:49:59 executing program 1:
socketpair(0x1c, 0x5, 0x57, 0x0)

04:49:59 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r1 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000080), &(0x7f0000000000)=0x4)

04:49:59 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = dup2(r0, r1)
connect$inet6(r2, &(0x7f0000000180)={0x1c, 0x1c}, 0x1c)
connect$inet(r1, &(0x7f0000000080)={0x10, 0x2}, 0x10)

04:49:59 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x13, &(0x7f00000002c0)=@nat={'nat\x00', 0x1b, 0x5, 0x338, 0x180, 0x228, 0xffffffff, 0xa8, 0x180, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'wg1\x00', 'veth0_vlan\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @multicast2}}}}, {{@ip={@dev, @loopback, 0x0, 0x0, 'veth0_virt_wifi\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @rand_addr, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @loopback, @local}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398)

04:49:59 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0)
ioctl$BLKROSET(r0, 0x125d, 0x0)

04:49:59 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x20, r1, 0x1, 0x0, 0x0, {0x3}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x2}]}]}, 0x20}}, 0x0)

[ 2943.580854][ T3987] usb 1-1: new high-speed USB device number 6 using dummy_hcd
04:49:59 executing program 1:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@nat={'nat\x00', 0x1b, 0x5, 0x528, 0x170, 0x2b0, 0xffffffff, 0x170, 0x2b0, 0x4d0, 0x4d0, 0xffffffff, 0x4d0, 0x4d0, 0x5, 0x0, {[{{@uncond, 0x0, 0x128, 0x170, 0x0, {}, [@common=@unspec=@quota={{0x38}}, @common=@unspec=@helper={{0x48}, {0x0, 'Q.931\x00'}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@private0, @port, @gre_key}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@loopback, @ipv4=@broadcast, @icmp_id}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, [], [], 'ipvlan0\x00', 'veth0_to_hsr\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@private, @ipv4=@broadcast, @gre_key, @icmp_id}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x588)

[ 2943.951077][ T3987] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2944.000908][T27607] FAULT_INJECTION: forcing a failure.
[ 2944.000908][T27607] name failslab, interval 1, probability 0, space 0, times 0
[ 2944.020788][T27607] CPU: 1 PID: 27607 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 2944.031256][T27607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 2944.041338][T27607] Call Trace:
[ 2944.044638][T27607]  <TASK>
[ 2944.047592][T27607]  dump_stack_lvl+0x125/0x1b0
[ 2944.052315][T27607]  should_fail_ex+0x496/0x5b0
[ 2944.057035][T27607]  should_failslab+0x9/0x20
[ 2944.061579][T27607]  __kmem_cache_alloc_node+0x2f7/0x340
[ 2944.067086][T27607]  ? tomoyo_encode2+0x100/0x3d0
[ 2944.071985][T27607]  ? tomoyo_encode2+0x100/0x3d0
[ 2944.076892][T27607]  __kmalloc+0x4f/0x100
[ 2944.081088][T27607]  tomoyo_encode2+0x100/0x3d0
[ 2944.085815][T27607]  ? rcu_is_watching+0x12/0xb0
[ 2944.090618][T27607]  tomoyo_encode+0x29/0x50
[ 2944.095077][T27607]  tomoyo_realpath_from_path+0x196/0x710
[ 2944.100773][T27607]  tomoyo_path_number_perm+0x241/0x580
[ 2944.106289][T27607]  ? tomoyo_path_number_perm+0x22e/0x580
[ 2944.111976][T27607]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 2944.117855][T27607]  ? __might_fault+0x13f/0x1a0
[ 2944.122758][T27607]  ? reacquire_held_locks+0x4b0/0x4b0
[ 2944.128185][T27607]  ? rcu_is_watching+0x12/0xb0
[ 2944.133001][T27607]  ? xfd_validate_state+0x5d/0x180
[ 2944.138177][T27607]  ? __fget_files+0x272/0x410
[ 2944.142905][T27607]  security_file_ioctl+0x72/0xb0
[ 2944.147905][T27607]  __x64_sys_ioctl+0xbb/0x210
[ 2944.152630][T27607]  do_syscall_64+0x38/0xb0
[ 2944.157096][T27607]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2944.163034][T27607] RIP: 0033:0x7f410aa7c84b
[ 2944.167509][T27607] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 2944.187160][T27607] RSP: 002b:00007f410b7f0fa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2944.195610][T27607] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f410aa7c84b
[ 2944.203607][T27607] RDX: 00007f410b7f2070 RSI: 0000000080085502 RDI: 0000000000000004
[ 2944.211606][T27607] RBP: 00007f410b7f2070 R08: 0000000000000080 R09: 00007f410b7f1068
[ 2944.219608][T27607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502
[ 2944.227606][T27607] R13: 0000000800000000 R14: 0000000000000004 R15: 00007f410aad07e0
[ 2944.235635][T27607]  </TASK>
[ 2944.266457][T27607] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2944.371142][ T3987] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2944.380244][ T3987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2944.400896][ T3987] usb 1-1: Product: syz
[ 2944.405109][ T3987] usb 1-1: Manufacturer: syz
[ 2944.409735][ T3987] usb 1-1: SerialNumber: syz
[ 2945.571363][ T3987] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2945.577892][ T3987] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2945.600939][ T3987] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2946.001641][ T3987] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2946.042220][ T3987] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2946.086192][ T3987] usb 1-1: USB disconnect, device number 6
[ 2946.104521][ T3987] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:02 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:02 executing program 5:
add_key(&(0x7f0000000140)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="a546a1fcf227b4b7511cab119605f0256d3fcbd7413e54c51485eee872ed0ffe66ab4f1a7083fb505e170575f6898f7865ccb8155ea9a637a415e2417a5d3052a090bbcef1ee15311b00a666d4248fccf65e35e073c2f801bcaa13444a38786be411603be9f25c98bdd1397ab3341bf4b35664643609d9b91342df5ce6abeaff50ae93552b898ed5c44f50bba5aa08baa5818cf5bcefdb59f8f3098629a205bbde2063c49c5e86f6c1793e86cc8c7878", 0xffffffffffffff0b, 0xfffffffffffffff8)

04:50:02 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x1205, 0x1, 0x73}, 0x48)

04:50:02 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x18, r1, 0x1, 0x0, 0x0, {0x8}, [@HEADER={0x4}]}, 0x18}}, 0x0)

04:50:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:02 executing program 4:
syz_emit_ethernet(0x7a, &(0x7f0000000c40)={@broadcast, @remote, @val, {@ipv4}}, 0x0)

04:50:02 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x6, 0x25, &(0x7f00000002c0)=@nat={'nat\x00', 0x1b, 0x5, 0x338, 0x180, 0x228, 0xffffffff, 0xa8, 0x180, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, 0x0, {[{{@ip={@local, @empty, 0x0, 0x0, 'wg1\x00', 'veth0_vlan\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @multicast2}}}}, {{@ip={@dev, @loopback, 0x0, 0x0, 'veth0_virt_wifi\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @rand_addr, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @loopback, @local}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398)

04:50:02 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)

04:50:02 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x48)

04:50:02 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x20}}, 0x0)

[ 2946.723029][T27673] TCP: TCP_TX_DELAY enabled
04:50:02 executing program 5:
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x3, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}}}}]}}, 0x0)

04:50:02 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee01}}}], 0x20}, 0x0)

[ 2946.880832][ T5145] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 2947.171087][ T2543] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[ 2947.271359][ T5145] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2947.410892][ T2543] usb 6-1: Using ep0 maxpacket: 32
[ 2947.455609][ T5145] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2947.476104][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2947.501036][ T5145] usb 1-1: Product: syz
[ 2947.505253][ T5145] usb 1-1: Manufacturer: syz
[ 2947.509885][ T5145] usb 1-1: SerialNumber: syz
[ 2947.530938][ T2543] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2947.551412][ T2543] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2947.576660][ T2543] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2947.601860][ T2543] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 2947.630972][ T2543] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2947.650754][ T2543] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[ 2947.821457][ T2543] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2947.835783][ T2543] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2947.853170][ T2543] usb 6-1: Product: syz
[ 2947.861995][ T2543] usb 6-1: Manufacturer: syz
[ 2947.872278][ T2543] usb 6-1: SerialNumber: syz
[ 2948.201638][ T2543] cdc_ncm 6-1:1.0: bind() failure
[ 2948.226398][ T2543] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 2948.242966][ T2543] cdc_ncm 6-1:1.1: bind() failure
[ 2948.268474][ T2543] usb 6-1: USB disconnect, device number 65
[ 2948.711212][ T5145] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2948.717697][ T5145] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2948.740839][ T5145] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2949.141071][ T5145] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2949.181281][ T5145] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2949.226218][ T5145] usb 1-1: USB disconnect, device number 7
[ 2949.242381][ T5145] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x20, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x20}}, 0x0)

04:50:05 executing program 1:
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@ifindex, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:50:05 executing program 4:
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
utime(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180))

04:50:05 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:05 executing program 5:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
lseek(r0, 0x0, 0x2)

04:50:05 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000001f00)=@base={0x19, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2}, 0x48)

04:50:05 executing program 2:
r0 = syz_open_dev$loop(&(0x7f00000004c0), 0x0, 0x0)
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f00000007c0))

04:50:05 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f00000004c0), 0xffffffffffffffff)

04:50:05 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000080)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @multicast1, @local}}}})

04:50:05 executing program 5:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x6, 0x4, 0x8, 0x300}, 0x48)

04:50:05 executing program 1:
socketpair(0x1d, 0x2, 0x7, &(0x7f0000000340))

04:50:05 executing program 2:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x20)

[ 2950.051487][ T5145] usb 1-1: new full-speed USB device number 8 using dummy_hcd
04:50:05 executing program 1:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$BPF_LINK_CREATE(0xf, &(0x7f0000000000)={r0, 0xffffffffffffffff, 0x0, 0x0, @void}, 0x10)

[ 2950.430980][ T5145] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2950.451078][ T5145] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 2950.471971][ T5145] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 2950.491251][ T5145] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 2950.671217][ T5145] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2950.682244][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2950.703569][ T5145] usb 1-1: Product: syz
[ 2950.715791][ T5145] usb 1-1: Manufacturer: syz
[ 2950.735679][ T5145] usb 1-1: SerialNumber: syz
[ 2950.781381][T27736] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2951.005047][T27736] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2951.021113][T27736] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2951.701720][T27736] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2951.711817][T27736] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2951.940962][ T5145] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2951.949821][ T5145] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2951.970802][ T5145] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2952.163541][ T5145] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2952.209450][ T5145] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2952.261262][ T5145] usb 1-1: USB disconnect, device number 8
[ 2952.268648][ T5145] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:08 executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x301800, 0x0)
getsockname$packet(r0, 0x0, 0x0)

04:50:08 executing program 5:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f0000000080), 0x4)

04:50:08 executing program 1:
openat$vcs(0xffffffffffffff9c, &(0x7f00000024c0), 0x0, 0x0)

04:50:08 executing program 4:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x301800, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, 0x0, 0x0)

04:50:08 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:08 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:08 executing program 5:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@restrict={0x0, 0x0, 0x0, 0xb, 0x5}]}}, 0x0, 0x26}, 0x20)

04:50:08 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r1 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000380)=0x8)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
r4 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r5 = dup2(r3, r4)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x105, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000380)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x19, &(0x7f00000000c0), 0x8)

04:50:08 executing program 1:
semctl$IPC_INFO(0x0, 0x0, 0x3, &(0x7f0000000100)=""/233)

04:50:08 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

04:50:08 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000700)={<r1=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @empty}, r1}}, 0xff06)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000040)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48)

04:50:08 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
recvmsg(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x40042)

[ 2953.051550][T28690] usb 1-1: new high-speed USB device number 9 using dummy_hcd
04:50:08 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

04:50:09 executing program 4:
r0 = socket(0x1, 0x2, 0x0)
accept4$tipc(r0, 0x0, 0x0, 0x0)

04:50:09 executing program 2:
r0 = getpgrp(0x0)
process_vm_readv(r0, &(0x7f0000001680)=[{&(0x7f0000000040)=""/223, 0xdf}, {&(0x7f0000000180)=""/148, 0x94}, {&(0x7f0000000280)=""/206, 0xce}], 0x3, &(0x7f0000001980)=[{&(0x7f0000001e00)=""/4096, 0x1000}], 0x1, 0x0)

04:50:09 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x22120000}, 0xc)

[ 2953.421488][T28690] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2953.600996][T28690] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2953.618385][T28690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2953.648095][T28690] usb 1-1: Product: syz
[ 2953.660655][T28690] usb 1-1: Manufacturer: syz
[ 2953.672074][T28690] usb 1-1: SerialNumber: syz
[ 2954.841585][T28690] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2954.848071][T28690] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2954.867275][T28690] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2955.280940][T28690] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2955.329118][T28690] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2955.374085][T28690] usb 1-1: USB disconnect, device number 9
[ 2955.389329][T28690] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:11 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:11 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8921, &(0x7f00000000c0)={'ip6_vti0\x00', 0x0})

04:50:11 executing program 4:
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8936, &(0x7f0000000300)={@dev})

04:50:11 executing program 1:
r0 = socket(0x1, 0x2, 0x0)
sendmsg$SMC_PNETID_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x40001)

04:50:11 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x1c}}, 0x0)

04:50:11 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:11 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@deltaction={0x14, 0x31, 0x27ea31673171f7fb}, 0x14}}, 0x0)

04:50:11 executing program 2:
syz_clone(0x4001000, 0x0, 0xffffff23, 0x0, 0x0, 0x0)

04:50:11 executing program 4:
r0 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r0, &(0x7f0000001c40)={&(0x7f0000000a00)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0}, 0x0)

04:50:11 executing program 1:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000100)=ANY=[@ANYBLOB="0a010100e00000010000000097"], 0x34)

04:50:11 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@deltaction={0x24, 0x31, 0x27ea31673171f7fb, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x24}}, 0x0)

04:50:11 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
setsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0)

04:50:12 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:12 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
getsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

04:50:12 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0)

04:50:12 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, 0x0, 0x0)

04:50:12 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:12 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f00000000c0))

04:50:12 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f00000000c0))

04:50:12 executing program 2:
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
r1 = epoll_create(0x6)
dup3(r0, r1, 0x0)
write$binfmt_aout(r1, 0x0, 0x0)

04:50:12 executing program 5:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x140, 0x0)
sendmmsg$unix(r0, 0x0, 0x0, 0x0)

04:50:12 executing program 1:
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
fstat(r0, &(0x7f0000000080))

04:50:12 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f00000000c0))

04:50:12 executing program 2:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x140, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, 0x0)

[ 2956.810819][ T3993] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[ 2957.211181][ T3993] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2957.430851][ T3993] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2957.439980][ T3993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2957.470589][ T3993] usb 1-1: Product: syz
[ 2957.474805][ T3993] usb 1-1: Manufacturer: syz
[ 2957.479422][ T3993] usb 1-1: SerialNumber: syz
[ 2958.680975][ T3993] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2958.687493][ T3993] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2958.720883][ T3993] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2959.111190][ T3993] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2959.155438][ T3993] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2959.202643][ T3993] usb 1-1: USB disconnect, device number 10
[ 2959.210097][ T3993] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[ 2959.484621][ T1236] ieee802154 phy0 wpan0: encryption failed: -22
[ 2959.491445][ T1236] ieee802154 phy1 wpan1: encryption failed: -22
04:50:15 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x6, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:15 executing program 1:
openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x2080, 0x0)

04:50:15 executing program 5:
open$dir(&(0x7f00000000c0)='./file0\x00', 0x41, 0x0)

04:50:15 executing program 2:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, 0x0)

04:50:15 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
r1 = socket$inet6(0xa, 0x80801, 0x0)
dup3(r1, r0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f00000000c0))

04:50:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:15 executing program 1:
r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x3000)

04:50:15 executing program 5:
openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x6800, 0x0)

04:50:15 executing program 2:
r0 = socket(0x2, 0x1, 0x0)
recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0)

04:50:15 executing program 4:
r0 = socket(0x2, 0x1, 0x0)
recvfrom$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

04:50:15 executing program 1:
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x140, 0x0)
syz_open_pts(r0, 0x0)

04:50:15 executing program 4:
openat$null(0xffffffffffffff9c, &(0x7f00000003c0), 0x10000, 0x0)

04:50:16 executing program 5:
syz_genetlink_get_family_id$l2tp(&(0x7f0000002fc0), 0xffffffffffffffff)

04:50:16 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x7, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:16 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:16 executing program 1:
modify_ldt$write2(0x11, &(0x7f00000010c0), 0x10)

04:50:16 executing program 4:
syz_clone(0x1a08800, 0x0, 0x0, 0x0, 0x0, 0x0)

04:50:16 executing program 2:
syz_open_dev$rtc(&(0x7f0000000580), 0x0, 0x2001)

04:50:16 executing program 4:
futex_waitv(&(0x7f0000001580)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}], 0x3d, 0x0, &(0x7f0000001dc0)={0x0, 0x3938700}, 0x0)

04:50:16 executing program 1:
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000004700), 0x1, 0x0)

04:50:16 executing program 5:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000340)={&(0x7f0000000080)=@rc={0x1f, @none}, 0x80, 0x0}, 0x0)

04:50:16 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x111})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETDEBUG(r0, 0x400454c9, &(0x7f00000001c0))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000)=ANY=[], 0x6db6e571)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x11, r3, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'vlan0\x00'})
write$binfmt_misc(r2, &(0x7f0000000200)={'syz1'}, 0x4)

04:50:16 executing program 1:
syz_io_uring_setup(0x4b6b, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100))

04:50:16 executing program 4:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0)
dup2(r0, r0)

04:50:16 executing program 4:
ioctl$BINDER_CTL_ADD(0xffffffffffffffff, 0xc1086201, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000001300)='./binderfs2/binder-control\x00', 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

04:50:16 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x9, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:16 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, 0x0)

04:50:16 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:16 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x100)

[ 2961.048677][T28005] syzkaller1: entered promiscuous mode
[ 2961.066108][T28005] syzkaller1: entered allmulticast mode
[ 2961.107496][ T2543] syzkaller1: tun_net_xmit 48
04:50:16 executing program 4:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
inotify_init()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x4a6580, 0x100)

04:50:17 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x100)

04:50:17 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x2, @local}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
dup3(r1, r2, 0x0)
accept(r2, 0x0, 0x0)

04:50:17 executing program 4:
syz_clone3(&(0x7f0000000280)={0x150100180, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

04:50:17 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001f40)='/sys/block/loop0', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@map=r0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:50:17 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0xa, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:17 executing program 4:
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000000280)={0x150100180, &(0x7f0000000040), 0x0, &(0x7f00000000c0), {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

04:50:17 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x1d, &(0x7f0000000740), 0x4)

04:50:17 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x100)

04:50:17 executing program 2:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = fcntl$dupfd(r1, 0x0, r0)
r3 = accept(r2, 0x0, 0x0)
fstat(r3, &(0x7f0000000300))

04:50:17 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:17 executing program 4:
r0 = msgget$private(0x0, 0x0)
shmctl$IPC_RMID(r0, 0x0)

04:50:17 executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fgetxattr(r0, &(0x7f0000000580)=@known='trusted.overlay.upper\x00', 0x0, 0x0)

04:50:17 executing program 4:
syz_clone(0x553a24ec9000, 0x0, 0x0, 0x0, 0x0, 0x0)

04:50:18 executing program 5:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, 0x0)

04:50:18 executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x7, [@var={0x1}]}, {0x0, [0x2e, 0x30, 0x30, 0x5f, 0xe]}}, &(0x7f0000000700)=""/216, 0x2f, 0xd8, 0x1}, 0x20)

04:50:18 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0xf, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:18 executing program 4:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/resume', 0x0, 0x0)
read$usbmon(r0, 0x0, 0x0)

04:50:18 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x100)

04:50:18 executing program 4:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r0, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x26)

04:50:18 executing program 5:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x4, &(0x7f0000000200)=@framed={{}, [@jmp]}, &(0x7f0000000000)='syzkaller\x00'}, 0xb0)

04:50:18 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDENABIO(r0, 0x4b36)
bpf$ITER_CREATE(0x8, 0x0, 0x0)

04:50:18 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:18 executing program 5:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x2, 0x4, &(0x7f0000000200)=@framed={{}, [@jmp={0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9d}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x90)

04:50:18 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, 0x3, 0x2, 0x301}, 0x14}}, 0x0)

04:50:18 executing program 2:
openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/config', 0x4000, 0x0)

04:50:18 executing program 1:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001640), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0x541b, 0x0)

04:50:18 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x10, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:19 executing program 2:
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x0, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, 0x0)

04:50:19 executing program 5:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000))

04:50:19 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r0, 0x6, 0x4, 0x0, &(0x7f00000010c0))

04:50:19 executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = getpgrp(0x0)
sendmsg$netlink(r0, &(0x7f0000005780)={0x0, 0x0, &(0x7f0000005440)=[{&(0x7f00000002c0)={0x10}, 0x10}], 0x1, &(0x7f0000005700)=[@cred={{0x1c, 0x1, 0x2, {r1}}}, @rights={{0x200002d0}}], 0x30}, 0x0)

04:50:19 executing program 5:
r0 = socket$inet(0x2, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000bc0), 0x10)

04:50:19 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000200)={0x10, 0x2}, 0x10)
connect$inet(r0, &(0x7f0000000900)={0x48, 0x2}, 0x10)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

04:50:19 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:19 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000200)={0x10, 0x2}, 0x10)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0)

04:50:19 executing program 4:
socket$inet6_sctp(0x1c, 0x0, 0x84)
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
dup2(r1, r0)

04:50:19 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x0, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000000)={0x0, @in, 0x1, 0x0, 0x1}, 0x98)

04:50:19 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1d}, 0x48)

04:50:19 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x18, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:19 executing program 1:
syz_open_dev$audion(&(0x7f0000000140), 0x2167, 0x109083)

04:50:19 executing program 2:
r0 = socket(0x1e, 0x5, 0x0)
getpeername$packet(r0, 0x0, 0x0)

04:50:19 executing program 2:
r0 = socket(0x1e, 0x5, 0x0)
connect$packet(r0, 0x0, 0x0)

04:50:19 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x18}, 0x48)

04:50:19 executing program 1:
r0 = socket(0x1e, 0x5, 0x0)
sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)

04:50:19 executing program 5:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_MIXER_INFO(r0, 0x541b, 0x0)

04:50:20 executing program 4:
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=0x1, 0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:50:20 executing program 2:
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@map, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:50:20 executing program 1:
bpf$BPF_PROG_QUERY(0x21, &(0x7f0000000100)={@ifindex, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:50:20 executing program 5:
r0 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r0, &(0x7f0000000180)={0x2a, 0x1, 0x2}, 0xc)

04:50:20 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:20 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x3e, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x40, 0x9, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5}}]}]}, 0x40}}, 0x0)

04:50:20 executing program 4:
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x10}, 0x20)

04:50:20 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000380)={&(0x7f0000000180), 0xc, &(0x7f0000000340)={&(0x7f00000001c0)={0x2c, 0x9, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5}}]}]}, 0x2c}}, 0x0)

04:50:20 executing program 2:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getpeername(r0, 0x0, 0x0)

04:50:20 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0xe6, 0x200c0004, &(0x7f0000000300)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)

04:50:20 executing program 2:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getpeername(r0, 0x0, 0x0)

04:50:20 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1a, 0x0, 0x0, 0x0, 0x1116, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5}, 0x48)

04:50:20 executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xa, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)

04:50:20 executing program 2:
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
times(&(0x7f00000003c0))

04:50:20 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000040)={@multicast1, @private=0xa010100}, 0xc)

04:50:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:21 executing program 1:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000080)={@local, @remote}, 0xc)

04:50:21 executing program 4:
r0 = syz_open_dev$loop(&(0x7f00000004c0), 0x0, 0x0)
ioctl$BLKSECDISCARD(r0, 0x127d, 0x0)

04:50:21 executing program 2:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, 0x0, &(0x7f0000000340))

04:50:21 executing program 5:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0x2e, 0x0, 0x0)

04:50:21 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x48, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:21 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone3(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
waitid(0x2, 0xffffffffffffffff, &(0x7f0000000080), 0x80000000, &(0x7f0000000200))

04:50:21 executing program 5:
r0 = syz_open_dev$loop(&(0x7f00000004c0), 0x0, 0x0)
ioctl$LOOP_SET_FD(r0, 0x4c00, 0xffffffffffffffff)

04:50:21 executing program 4:
r0 = syz_open_dev$loop(&(0x7f00000004c0), 0x0, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x0, 0x0, 0x98, &(0x7f0000000080)={0x0, 0x0, 0x8}})

04:50:21 executing program 2:
pselect6(0x82, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)={0x0, 0x0, 0x7}, &(0x7f0000000100), &(0x7f0000000180)={&(0x7f00000001c0)={[0x100001]}, 0x8})

04:50:21 executing program 5:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0x8, 0x0, 0x0)

04:50:21 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x8941, &(0x7f0000000300)={@mcast1, @empty, @private0})

04:50:21 executing program 2:
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8918, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @random="7b68b08f021d"}, 0x0, {}, 'xfrm0\x00'})

04:50:21 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone3(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
waitid(0x2, 0xffffffffffffffff, &(0x7f0000000080), 0x80000000, &(0x7f0000000200))

04:50:21 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x804}, 0x48)

04:50:21 executing program 4:
syz_clone(0x40000680, 0x0, 0x0, 0x0, 0x0, 0x0)

04:50:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:21 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x4c, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:21 executing program 5:
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = syz_clone(0x46002200, 0x0, 0x0, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="ef279af0dc408aec8f72bba07d1b02da98560e75c2bb41ebe9c0d6972925bc9baaed5f6034e81d2e711242b7c0e625e39e83be300987e30388affa41145951aeae221a4b41990badd39a62fb6839dffb808004948b8762d05747da5291d6461ade2e815a6f796058ef6481243507e516776f24d6cdefb67a03f5a729f74fd632360fa924b7c0ca98bd53c76cf3dde5266b77b8b65466c7bfe89cbe33805911d786ac276e3dd456331ff54222698776a8e7e10e925767eb08a8be5b")
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, 0x3e9, 0x300, 0x70bd29, 0x25dfdbfe, {0x4c, 0x1, 0x1, r0, 0x1, 0x40, 0x1, 0x20, 0x0, 0x8, 0xffffffff}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x54}, 0x0)

04:50:21 executing program 2:
syz_io_uring_setup(0xebb, &(0x7f0000000180)={0x0, 0x0, 0x2}, &(0x7f0000000200), &(0x7f0000000240))

04:50:22 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone3(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
waitid(0x2, 0xffffffffffffffff, &(0x7f0000000080), 0x80000000, &(0x7f0000000200))

04:50:22 executing program 2:
syz_io_uring_setup(0xebb, &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000240))
r0 = syz_io_uring_setup(0x7bb1, &(0x7f0000000380), &(0x7f0000000400), &(0x7f0000000440))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f00000004c0), 0x1)

04:50:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:22 executing program 2:
syz_clone(0xe0000, 0x0, 0x0, 0x0, 0x0, 0x0)

04:50:22 executing program 1:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone3(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
waitid(0x2, 0xffffffffffffffff, &(0x7f0000000080), 0x80000000, &(0x7f0000000200))

04:50:22 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x68, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:22 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000040)={0x108, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @str='/.\'\x00'}, @nested={0xe5, 0x0, 0x0, 0x1, [@generic="98e2150c012b2f5f020af82250fc88cfb7726e65600a65bacdd9d506905c81bb3485a2a841b23eca8635754eeb344b8be1f5659d94acb25d59bb541f088fa8c6cec65fa8ec9bd4f6345b4fa40b33400682c91ea319d219df1df86faf74ae0727d01103a47d5287a6e1cc853bb07f8b653d96b25346f722ac60073fd65078a709071f18452d90dd1565b7b853c0dfaa0b37f694f835ad1132a335253ec4f664c5f680152577aa89937bf93adc068244afa4332e4c9e954555450e87863ee9dd660964c831c27fc90d83813afe74fe97ad659e88e80275435adfaefdaaf2c4a90274"]}, @typed={0x8, 0x0, 0x0, 0x0, @fd}]}, 0x108}, {&(0x7f0000000180)={0x290, 0x0, 0x0, 0x0, 0x0, "", [@generic="04bfec57d30f5755de050b1d18f0580bc0929af990bf82fc041dba", @generic="17a52b6d92fa09c24e52cde15a4b8084d72e4a0bd7b2d8c0e1648a5f1c429406cd9cc3d957ef9199efc95a2d95c3f33cc6e3c5b1364b76cdd54441e7f84d80d8acbeee50ecd7ccd63ef1199a26b7a6088ba52516ffccdd9b235484bec516f41434fc93357c5e8f3ac17957faf1edd39215dd2b2ff4c5731fcbd23a7b911f3c60e5c5cc77ad61bf122b0c6770f42551d45c89e06417c9414f92429c494c260b732d099f46aa462781cbc192fbe26047b118310c579429e9d919aff6", @generic="c944bbda16e66a525add80677e1e1981bd5475", @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @typed={0x4}]}, @generic="5cd33ba87754d3f0bf27a74fd3a672ca69b3704dcd756c036e4802bec2fb59149d6b9601aecaa9df7ca400de3268120d587b7f92a40551c286c28c9c3ce7f4c921330de31eec7328d8982fd4312d6b42aa2b65b60ad37cfc7844757973e16267e07350d95c62858dc18841e9c0", @typed={0x51, 0x0, 0x0, 0x0, @binary="8403663914423425f7734d8788d6947efa373d17632fdd0ba0abec784cd6b8738ce9db2c126be85d166e987d4dde439a06581f89c9629d255330c0e7e430b0e1994acad7f682950079609f61bc"}, @generic="d7665e223cc3c7a2ac7a772087385ac9838ef30d2d2b19feb3e864a7f76018845dd5a507613ecde572e6ab0d074663ca87f3cc7bfaf3ef48a84b906a6d9efd70f506c2313bc45580640011bf6b813b5d399399b25741261d9e497ddb4261eda8af3df07a93fc48ba33e5", @generic="8c8f0c5e2b4100029296a10c479caa730e6c39aa99ac3c9bdb6c65d047c7a5461efeb858415faed135396bb7c86f62d7663ee4564010ffe5665ccd4f5524d5326d", @typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x290}, {&(0x7f0000000480)={0x184, 0x0, 0x0, 0x0, 0x0, "", [@generic="33d3ecff06a3d2b3d4a8d2a42e7d59f951c3cb622ca1cf93993edb1155503abd030691a4528e948cf0036416d9c2295c2a66eb391ff8b62d3b6faf8d0e15af1090e43d5122a329396f3f5bf9417bf59b84f0e64e99fd4d4cca3189e7cd45f1f44fa0b7a36b431b99", @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@empty}, @generic="6f5ac2294437b64d30054959f0f0c77ec622db209455bbbc966cf926a14d0cf56c0ef1e0c87600284d750ee6b08315342034da473f99a5ed43d7a252e53fe1ccbf0c1bc092e01bc022d3feaa929bf1458af8a3c1272ce9f9083609ae80a7f2fcf3a9d999a6bb96", @generic="d28f507bb8928393a6ead884e265a296a77e716742ce783f28dde1e9da6153449f86175c9461fd76714aabbacea08d8703ade6ebd382946df29d7c25ffeefacb246bc4e9ee1834e63185faa69bef277b553c295d5e7247f4c2a181785c3060ea5bf26087f8bb8e18a541788fdf2fa3b26b79a5b65e504ec0f891bbaf53ef75eaffc4bc8dbedcd8d2e48d17139652"]}, 0x184}, {&(0x7f0000000640)={0x218, 0x0, 0x0, 0x0, 0x0, "", [@generic="a4d92b26be83f3a4f22b60c4f8abc70b1333b803735455ab4f69cca44768fd2e59cea69e8dd2d7b7359f681e7f9bf7d24a40f38c2b8d561dcb73b572791524c731e56f20cc5a9169d669da739b325169b48c3e62383668", @generic="d8ec832369305dc2543df6a11223821d8ea13e7113e342af0a74bf5d26963a2a3a0f247ad9f2cf2504c3d5ddb02f01fbdf9f73ed607a3540f858c6da99f13481994d3c94174cc2ee8788e1a75238813d90ebb97470a93f6211b049a89910fa6d8a624e836ba87eea67d4b93a95ae7af713028fb2721d786932f82165270e14a9a5b3414c2c668c20581bb4e43ade51d09a596f89b72274ba6fb0a8eef93a51a533a7cde65a63e16c81d43784a033a2d8578e99af520581dd496b81b7c56f9a8eaf51ab4644c55860fee98c5b229a9d44b96d5bead3414af2da5eaf4a447b9af510dec1072ec2be", @generic="4f55d18ed319a3babcd305158eafac92fbedeee62593ff476dc1d49e75aaf84c5319fedea52d344efa6ad4ec4691e289183ee1acc96f616643905653c40f6f168f7ff007b2fa4d0d0dce0c75e3", @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@loopback}, @nested={0x59, 0x0, 0x0, 0x1, [@generic="8820022a20cbe5920554721a2fcb7fd61be7e0269337e6d8eb0edb50d8278a82eb5cc1cf01d49ac83ddfe8de4604e54f7c1a859a063c995df0fbfea0eabee14d0e03a370d7ac111554a5553e4c39dee07941f815af"]}, @generic='cs', @typed={0x8, 0x0, 0x0, 0x0, @fd}]}, 0x218}, {&(0x7f0000000880)={0x100, 0x0, 0x0, 0x0, 0x0, "", [@generic="cb01bff636b37d28728e85dbd8bd192b336d082239a7df6c4899547d7401eb1e2aaaeebad56a15ef92e1128558f8f235cde8d22eae6ca1a8c44e4872d27cb6f8982dbbec30705bf0f5164c318ee0013b62a093b89b9aa4e69dbb7b676dc72332953d5b52347c57f800db46f36e9e48fa8a2294ab946dd79905863c610d864d8afc42555a9268bc42ef02f4aa891e97a71b2887f6839aaeffbdc5ad256be549dbc669ee42a3bebbf633e64a5bbaf88866b6cf9ee853c57b84b016cea851df04eef9d303dc2d36e69e72601e092db2892055f27792984b0c0c5a6bde21e354a16e68c5ccc371b5d40e26772726d5"]}, 0x100}, {&(0x7f0000000980)={0x364, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0x1fd, 0x0, 0x0, 0x1, [@generic="51b69eb21d328bf9d95748c8082d2ef06be419297b1b9c06438ceae4563810c8ef4a200d48c5d236dec271fa20fb27f0abc73e2c122d046c2e7af999904b25c01e87ec66008950322f04a93f9a9cb43be900351208118e8e98d391b1f8b85a82d72dc156ac4a93adfdb21a9602559b193f50ec", @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@mcast1}, @generic="a62dd759badeb39ff1696939d11ec7680598803783ed9070305c3c6b338539c1efa525e848725dadec9fa9ff4ba64943fe2568091b36b33abc67a7d8dda1dd03eacb9506627f023b99f5087d34b06a1992ca1625bf099e27837ec61b298e78f4ceb020ac228bf77e10a0d8d893f8727251d2b9204802b0168a1c6d8af4b742a448d2fb5caa6e57ef4efefe3e9b48c43c307148278136ea3f6af162aaee8abc9c092f768f3afd1664f6238273fb58d04a6c715a6e041993d47f2797b282ca7d620d534d3d46b5c05cd3adb9c2feb553f03a6c70c779e464df052dc097f9501d420632e1d19dbe81286d2930a1f9575b7ff36e80b5e2e283dce07b0a60", @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@multicast2}, @generic="4d474273e901103c6485508eaadbbf499ecdb562e6d0764496082f78a01c379fac398f139a23c22752c71d813881f770aec03fb122263b93a05cb014f59f77aa4f4cc885e9f30bfdbf81", @generic="3d07adf59ada11d3cb6907307c35b6ca45660b0fb7b42b7455d54ed944b0ddb43185996f"]}, @nested={0xe5, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @generic="c39806ba9c5ffd2764369d8174efa7f1f2e14cb2aae73f15a7e16f290179d591f5ef0eaf8f822824a2de0a0daa3dc06b8dadcfde2d0bfa5546ff6f60b0d3857b3345c81042ec910ef698a4b122cb39de0c766dbc8215b93835187ac1069f21522a4d4327dd027e04d126d29ea5407bdb63d5608a600e115d58f4bf74b04ed093a51805b97cfe2205c993dbf45ca6de44f07ea407f58fc08afa774af8f5598322c197d6ddbe541cb99b77d2e42a0c6658b4f0bc7cf5bf87332b90e4cecb4bf3f55d42ade9b05f73d119600e25745ea073910a4e5798a0ac92f2"]}, @generic="ab87315087b37d2be2b23eeca57bb6610b38cb69969385d0400c9305cc786ac379812ee1e13f39ad88ad1868f2e8571058c3e37bed7f602cfa69be57129f03d7aa29f7dfed", @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@local}]}, 0x364}, {&(0x7f0000000d00)={0x98, 0x0, 0x0, 0x0, 0x0, "", [@generic="2e6ebfd469559cb06bd3e70bddbaa914d291510c92ac98525cbab182a69c83a99d1c084dce28a01b154bbce1bf161af275c8a0893c036d92e91d5c044fc5618d2c129ead1025c21c63881efce9ba9b71a254754cf2a3767ab8609b3597c4fbf1003100040c3d45b73a422d575d6cb2da32160ebfdcf66d7e116f01ed1dacd8aaadf22ac086"]}, 0x98}, {&(0x7f0000000dc0)={0x28, 0x0, 0x0, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, @typed={0x8, 0x0, 0x0, 0x0, @uid}]}, 0x28}, {&(0x7f0000000e00)={0x22c, 0x0, 0x0, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}, @typed={0x6d, 0x0, 0x0, 0x0, @binary="e1a3606fd9c4d435b6657b3f65ad583ea08f4b45e0184aca79562c32dc9b6f98816fccb4d25737ff5286842011db1607eec94e08740f914258093d863c8a6733b69e8d7b0408fdb31ad42a14a2ca45a1ef2b0a23a5d187e5455714e0cb183fb4e0a401e29474214b99"}, @nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4}]}, @nested={0x195, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @generic="86d097b86066a426cd88fa163b3f626db87d0c84ba8a1efc486338c74f9434bcabd3389949afda7b7b882ae72eb2bc525823bf4868448d9c435e169f7068fda1ef36", @generic="1fcafb101aaa552a95548af5035c4d193cd13b5350a285f2eb091bb41629e233d46b28590a84257309d95b973eb550877c635712d6ab2dad2872ffe7ecebbd6bb7962093ff74a69251658238df3bae2c5355ab508b2f5773213cdf620be31cbb0e931268f7fc8846d460e652d22845e8e93d48c7a5714f5cbaf5c20fc8362befac2c21bc6928f3c0c4dcb9a20c400caddeed0743db81baaac8307e8182dd3a69e4412ba53f562e2153f5bd1ef48752b7a0d9b944e2f08438c8c22e2d88e9f2672fd2fa0074026a8adc34a3564bcaba83e00f9ccca6ddeb59806be5119a226fd4f3dc99159a3396cc67d92334fdc015a26ac0d86a3a2eec0eb76b709e0f51cda9f52d63ed39e0ca2899a21e0ed2702b95cbaad4e1a165daee8ee300185592fa49b02321920b4979fe62d6d3450f8abbb31cd3fb7bca0ef1ff940bdd31f377b27b64d38e12c1be86"]}]}, 0x22c}], 0x9}, 0x0)

04:50:22 executing program 2:
syz_clone(0x4006000, 0x0, 0x0, 0x0, 0x0, 0x0)

04:50:22 executing program 1:
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000500)={'gretap0\x00', 0x0})

04:50:22 executing program 4:
timer_create(0x0, 0x0, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200))

04:50:22 executing program 5:
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = syz_clone(0x46002200, 0x0, 0x0, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="ef279af0dc408aec8f72bba07d1b02da98560e75c2bb41ebe9c0d6972925bc9baaed5f6034e81d2e711242b7c0e625e39e83be300987e30388affa41145951aeae221a4b41990badd39a62fb6839dffb808004948b8762d05747da5291d6461ade2e815a6f796058ef6481243507e516776f24d6cdefb67a03f5a729f74fd632360fa924b7c0ca98bd53c76cf3dde5266b77b8b65466c7bfe89cbe33805911d786ac276e3dd456331ff54222698776a8e7e10e925767eb08a8be5b")
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, 0x3e9, 0x300, 0x70bd29, 0x25dfdbfe, {0x4c, 0x1, 0x1, r0, 0x1, 0x40, 0x1, 0x20, 0x0, 0x8, 0xffffffff}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x54}, 0x0)

04:50:22 executing program 1:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000001100), 0x10)

04:50:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:23 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_mreqsrc(r0, 0x11, 0x0, 0x0, 0x0)

04:50:23 executing program 1:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000240)=""/50, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000000500)=""/73, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000800))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
creat(&(0x7f0000000000)='./file3\x00', 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[], 0xfffffdce)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsync(0xffffffffffffffff)

04:50:23 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_mreqsrc(r0, 0x0, 0x19, &(0x7f0000000440)={@rand_addr, @local, @dev}, 0xc)

04:50:23 executing program 4:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x8a, &(0x7f0000000400), 0x10)

04:50:23 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x6c, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:23 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000004e80)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000004e40)={&(0x7f0000000040)=@newtaction={0x1e84, 0x30, 0x0, 0x0, 0x0, {}, [{0x4}, {0x158, 0x1, [@m_simple={0x154, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18}, @TCA_DEF_DATA={0x8, 0x3, '-)%\x00'}, @TCA_DEF_DATA={0x7, 0x3, '{\\\x00'}]}, {0xfd, 0x6, "d1bb46a532539539207f615fd61c46fb754f74b6f666d93b6ced6c8e8ffc6370f472dd058f72ec45ff0ff2892887bdd7d331d7fa46bd9c58b0552017dcd09d690a941e226e8210540f88cb3540b10e62d2981c4e738fe866dc9a296ea40338c8826d0dca8d89ae72c37aed412b4e3f721d18e198aaa2bd3c778a1e5914b78ec48edf38e4745d0841c34b2d71f33f97471bd386b07d77583d26fecddee86dcc4b3cbe7f1eedf415a960767236750e442c3309ea7ea5733019d721abd0d4dd651319bc04a3acc56e59750d9e8080525931107ec7fbc6f2c05c0693b4b47b3f1dd6f94b4ddcee4202a4248e55877d60692fb9a4666f08db40cc09"}, {0xc}, {0xc}}}]}, {0x1d14, 0x1, [@m_ct={0x120, 0x0, 0x0, 0x0, {{0x7}, {0x54, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @loopback}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_PARMS={0x18}, @TCA_CT_ZONE={0x6}, @TCA_CT_PARMS={0x18}, @TCA_CT_NAT_PORT_MIN={0x6}]}, {0xa5, 0x6, "46768496b6f0b7c6f7148586f419d6e79677cbb596be2a88212e09f835205351d90d6ad0d9e6d31d6af3fb4aa9c2b4ff1f405dbfff2e58eb93bcc90e06894851655b9b77877da3f58081e69ca86e6d69244698cdcb632924768de0940f97a7cefb70dfa5f919b0fc78d47bacb3a447377c5f1572464d6c3c2ffafa0120c686b005d81e4331070f9797ebbd0327db602b94e40d5736cecaf210f4dcc4d317059a9e"}, {0xc}, {0xc}}}, @m_connmark={0x140, 0x0, 0x0, 0x0, {{0xd}, {0xc8, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}]}, {0x49, 0x6, "ef28ec484f22e1b0299bf0667876dfd4d3a92fa04bb920414b6dc2e93faa42891da914f721284109aa32c921a38fa9960fa459a0f2417f03f1a2f4ee310c31b98ad91e1feb"}, {0xc}, {0xc}}}, @m_ife={0xc60, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0xc35, 0x6, "de39c41bcd9f2dc5669254e8c0c033db247c9ebb34ff3d13aea2f0ef0c3d7db6c6037d598fb747882122c0a00ed1f2814b6f2debb0acb2922ad39388ff9d48a5d3a9b2df259ebbcffebfc293784f6f14aac9fda4eade45ce68990c5b3f32f5405582aecc61340a962c38c3d1fae50484bcd3398b04a1c1ad6a1dc7e9e1aa9ab5327a66ce6b1bf18062be82c5572598e96246513893c798d02922005a88e09f4b4b57a0997eb4bfb1f5e4e4667cb87e779ce858317a42fe54900453b343eed6ae0cdb38840ee0677104d3e719ab5352d74468b84d5990f3f3e9d57ea0a1701de72b2c3f68539ef7634161483afe8ffadd677ab6ef622ba94fd8f08bdf72bc95b37ac9ac928c92551678eaa6279c93d3d2e4ec54a1e6f7fdf90cde4b938e50d81d1f138f445e90f1c3b81801ba728babcec87ac29cbe714028feef48e6549c7614a3a5f56e933a519b0c80bd191e89817f4a28efa10711e60af1e070eb2f68b6e88b8a9dd14d197e908889da57c8011c34eb970bcb76762c2bbe6e416e04c306a7146669492f5e41b4eee920b88cd698cbc26334f1a78a3add16bc214b4bbe77799a2b03b12399044fabdb7dbd09785ee73c9bc18c6931706b7097c3d839b43245ad5ce4e39b2e115aea5cea2e974433ccd5f35dfc3bc1eaf0bcbc3b0abc5e0fc09fbb69d9d562343c4d04a3713943988c2d3874ceccde34aab577f5678c50c511baf6c6da0f53ffd00f385f656c689603843c34404f3b988fc60747487a298baced4a83b7cf167df53cdad4a7c7b561d7a40c72115525327c1727e588a86b99fab3eac528891dc3a8af6dd61e0a80fe97e178a3c2e8b9240cf7cc2313dce40d60b80f43bd4035d64d9d46c930ac6243da642a45d1d08a2c2c337878e69546b8e33869f19a83bdff4e4e7f0e503ff745521741511af5e1f16b8782712056d47c6c757443598f6259399cd9509a9abbd2224297cfed8f68686ce8b737bdefffb9b369eb6723c174c89ca33469bebd3d38ee19e6e7e8845cdc7b78b146ccd831fa65473bc1c8172c424cae3e82933054477106f0f4fca16d335e5f4d5e2b51d88fe4e3cdd2f2838b902a8e99dd72200ac862f91227401d0ea78fd463eba3534317a2dfbcc04221b7ad9d62ae21f39ccd00d015a698dd48c20967cbbb7b7517e49c8c04e474c5b04c8973dd5f62e318a348007469d92753336c9c993b4d49dba03378608e0a2f543ecf9df69ef4c0a6afb7f14d0db029b43e2fe22ce8d95880848063eef46fa362c24ee4443432eb724115805dfb05af0cc4e6fe3d976662edb60be8f70db0e555467dfdeb449c90aad754c69465154a6b766c4b190dc47f0250a35eacdf681c070ef9f0f6c30f00be0c34a54b75b6de9aed9f860ae5a26d81c3e54c54822f1647c611cb65996ad2a271fcbcc97c2d6853520a5909d089cd51a8cee19d0aa21795a5bdde39dc0a68a4afc0cc7fa55a3c24f3f600c251721726525075beddf6c26f2e6891ebbf9183e7860fec963cb9fc040ba7695a9eb9dd51ab8da08b7e806d407dff566b6f2cb4b9b071cac578b240a4e4f63fead2c7ee34ddb402f63a44e97a53037cd4f9a0b9b171a3b7b594cf596bedcd96a43ee66fe9325ca43cd0c5804032336cbd008fa00de25c256f6006c4c9943e660c2abddb560b3bc86b22238fcdd06c956c14b570e2eb4dec609acf989e795375ca0f587875b7380dd5d722568041c30992e33d70e2452a0888f1b139a7333a2d696faaa44676f06c0e3c103a9c993cee061836e264c615fc8da69c25f73831984dd7bac0a61edd72300cd5bccaad8ba732596a248824ca10796cf73280fd12a6967199fa675e6229b7e7c91bb0ec8f9a342b0f2f555f41695ca5c67a1f4baae043318b69b4e2ec57285805d028465855a7dc32e932991d9390807a21da73db5ea4ca9a7d8d49945598976a36cb340f85d8c845e7f8fd40ad141e7b61f722e2d8dfc09cf3fcc814837376d7f010188b3044c631833de902714bd4ae0e434a99ff273976a785aa6f6009e325b61052081bc56e0ed57e9e0caf32454977c23a6c06d1b95d91101564ae7b6aca24d66d164913bfcfff282da9851a8601d694af24eff26b3bbef563a919fdf79414fbf6187f629c5a1de55bf74d6714ec1cfe829879856c7b23986fae0d093d8bf16c75361ddde9686498fbe471d74657403337f9a5b4f7d96c742c8376f0e189ff4079ee0869a57158069b03ad9e6ec5630950739980d69991f33aab96eb8bbc0d4130160f79ad042ddbb19fb5d355c05923329f612631aa8491007abb9d339710c69752153bae323f2c4d1613faf2d48f29c234d1d64be06c394972fe8b0ae0ea905fb4ce97704384790cb4abc02c72dbfcb882e5cffda4832fca898ef0cb41ef8b42a1046e53ed2f57f77534d8bc24c99a0791f3ee8d5c42b332a103ea762ec4cac6b641ff71720e03b4cc19424ac43512a403bb88fa2fb93185d1e556df064109c81be2f0820b49a05188187903bb5ea83a5c24a91f77b029202462708ba3baed6b18048d3bdc5e0fe65c0fa7d9d6296abfea012c3662de1bd008ba49f99cd782f6418b89f268bcb29f350b68a21b31327aa757771449b8cef60811eaafa961fd453e79b2b6b9fd580936393c88b0b44672c963e7336eab4cb823d0c2a9128b06aed9d1bb905533a85c11f4279565170ed83de886d4a8999d8f76cdfac30d847bb85c69fde67a35cb7ab2cea4518500353a40f80022daf7676564dd03c5fd9a22550e29c202e7d61c4d5e1a0e6bec1c6267a045ce09d17b79eb4c0dcc43f2f0fdaa8c6abb34745540f3e0b52165d825e7ad9e96019b646fd71837408f1a3bd44e9dd44881b97d6ca334f71cba05ee498ba2c8421b662991f310b192fc9eb9ccb1b0562293b7f5f54f35d056a7ba0266f55a71e9bdebcced737394d77972fdac978108fdc0fc358b0bc55623404ad03187a7e634f6c4b05d1f5bb83303fdb616274bf909f4d2312f14c6447025d7cca8e495bec3e52eda526d07164077c7791c297c8fa74c4f9706a6312afa1619ea45c300548ec995fdca5f2bd202d6b194a591fde1a68df82dae35a13d153cc02717d5ef52dc4096786e6f77109e5a605fc6314c4ab9a50450b6a9061b3732c41f20cdc2b7345b6c8678d79708fb4da67bb3b3b57cdcf30149fec88fff4600a0d21bb2327b63b59ba0ad9fb2f16bc0024f69859c7b36074520de7b8cc3f86d01f5378dd083a446253cad362dc2e7e8fcf4798c2ca637960996818868448a4e206854d443a345aff0faa828f038baccd57fcc2cac9b715b2ffad0a1408dd7213da810509a3c90f7f0b56710dcaaad03478cd9f9a389d6b6020d51afa8733236bf5b5f508470a3296b825a503828b5fbc992b913fd994cffc28ce938c916be194df1e4dc137ebcdeaf2db3d7afeb74f4b3f16c3c058cdd803151b06a95373aa5f1e3c720395559bbd7b0fca53db328c5e621245c13680593f993d077a6b14d270b14a539faaf31ed14af9d6eccd6dde1454f26cfa79372c5b09f2ed4e98b3091b3be8a8cf09d03b19b9be68d3f5dfa090e254dd40f9b784a30d16b28528196bd460285a4c5947c59e23d8744df69c6be6b9c188d9bfa46a62dfc58fb9448d153d51857e02d71754067850f6dd47611cd411066fe61ad5f7924463b9b09a65a1fa5fb6779cb429d0dbf9fd2e8d9811df15c12f6ae25e3be4a755c589c08f965b2f191187bc2e6a53de0940161613a70d0f08b0c0fa6a6035b1e61d28f208fd06ffd2f871385e75738cbaf005dcda18f3017f98865e5113fb8143a38782dd22cbfc4e47913233982a2308e710b23c83a385b070a121942492bec06c4c2eaaed900918e06ba1ad74e336d4b00d88de72815a0283e22c9a2fc81851a56ce99c7ecf6cb8a132624355d07c27bff5aa7ec61e2255850876e972bfbde4ad088cb559aba3125fa3d26ecdc0fc39e41e339f0dcf61c0c34d1ee7f3a80aa98e68d5f179c8add8c6ada44cf55b32ca6d4f004909677ce89cb0c5d0965768a664d9f6c1b76b2a05cc3987ac563fb19d1e5ed8d74665c6f0e8003f50249e22d9e1a5eabd1ee1fe7949fc732c929e3872293855ff0e261a66b1d4422f97caed4611c6aa5eb89903845604fb3eb56f456c68ac2c8db5ca6efca5c33aef74287329b5140eba5c3cdd8274a23a276082f6d7b4a1523dbd6734b9dde1c9df9f085b0813e1a7f55fff993bb588f83bd6bb4ae4657fdeba0a9a2924aa2035467d611c05784caee4b017606850451a08580abae38f105ba0ebba0e838c718b201b68e5972e69491e29152c5ed7889dcc75202acdaf00e3bf31a80dc55810ea52c7fd5a29315e7948617e70bc1462f81206c4e304707b3643cf8e1da035c126eb69406535b7bbe7b352149"}, {0xc}, {0xc}}}, @m_pedit={0xe50, 0x0, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x1e84}}, 0x0)

04:50:23 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:23 executing program 4:
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x890c, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @random="7b68b08f021d"}, 0x0, {}, 'xfrm0\x00'})

04:50:23 executing program 2:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000400)={0x41}, 0x10)
connect$tipc(r0, &(0x7f0000000000)=@name, 0x10)

04:50:27 executing program 5:
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = syz_clone(0x46002200, 0x0, 0x0, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="ef279af0dc408aec8f72bba07d1b02da98560e75c2bb41ebe9c0d6972925bc9baaed5f6034e81d2e711242b7c0e625e39e83be300987e30388affa41145951aeae221a4b41990badd39a62fb6839dffb808004948b8762d05747da5291d6461ade2e815a6f796058ef6481243507e516776f24d6cdefb67a03f5a729f74fd632360fa924b7c0ca98bd53c76cf3dde5266b77b8b65466c7bfe89cbe33805911d786ac276e3dd456331ff54222698776a8e7e10e925767eb08a8be5b")
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, 0x3e9, 0x300, 0x70bd29, 0x25dfdbfe, {0x4c, 0x1, 0x1, r0, 0x1, 0x40, 0x1, 0x20, 0x0, 0x8, 0xffffffff}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x54}, 0x0)

04:50:27 executing program 4:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000400)={0x41}, 0x10)

04:50:27 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x74, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:27 executing program 2:
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8901, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @random="7b68b08f021d"}, 0x0, {}, 'xfrm0\x00'})

04:50:27 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_mreqsrc(r0, 0x0, 0x5, 0x0, 0x0)

04:50:27 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:27 executing program 1:
r0 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8916, &(0x7f0000000000)={{0x2, 0x0, @private}, {0x0, @random="7b68b08f021d"}, 0x0, {}, 'xfrm0\x00'})

04:50:27 executing program 4:
r0 = syz_clone(0x40000680, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001ac0)="77ecf46db9e6d44d1f9e7517bcb27df719a19a9830b7b6bb1def80976607cd849a8e52ad3c8d07bb60d8f6bcb5d5966a48a9f53a92f107268b790b9c7d53e064f61050ba91cf4ea639f7c7665c0b098bf47c6044385447547fd663f8cc39a8e46ae80ed312ac3404e839a8d26e27ddfa2d12fc153fe28b2e14b639292cdbfad9c95bea23d583a0bae03e351e0ad6aa85cc2fcc102deaa7f232a5d27ddd03cd0bed34ef01ce8ab846c5aa4e557f3c")
syz_genetlink_get_family_id$wireguard(&(0x7f0000001640), 0xffffffffffffffff)
ptrace$PTRACE_SETSIGMASK(0x420b, r0, 0x8, &(0x7f0000001c00)={[0x6]})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001940)={&(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001680)=[{&(0x7f0000000040)={0x18c, 0x33, 0x800, 0x70bd29, 0x0, "", [@nested={0x163, 0x0, 0x0, 0x1, [@generic="3bd602bb3190c9414d3350bd68cac218fee472ac9da3d5947a0beae8b30b48a0b6a39f4417428f688cd454eed4073601b3b0514775064f0b305c9ea438a9bd2e71b9ed6c57185ed2b490fe83675da45864d0023c77cd5cbbeb80fcd24b13b85ce7ca3b9193b81181ff4acc7d33146ed5ad7ccd1cbcda4a651fe68f5a98ead95b2e0bcc9859b16ade4a73894a634ee31dfa3177d967e57c7c2676c5f3e2e4ac6d8a2a783d7918ad33821a25cb13bb75c1617f35d608d64279277be0ec2cb15222a11fa1d90f197e675bea4483401eca9b95bd494c218a856c2af686793978578930ce49", @typed={0x14, 0x20, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @generic="2de49088fc597b59bda335dcba78dd5c6d805e5a20fb75b99e3324a0373afdad96ffb8050689a7d6da3e618a96d3dc6b1b3331022c8c332143afe3512260bde52907c4c7ef4ff2c7c34e7251eddc45faa5e1bea8effc8c2d75f8a6d40b8c89d56109ed27e2700d28"]}, @nested={0x4, 0x0, 0x0, 0x1, [@generic]}, @generic, @nested={0x4}, @nested={0x10, 0x16, 0x0, 0x1, [@typed={0x4, 0x32}, @typed={0x8, 0x45, 0x0, 0x0, @u32=0x5}]}]}, 0x18c}, {&(0x7f0000001640)={0x24, 0x40, 0x10, 0x70bd2d, 0x25dfdbfb, "", [@typed={0xa, 0x0, 0x0, 0x0, @str=',\\!!$\x00'}, @typed={0x8, 0x21, 0x0, 0x0, @pid}]}, 0x24}], 0x2, &(0x7f0000001c80)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="000000002400000000000000010000000100", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES32], 0xb8}, 0x0)
socket$netlink(0x10, 0x3, 0x0)

04:50:27 executing program 2:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = dup(r0)
fgetxattr(r1, &(0x7f0000000000)=@known='trusted.overlay.nlink\x00', 0x0, 0x0)

04:50:27 executing program 1:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$FUSE_STATFS(r1, 0x0, 0x0)

04:50:27 executing program 2:
r0 = epoll_create1(0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
dup3(r1, r0, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10)
write$FUSE_INTERRUPT(r0, 0x0, 0x0)

04:50:27 executing program 1:
socket$pppl2tp(0x18, 0x1, 0x1)
pselect6(0x40, &(0x7f0000000080), &(0x7f00000000c0)={0x9}, 0x0, 0x0, 0x0)

04:50:28 executing program 2:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000240)="e84f", 0x2)

04:50:28 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x7a, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:28 executing program 5:
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r0 = syz_clone(0x46002200, 0x0, 0x0, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="ef279af0dc408aec8f72bba07d1b02da98560e75c2bb41ebe9c0d6972925bc9baaed5f6034e81d2e711242b7c0e625e39e83be300987e30388affa41145951aeae221a4b41990badd39a62fb6839dffb808004948b8762d05747da5291d6461ade2e815a6f796058ef6481243507e516776f24d6cdefb67a03f5a729f74fd632360fa924b7c0ca98bd53c76cf3dde5266b77b8b65466c7bfe89cbe33805911d786ac276e3dd456331ff54222698776a8e7e10e925767eb08a8be5b")
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, 0x3e9, 0x300, 0x70bd29, 0x25dfdbfe, {0x4c, 0x1, 0x1, r0, 0x1, 0x40, 0x1, 0x20, 0x0, 0x8, 0xffffffff}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x54}, 0x0)

04:50:28 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x1}, 0x48)

04:50:28 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000001c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:28 executing program 2:
ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0)

04:50:28 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='auxv\x00')
write$P9_RSTATu(r0, 0x0, 0x0)

04:50:28 executing program 4:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
faccessat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2, 0x200)

04:50:28 executing program 2:
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0)

04:50:28 executing program 1:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$VT_ACTIVATE(r0, 0x5606, 0x0)

04:50:28 executing program 2:
shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ff9000/0x3000)=nil)

04:50:28 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KDENABIO(r0, 0x5450)

04:50:28 executing program 1:
syz_clone(0x0, &(0x7f0000000700), 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840))

04:50:29 executing program 2:
syz_clone(0x4000000, &(0x7f0000000700)='A', 0x1, &(0x7f00000007c0), &(0x7f0000000800), &(0x7f0000000840))

04:50:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, 0x0, 0x4000044)

04:50:29 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x205, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:29 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
syz_open_pts(r0, 0xc00)

04:50:29 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmmsg$unix(r0, 0x0, 0x0, 0x2141, 0x0)

04:50:29 executing program 4:
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)

04:50:29 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000001200)=@base={0x1a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x48)

04:50:29 executing program 5:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000020c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, &(0x7f0000000040)=""/169, 0x26, 0xa9, 0x1}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r0, 0x20, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}}, 0x10)

04:50:29 executing program 4:
bpf$MAP_CREATE(0x6, &(0x7f0000000180)=@bloom_filter, 0x48)

04:50:29 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000e80)={&(0x7f0000000c80), 0x6e, 0x0}, 0x2041)

[ 2973.690969][T17130] usb 1-1: new high-speed USB device number 11 using dummy_hcd
04:50:29 executing program 2:
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x10081, 0x0)

04:50:29 executing program 5:
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x1, &(0x7f0000000040)=@raw=[@kfunc], &(0x7f0000000080)='GPL\x00', 0x5}, 0x90)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0}, 0x38)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000001040))

04:50:29 executing program 2:
syz_clone(0x15000, 0x0, 0x0, 0x0, 0x0, 0x0)

[ 2974.131461][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2974.342450][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2974.358541][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2974.382394][T17130] usb 1-1: Product: syz
[ 2974.386704][T17130] usb 1-1: Manufacturer: syz
[ 2974.398204][T17130] usb 1-1: SerialNumber: syz
[ 2975.541600][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2975.548081][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2975.572071][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2975.954468][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2975.991065][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2976.057042][T17130] usb 1-1: USB disconnect, device number 11
[ 2976.068195][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:32 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x300, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:32 executing program 1:
r0 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)

04:50:32 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001380)={0x11, 0x4, &(0x7f0000001280)=@framed={{}, [@jmp]}, &(0x7f00000012c0)='GPL\x00', 0x2}, 0x90)

04:50:32 executing program 5:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1, &(0x7f0000000100)=@raw=[@alu], &(0x7f0000000140)='GPL\x00', 0x8, 0x72, &(0x7f0000000180)=""/114}, 0x90)

04:50:32 executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@struct={0x1, 0x2, 0x0, 0x4, 0x1, 0x0, [{0x1, 0x2}, {0x5}]}]}, {0x0, [0x5f, 0x5f, 0x71, 0x0]}}, &(0x7f0000000100)=""/44, 0x42, 0x2c, 0x1}, 0x20)

04:50:32 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:32 executing program 5:
socket$inet_sctp(0x2, 0x0, 0x84)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000140)={0x10, 0x2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20104, 0x0, 0x0)

04:50:32 executing program 1:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r1 = socket(0x1c, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
dup2(r1, r0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)

04:50:32 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x900, &(0x7f0000000000), &(0x7f0000000040)=0x8)

04:50:32 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f0000000040), &(0x7f0000000100)=0x98)

04:50:32 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x2}, 0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r3 = dup2(r1, r2)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f0000000000)=0x8)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x107, &(0x7f0000000000), &(0x7f0000000040)=0x18)

[ 2976.862300][ T2543] usb 1-1: new high-speed USB device number 12 using dummy_hcd
04:50:32 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r1, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r2 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r3 = dup2(r1, r2)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x105, &(0x7f0000000080)={0x1, [<r4=>0x0]}, &(0x7f0000000000)=0x8)
getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x1a, &(0x7f0000000100)={r4}, &(0x7f0000000140)=0x8)

[ 2977.233385][ T2543] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2977.410883][ T2543] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2977.419980][ T2543] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2977.450794][ T2543] usb 1-1: Product: syz
[ 2977.455084][ T2543] usb 1-1: Manufacturer: syz
[ 2977.463269][ T2543] usb 1-1: SerialNumber: syz
[ 2978.626582][ T2543] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2978.634728][ T2543] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2978.647280][ T2543] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2979.054909][ T2543] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2979.095304][ T2543] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2979.136989][ T2543] usb 1-1: USB disconnect, device number 12
[ 2979.154872][ T2543] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:35 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x500, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:35 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f000098d000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4})

04:50:35 executing program 5:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001180)=""/4088, 0xff8}], 0x1, 0x2f6, 0x0, 0x0)

04:50:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:35 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x4})

04:50:35 executing program 4:
syz_usb_connect$uac1(0x0, 0x71, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0x0, 0x0}]})

[ 2979.658913][T28735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:50:35 executing program 5:
syz_usb_connect$uac1(0x0, 0x87, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@extension_unit={0x7}, @processing_unit={0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x0, 0x3}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000280)=@lang_id={0x4}}, {0xdc, 0x0}]})

[ 2979.703955][T28735] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:50:35 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/zoneinfo\x00', 0x0, 0x0)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001180)=""/4088, 0xff8}], 0x1, 0x58, 0x0, 0x0)

04:50:35 executing program 2:
syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x3c, 0x0, @rand_addr, @dev}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @multicast2}}}}}}, 0x0)

04:50:35 executing program 1:
syz_clone3(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000280)=""/111, 0x6f, &(0x7f0000000300)=""/135, &(0x7f00000003c0)=[0x0, 0x0, 0xffffffffffffffff, 0x0], 0x4}, 0x58)
bpf$MAP_CREATE(0x0, &(0x7f0000001840)=@bloom_filter={0x1e, 0xe6, 0x0, 0xffffb53d, 0x3080, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0xf7, 0x3}, 0x48)

[ 2980.010867][T17130] usb 1-1: new high-speed USB device number 13 using dummy_hcd
04:50:35 executing program 2:
r0 = socket$packet(0x11, 0x3, 0x300)
sendmmsg(r0, &(0x7f0000007940)=[{{&(0x7f0000000100)=@nfc, 0x80, &(0x7f0000001380)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0)

[ 2980.141685][ T3994] usb 6-1: new high-speed USB device number 66 using dummy_hcd
04:50:36 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)

[ 2980.411490][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2980.460698][ T3994] usb 6-1: Using ep0 maxpacket: 32
[ 2980.591292][ T3994] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2980.610644][ T3994] usb 6-1: config 1 has no interface number 1
[ 2980.623748][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2980.651208][ T3994] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2980.668056][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2980.692155][T17130] usb 1-1: Product: syz
[ 2980.696373][T17130] usb 1-1: Manufacturer: syz
[ 2980.701278][ T3994] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2980.720604][T17130] usb 1-1: SerialNumber: syz
[ 2980.731330][ T3994] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2981.161316][ T3994] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2981.173146][ T3994] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2981.202399][ T3994] usb 6-1: SerialNumber: syz
[ 2981.593997][ T3994] usb 6-1: USB disconnect, device number 66
[ 2981.861359][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2981.867882][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2981.880748][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2982.284444][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2982.323223][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2982.360957][T17130] usb 1-1: USB disconnect, device number 13
[ 2982.372496][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:38 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x502, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:38 executing program 4:
syz_usb_connect$uac1(0x0, 0x71, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0x0, 0x0}]})

04:50:38 executing program 2:
syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@local, @multicast, @val={@void, {0x4305}}, {@llc_tr={0x11, {@snap={0x0, 0x0, 'B', "11118d"}}}}}, 0x0)

04:50:38 executing program 1:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680), 0x4)

04:50:38 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:38 executing program 5:
pipe(&(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0)

04:50:38 executing program 1:
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
setsockopt$inet_opts(r0, 0x0, 0x0, 0x0, 0x0)

[ 2982.931710][T28824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:50:38 executing program 2:
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8a240, 0x101)

04:50:38 executing program 5:
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff})
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, 0x0, 0x0)

[ 2982.972249][T28824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:50:38 executing program 2:
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
rt_sigreturn()
r0 = syz_clone3(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ptrace$peeksig(0x10, r0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x40000000, &(0x7f00000000c0))
rt_sigreturn()

04:50:38 executing program 1:
pipe(&(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x108)

04:50:38 executing program 5:
r0 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00', 0x2, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)

[ 2983.241050][T17130] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[ 2983.652090][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2983.667296][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 2983.692845][T17130] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 2983.704103][T17130] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 2983.870879][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2983.887935][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2983.905040][T17130] usb 1-1: Product: syz
[ 2983.915262][T17130] usb 1-1: Manufacturer: syz
[ 2983.924492][T17130] usb 1-1: SerialNumber: syz
[ 2983.972298][T28825] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2984.196013][T28825] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2984.210909][T28825] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2984.890366][T28825] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2984.911278][T28825] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2985.151268][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2985.158049][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2985.181287][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2985.364007][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2985.403632][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2985.442108][T17130] usb 1-1: USB disconnect, device number 14
[ 2985.449627][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:41 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x600, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:41 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0xa, 0xa, 0x101}, 0x14}}, 0x0)

04:50:41 executing program 5:
r0 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00', 0x2, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)

04:50:41 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, 0x5, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

04:50:41 executing program 4:
syz_usb_connect$uac1(0x0, 0x71, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0x0, 0x0}]})

04:50:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

[ 2985.977180][T28877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:50:41 executing program 1:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'veth0_to_team\x00'})

04:50:41 executing program 2:
mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000000), 0x0, 0x0)
get_mempolicy(&(0x7f00000000c0), &(0x7f0000000040), 0xb1, &(0x7f0000a7b000/0x1000)=nil, 0x4)

[ 2986.025579][T28877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:50:41 executing program 5:
r0 = semget(0x2, 0x0, 0x0)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)=[0x0, 0xffc0])

[ 2986.169110][T28893] veth0_to_team: mtu less than device minimum
04:50:42 executing program 1:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@cgroup=r0, 0x2e, 0x0, 0x0, &(0x7f0000000300)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:50:42 executing program 5:
r0 = fanotify_init(0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, 0x0)

04:50:42 executing program 2:
renameat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, 0x0, 0x0)

[ 2986.311674][T17130] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 2986.711229][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2986.901116][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2986.910225][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2986.940621][T17130] usb 1-1: Product: syz
[ 2986.944845][T17130] usb 1-1: Manufacturer: syz
[ 2986.949519][T17130] usb 1-1: SerialNumber: syz
[ 2988.081282][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2988.087808][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2988.103172][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2988.511808][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2988.548419][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2988.596881][T17130] usb 1-1: USB disconnect, device number 15
[ 2988.615603][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:44 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x700, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:44 executing program 1:
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)

04:50:44 executing program 5:
openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0x0)

04:50:44 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001ac0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000001b00)=@file={0x1, './file0\x00'}, 0x6e)

04:50:44 executing program 4:
syz_usb_connect$uac1(0x0, 0x71, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000001c0)=@lang_id={0x4}}, {0x0, 0x0}]})

04:50:44 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:44 executing program 5:
r0 = syz_open_dev$vcsa(&(0x7f0000009780), 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)

[ 2989.121122][T28932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:50:44 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001ac0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000001b00)=@file={0x1, './file0\x00'}, 0x6e)

[ 2989.181267][T28932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:50:45 executing program 1:
r0 = socket(0xa, 0x5, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, 0x0, 0x0)

04:50:45 executing program 5:
pipe2$watch_queue(&(0x7f00000020c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
fchmodat(r0, &(0x7f0000002100)='./file0\x00', 0x0)

04:50:45 executing program 1:
r0 = socket(0x2, 0xa, 0x0)
bind$xdp(r0, &(0x7f0000000080)={0x2c, 0x1}, 0x10)

04:50:45 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001ac0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000001b00)=@file={0x1, './file0\x00'}, 0x6e)

[ 2989.411935][ T5145] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[ 2989.783625][ T5145] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2989.988740][ T5145] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2990.003926][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2990.021444][ T5145] usb 1-1: Product: syz
[ 2990.041011][ T5145] usb 1-1: Manufacturer: syz
[ 2990.045662][ T5145] usb 1-1: SerialNumber: syz
[ 2991.201093][ T5145] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2991.207593][ T5145] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2991.230689][ T5145] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2991.621185][ T5145] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2991.655586][ T5145] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2991.682898][ T5145] usb 1-1: USB disconnect, device number 16
[ 2991.690949][ T5145] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:47 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x900, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:47 executing program 1:
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@ifindex, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

04:50:47 executing program 5:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x401, 0x0)
write$vhost_msg_v2(r0, 0x0, 0x0)

04:50:47 executing program 2:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg(r0, &(0x7f0000001680)={&(0x7f00000001c0)=@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x1}, 0x80, 0x0, 0x0, &(0x7f00000015c0)=[{0x10, 0x1}], 0x10}, 0x0)

04:50:47 executing program 4:
r0 = socket$unix(0x1, 0x1, 0x0)
sendmsg$unix(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[@rights={{0x10, 0x1, 0x2}}], 0x10}, 0x0)

04:50:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:48 executing program 2:
socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
recvmsg$can_raw(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x2)

04:50:48 executing program 4:
r0 = socket$unix(0x1, 0x1, 0x0)
sendmsg$unix(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

04:50:48 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000940)=ANY=[@ANYBLOB="38010000540001002cbd", @ANYRES32, @ANYBLOB="200001"], 0x138}}, 0x0)

04:50:48 executing program 5:
r0 = socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4840)

04:50:48 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = socket$inet6_udp(0x1c, 0x2, 0x0)
dup2(r0, r1)
bind(r1, &(0x7f0000000000)=@in6={0x1c, 0x1c}, 0x1c)

04:50:48 executing program 1:
r0 = socket(0x1c, 0x10000001, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x1d, 0x0, 0x0)

[ 2992.561038][T17130] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 2992.971339][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2993.161272][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2993.183823][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2993.200608][T17130] usb 1-1: Product: syz
[ 2993.204825][T17130] usb 1-1: Manufacturer: syz
[ 2993.220640][T17130] usb 1-1: SerialNumber: syz
[ 2994.341398][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2994.347933][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2994.361779][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2994.771759][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2994.814558][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2994.843759][T17130] usb 1-1: USB disconnect, device number 17
[ 2994.853409][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:51 executing program 1:
socketpair(0x1, 0x20000001, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
dup2(r1, r0)
sendmsg$unix(r0, &(0x7f0000000840)={&(0x7f0000000080)=@abs={0x8}, 0x8, 0x0}, 0x0)

04:50:51 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x900, &(0x7f0000001740), &(0x7f0000001840)=0x8)

04:50:51 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000080)={0x0, @in, 0x0, 0x0, 0x222}, 0x98)

04:50:51 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:51 executing program 2:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = dup(r0)
sendmsg$inet_sctp(r1, &(0x7f00000016c0)={&(0x7f00000004c0)=@in6={0x1c, 0x1c}, 0x1c, 0x0, 0x0, &(0x7f0000001700)=[@authinfo={0x10}], 0x10}, 0x0)

04:50:51 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0xa00, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:51 executing program 4:
r0 = socket$rxrpc(0x21, 0x2, 0x2)
sendto$rxrpc(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24)

04:50:51 executing program 1:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = dup2(r1, r0)
bind$inet(r2, &(0x7f0000000000)={0x10, 0x2}, 0x10)

04:50:51 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c}, 0x10)

04:50:51 executing program 5:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)

04:50:51 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:51 executing program 2:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x108, &(0x7f0000000000), &(0x7f0000000080)=0x18)

[ 2995.730848][T17130] usb 1-1: new high-speed USB device number 18 using dummy_hcd
04:50:51 executing program 5:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000080)={0x0, @in, 0x1, 0x0, 0xd78bea0171bbf46e}, 0x98)

04:50:51 executing program 1:
bpf$PROG_LOAD_XDP(0xe, &(0x7f00000014c0)={0x6, 0x0, 0x0, 0x0}, 0x90)

04:50:51 executing program 2:
open(&(0x7f00000001c0)='./bus\x00', 0x64342, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000b40)='./bus\x00', &(0x7f0000000200), 0x0)

04:50:51 executing program 5:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000014c0)={0x19, 0x3, &(0x7f00000012c0)=@framed, 0x0}, 0x90)

04:50:51 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x1001f}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, r1}}, 0x48)

[ 2996.121250][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2996.311189][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2996.320333][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2996.341028][T17130] usb 1-1: Product: syz
[ 2996.346363][T17130] usb 1-1: Manufacturer: syz
[ 2996.360689][T17130] usb 1-1: SerialNumber: syz
[ 2997.541345][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2997.547878][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2997.571449][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 2997.961638][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 2998.003836][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2998.053348][T17130] usb 1-1: USB disconnect, device number 18
[ 2998.061231][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:54 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0xf00, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:54 executing program 2:
socketpair(0x1a, 0x0, 0x0, &(0x7f00000002c0))

04:50:54 executing program 1:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000140)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x0, '#\t&', "3c940e9e74fcba22196e3ab4f28a9c88e192417a99353355252573122d52711f34c768f053c65a6e7193aca58d29d826997ad087b6a29264edfb35e402234d3d8cc72b33fe45aac8f1575e9c19ee3941339dac9473d1066410abd37e91d2584304d9f7672947b11e5abaddf7364aaad67957df5dae0a9905f5ba1d40d5c6bae38fea65e6c4a3c64de7bd391e46c986dbc969b7daa6f50608a40c6db15d862bcc46ea8c57879762362d17d7b90243d3ebcdbf65f13e7acaf29849b41174d06f558149aabc750651054e48b90c5220650efd7a6a28102a3d0071bc1e1780119a25e1227fea0a0a6d74eb4ea59c8524befd0132e37dfcf0be3f1800a181c470f978"}}, 0x110)

04:50:54 executing program 4:
setxattr$security_capability(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0), 0x0, 0x3a, 0x0)

04:50:54 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
gettid()
recvmsg$unix(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$unix(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="1d", 0x1}], 0x1}, 0x0)

04:50:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:54 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x3, 0x4, 0x4, 0x1000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)

04:50:54 executing program 1:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xda00)
write$cgroup_int(r1, &(0x7f0000000200), 0x340ef)

04:50:54 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup/syz1\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000240), 0x12)

04:50:54 executing program 5:
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000002800)={0x0, 0x0, &(0x7f00000026c0)=[{0x0}], 0x1}, 0x0)

04:50:54 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000240)=""/50, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000800))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)

04:50:54 executing program 4:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000240)=""/50, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000500)=""/73, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000800))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0xfffffdce)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r2, 0x0)
sendmsg$AUDIT_SIGNAL_INFO(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x10, 0x3f2, 0x400, 0x70bd26, 0x25dfdbfb, "", ["", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40080}, 0x814)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c00)={0x5, 0x0, [{0x1, 0xd2, &(0x7f0000000840)=""/210}, {0x3000, 0xcf, &(0x7f0000000940)=""/207}, {0x2, 0x95, &(0x7f0000000a40)=""/149}, {0xf000, 0xfa, &(0x7f0000000b00)=""/250}, {0x2000, 0x3b, &(0x7f0000000780)=""/59}]})

[ 2998.912579][T17130] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[ 2999.340850][T17130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2999.531040][T17130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2999.540143][T17130] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2999.570874][T17130] usb 1-1: Product: syz
[ 2999.575174][T17130] usb 1-1: Manufacturer: syz
[ 2999.579795][T17130] usb 1-1: SerialNumber: syz
[ 3000.711366][T17130] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 3000.733360][T17130] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 3000.750843][T17130] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 3001.131123][T17130] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 3001.171130][T17130] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 3001.220715][T17130] usb 1-1: USB disconnect, device number 19
[ 3001.228257][T17130] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
04:50:57 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x118e, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

04:50:57 executing program 2:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001880), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)

04:50:57 executing program 5:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480))
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000180))

04:50:57 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)

04:50:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:57 executing program 4:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x1})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000180))

04:50:57 executing program 2:
set_robust_list(&(0x7f0000000100)={&(0x7f00000000c0), 0x3}, 0x18)
r0 = syz_clone(0x1000000, &(0x7f0000000340)="438a881cd2b20717c4971a695f83f3b6783044d04d1eb6f999b4bc13a76eab02df6635f8e709c7a7b1ab5f6e24bf07090b8096b10666f344d8c32e0a75f0426a71a76101456ac22d545c4af5a9c419fe58a2473ca6dbbb829933e4a6ba304fa1bc3cfeae2bf31ffc1efe5cbb0c980ab6530b7bf68fcf126f0a7305d406b847bf46f1674abdc6710eb92aaf832e97bf225320d6afac2237d2093abf1f2483edf16429a6774b973bc011ad1d1b42ca70e28aa8811fb97edd499d90e08557a569d76215a517d89960b34342c03c76a0635a0b07a287af3a69b439f7a0081ee3e6d29e8512309060b56556fc17df36a67ee8", 0xf0, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)="3b16d97b4058b08442b3a1563492d998402f5f1bc12800b3fe2a92bed1187f734df41231e7f4e71ed39d42980966ea072bddd384271930d54b5b93888bb59af1637844447420e8c76cfed3d6860951768a520e68018486d9f7e8dc5a8315d86eed461d2bacc563b2106bd7648a7d3413cdea2de365257bd5")
sched_rr_get_interval(r0, &(0x7f0000000540))
mlockall(0x7)

04:50:57 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = syz_open_procfs(0x0, &(0x7f0000000bc0)='environ\x00')
r1 = getpid()
sched_setscheduler(r1, 0x0, &(0x7f0000000280)=0x10000)
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fa5413e940000000400000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0}, 0x80)
sched_setscheduler(r1, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="30000000690008022a08000100000000000800010002000000000000000000000025957938738a5de2fb47279188107a8baf591a647e952c6f5ab6e355770b45a00476ba8d70662d6d73b4d6674f4fca9962140f50dba5581a530000000000000000254ba675fdc24b2ed3fcea665f615b5bd794a6813c3b21f9d6b87960bf4b84efd6eb4fe6a7bc8d0610abd3fb73372604a956b1388a33c69f400ff059a52e4762c004306f5ef8fb9abc5c6e01c7d404c07d88bb0a39a6d45e41a6ed2311b117ec77f6cac1c6046eb1c66d52853a29453fada1eec7d4301434b9accde9bc654c085a18e97b5ed878692c1256a4206e691af824c06a2bb4823a288c6e71d43fa64c9ad3ba6a335d564b2ee14dc746c8f9cc382b59c873ac5bfc63468d9eafceb5c19d00"/306], 0x30}, 0x1, 0x0, 0x0, 0xc1}, 0x40004)
ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000c80)=0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = getpid()
getpgid(r6)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00')
gettid()
r7 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_route_sched(r7, &(0x7f0000000c40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000c00)={&(0x7f0000000540)=ANY=[@ANYRESDEC, @ANYRESHEX, @ANYRESOCT=r2], 0x40}, 0x1, 0x0, 0x0, 0x8008}, 0x20000040)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000ac0))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x1ff)
sendmmsg$unix(r2, &(0x7f0000000800)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000400)="81c0f5d740c99112462400e7f6ca4a36e448a9cee55cd26a4a57c74d6a446e968ca7f68422857f28fab4dd079935f72463aa42589adf4a68603aa8429ec5141250650055", 0x44}, {&(0x7f0000000580)="b306000000b281b3339006000000000000003ff0bff5330b81975703ffd1b2e35a6951033ecc2a565f294c026be6232c93b2ca8e8f78", 0x36}, {&(0x7f0000000780)="d559d8cfc9a3bf32291eaebfa6da4d9c3689d0859377fedd5441f646fb318e50103651c11662a936020100000087bcbd8e6865973276f5e0d6837462bc80dbb06027182b4a4474fab935fc38e09aeaab813ec5489b7517df67fa951bb798bdce5cfa1597f5c564de84ba1893632ac5ae", 0x70}, {&(0x7f00000004c0)="9d1a7ecdfb46d2e45dbe7d996c884c658b2010579e213ff6fd3c7885e952ca", 0x1f}, {&(0x7f0000000180)="02956849b6833c75d75ef2dd248b8446c6de8261bd10b85db912bb8edd62835cd96ee2e2492a00554e85309782ae5418beae9fbad7d906785dab35bc24", 0x3d}, {&(0x7f0000000e00)="0de64dcb6d7a49a5c2bb81f68c4ce7f0d5cbbb040000001820741a06d3ad9109c59178270dd39604e27fdcc2948596fc50ecc46db6da149ced58deed2c565dcdbe05db571014b86a2c8bc7fc8d07527f33d29eda4f5becf4f385c4330a6b1f3b0e194d1cb67039ac5f5a9e9cf949dffb3c576df37428b7297e0500a05fe227082751295b601b2128a41749b3fd4b6b2ee287d0f5da6e8ad71dd321473a2cbb0086f2d7e373920865aff4dba9c90649def4716f3c09c3052109e10e6579570000000000000000000000007954225020ac0a5a8e7dd48679a3761340cf0d1de80709ee3dd9e5c908a4f4ced7210892f6b6d7db71fb1f915f992f88cf9345fd05812372dcd048abcb124ffd1e46b4969dcfeaf9e8a0859e2d998a28fc843c7e56cd8aca00000000000000", 0x129}, {&(0x7f0000000700)}, {&(0x7f0000000740)="4e68a39a78a6a9d0802f7c9e6d7baf2c0b4a5f1a639f", 0x16}, {&(0x7f0000000640)="9c6b46c14ed8c327440b1647676996a5ed1945d19366590d504e024c6879b43294381bba9c0007edb3375c1aa77a89b89d9e87e623379e684cc8222f8d4309e154be8034cefc602a2399b954befe2fa39f0a8d0e66329e0367f1fb6040a456e06792de1a23af8843c86ac19e71bb753d756064cae2a677ed0a8041d592ed43b07745d57359207cc39d573031a421", 0x8e}], 0x9, &(0x7f0000000600)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0x20, 0x20000080}}], 0x1, 0x26000815)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x250, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca75fdc7accc038baafb8c2ab7a5293a3617fc6d0e1c4bf27815d1aac9532398f44b1eff1ab542be4f565be25e18ed496a00636417e9070defedfae05bc5ecb6a94f81f344e7dafaa368ab3ad2d0a6aada1aac5c2f9f1c7c265b5f5ad67bf165c3013486ce75858240f5360b90575ab87632367496509898aba2287d2ea73deb045c5e1811740c701593bbaef8021d6e950b7e4104247ccefed6c42a12192e48c1ee191e4", @ANYRES32=0x0, @ANYBLOB="78729e49fd11833b6d76a8e78d95b0d51e7b905d0000001fa9f4ff0a2bc7d47eafe7ae7d54ecbcdf1815a96af82df49059e25854d9d9afccb8aae3896cdce1982d7eb2da85d447a7ebffc740b7925da0bcf2030290c95004f0623b0c5e195aab0ff266a9b53c6dd3d77f8f48b067a60c121237150581a5dfcbf0074395987e26d447439745443339f3c8fdcba9"], 0x40}}, 0x0)
ptrace$ARCH_SHSTK_DISABLE(0x1e, 0x0, 0x0, 0x5002)

04:50:57 executing program 1:
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="8000000000010b04000000000000000002000000240001801400018008000100ac141440080002007f0020010c00028005000100000000001c002280080003400000000008000140000000000800024000000000240002801400018008000100ac9414bb08000200000000000c0002800500010000002000080007"], 0x80}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_all\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000)=ANY=[], 0x208e24b)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1e, 0x0, 0x5, 0x4, 0x100, r0, 0x6, '\x00', 0x0, r4}, 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

04:50:57 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@RTM_GETMDB={0x18, 0x56, 0x5cf0f9b5f4f7d}, 0x18}}, 0x0)

04:50:57 executing program 4:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000007b40)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x1f, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x10}}}}}]}}]}}, 0x0)

[ 3002.172729][T29208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
04:50:58 executing program 2:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000007b40)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x10}}}}}]}}]}}, &(0x7f0000007f80)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000007c00)=@lang_id={0x4}}, {0x0, 0x0}]})

[ 3002.231103][T29204] wireguard1: entered promiscuous mode
[ 3002.236784][T29208] misc raw-gadget: fail, usb_gadget_register_driver returned -16
04:50:58 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x1265, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

[ 3002.300756][T29204] wireguard1: entered allmulticast mode
04:50:58 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1003], 0x10000})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000140)={[{}, {0xffffffff}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="66ba4000b0c2ee66bad104b829280000efea0e0000000a00b8050000000f23d80f21f835c00000a00f23f8653e65f30f21c62e0fae2b0f01c2b8060000000f23d00f21f835200000000f23f8c4c3a1cf830000000002d9f7", 0x58}], 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000a00)='net/udp6\x00')
read$FUSE(r3, &(0x7f0000000e00)={0x2020}, 0x2020)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000000)=0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)

04:50:58 executing program 1:
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="8000000000010b04000000000000000002000000240001801400018008000100ac141440080002007f0020010c00028005000100000000001c002280080003400000000008000140000000000800024000000000240002801400018008000100ac9414bb08000200000000000c0002800500010000002000080007"], 0x80}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_all\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000)=ANY=[], 0x208e24b)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1e, 0x0, 0x5, 0x4, 0x100, r0, 0x6, '\x00', 0x0, r4}, 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

04:50:58 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @broadcast}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4)
bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)
listen(r0, 0x0)
listen(r1, 0x0)

04:50:58 executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x1800, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

[ 3002.953151][T29231] ------------[ cut here ]------------
[ 3002.959699][T29231] WARNING: CPU: 0 PID: 29231 at net/ipv4/inet_connection_sock.c:587 inet_csk_get_port+0xf96/0x2350
[ 3002.970566][T29231] Modules linked in:
[ 3002.974510][T29231] CPU: 0 PID: 29231 Comm: syz-executor.4 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 3002.985025][T29231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 3002.995424][T29231] RIP: 0010:inet_csk_get_port+0xf96/0x2350
[ 3003.001365][T29231] Code: 7c 24 08 e8 4c 65 8b 01 31 d2 be 88 01 00 00 48 c7 c7 e0 a7 ae 8b e8 69 1c a2 f8 2e 2e 2e 31 c0 e9 04 fe ff ff e8 1a 7b cf f8 <0f> 0b e9 0f f9 ff ff e8 0e 7b cf f8 49 8d 7e 48 e8 35 ce 5a 00 31
[ 3003.021155][T29231] RSP: 0018:ffffc900162bfbf0 EFLAGS: 00010283
[ 3003.027274][T29231] RAX: 00000000000006ae RBX: ffff888030aa1800 RCX: ffffc9000a612000
[ 3003.035368][T29231] RDX: 0000000000040000 RSI: ffffffff88b84f26 RDI: ffff888027e7b7b8
[ 3003.043421][T29231] RBP: ffff888027e7b7b0 R08: 0000000000000005 R09: 0000000000000000
[ 3003.051510][T29231] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888078ed57c0
[ 3003.059520][T29231] R13: ffff888027e7b100 R14: 0000000000000000 R15: ffff888030aa1800
[ 3003.067592][T29231] FS:  00007f6962b796c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 3003.076615][T29231] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3003.083326][T29231] CR2: 0000001b30921000 CR3: 0000000027f14000 CR4: 00000000003526f0
[ 3003.091370][T29231] Call Trace:
[ 3003.094679][T29231]  <TASK>
[ 3003.097671][T29231]  ? show_regs+0x8f/0xa0
[ 3003.102020][T29231]  ? __warn+0xe6/0x380
[ 3003.106138][T29231]  ? inet_csk_get_port+0xf96/0x2350
[ 3003.111444][T29231]  ? report_bug+0x3bc/0x580
[ 3003.116035][T29231]  ? handle_bug+0x3c/0x70
[ 3003.120417][T29231]  ? exc_invalid_op+0x17/0x40
[ 3003.125824][T29231]  ? asm_exc_invalid_op+0x1a/0x20
[ 3003.131253][T29231]  ? inet_csk_get_port+0xf96/0x2350
[ 3003.136518][T29231]  ? inet_csk_get_port+0xf96/0x2350
[ 3003.141937][T29231]  ? mark_lock+0x105/0x1950
[ 3003.146502][T29231]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3003.152711][T29231]  ? inet_csk_update_fastreuse+0xb00/0xb00
[ 3003.158573][T29231]  ? print_usage_bug.part.0+0x670/0x670
[ 3003.164258][T29231]  ? lockdep_init_map_type+0x16d/0x7c0
[ 3003.169773][T29231]  ? rcu_is_watching+0x12/0xb0
[ 3003.174632][T29231]  ? trace_inet_sock_set_state+0x188/0x1d0
[ 3003.180481][T29231]  ? inet_csk_update_fastreuse+0xb00/0xb00
[ 3003.186432][T29231]  inet_csk_listen_start+0x155/0x360
[ 3003.191825][T29231]  __inet_listen_sk+0x1b8/0x5c0
[ 3003.196729][T29231]  ? inet_recvmsg+0x630/0x630
[ 3003.201509][T29231]  ? reacquire_held_locks+0x4b0/0x4b0
[ 3003.206945][T29231]  ? mark_held_locks+0x9f/0xe0
[ 3003.211820][T29231]  ? __local_bh_enable_ip+0xa4/0x120
[ 3003.217203][T29231]  inet_listen+0x93/0xd0
[ 3003.221538][T29231]  __sys_listen+0x194/0x270
[ 3003.226176][T29231]  ? __ia32_sys_bind+0xb0/0xb0
[ 3003.231079][T29231]  ? syscall_enter_from_user_mode+0x26/0x80
[ 3003.237036][T29231]  __x64_sys_listen+0x53/0x80
[ 3003.241876][T29231]  do_syscall_64+0x38/0xb0
[ 3003.246339][T29231]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3003.252372][T29231] RIP: 0033:0x7f6961e7cae9
[ 3003.256826][T29231] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 3003.270955][ T5145] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[ 3003.276539][T29231] RSP: 002b:00007f6962b790c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000032
[ 3003.292572][T29231] RAX: ffffffffffffffda RBX: 00007f6961f9bf80 RCX: 00007f6961e7cae9
[ 3003.301144][T29231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 3003.309155][T29231] RBP: 00007f6961ec847a R08: 0000000000000000 R09: 0000000000000000
[ 3003.317232][T29231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3003.325279][T29231] R13: 000000000000000b R14: 00007f6961f9bf80 R15: 00007f69620bfa48
[ 3003.333379][T29231]  </TASK>
[ 3003.336430][T29231] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 3003.343733][T29231] CPU: 0 PID: 29231 Comm: syz-executor.4 Not tainted 6.6.0-rc6-syzkaller-00039-g06dc10eae55b #0
[ 3003.354183][T29231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 3003.364269][T29231] Call Trace:
[ 3003.367582][T29231]  <TASK>
[ 3003.370544][T29231]  dump_stack_lvl+0xd9/0x1b0
[ 3003.375179][T29231]  panic+0x6a6/0x750
[ 3003.379122][T29231]  ? panic_smp_self_stop+0xa0/0xa0
[ 3003.384301][T29231]  ? inet_csk_get_port+0xf96/0x2350
[ 3003.389544][T29231]  check_panic_on_warn+0xab/0xb0
[ 3003.394538][T29231]  __warn+0xf2/0x380
[ 3003.398480][T29231]  ? inet_csk_get_port+0xf96/0x2350
[ 3003.403729][T29231]  report_bug+0x3bc/0x580
[ 3003.408110][T29231]  handle_bug+0x3c/0x70
[ 3003.412311][T29231]  exc_invalid_op+0x17/0x40
[ 3003.416861][T29231]  asm_exc_invalid_op+0x1a/0x20
[ 3003.421756][T29231] RIP: 0010:inet_csk_get_port+0xf96/0x2350
[ 3003.427611][T29231] Code: 7c 24 08 e8 4c 65 8b 01 31 d2 be 88 01 00 00 48 c7 c7 e0 a7 ae 8b e8 69 1c a2 f8 2e 2e 2e 31 c0 e9 04 fe ff ff e8 1a 7b cf f8 <0f> 0b e9 0f f9 ff ff e8 0e 7b cf f8 49 8d 7e 48 e8 35 ce 5a 00 31
[ 3003.447256][T29231] RSP: 0018:ffffc900162bfbf0 EFLAGS: 00010283
[ 3003.453359][T29231] RAX: 00000000000006ae RBX: ffff888030aa1800 RCX: ffffc9000a612000
[ 3003.461358][T29231] RDX: 0000000000040000 RSI: ffffffff88b84f26 RDI: ffff888027e7b7b8
[ 3003.469347][T29231] RBP: ffff888027e7b7b0 R08: 0000000000000005 R09: 0000000000000000
[ 3003.477333][T29231] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888078ed57c0
[ 3003.485318][T29231] R13: ffff888027e7b100 R14: 0000000000000000 R15: ffff888030aa1800
[ 3003.493315][T29231]  ? inet_csk_get_port+0xf96/0x2350
[ 3003.498559][T29231]  ? mark_lock+0x105/0x1950
[ 3003.503087][T29231]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 3003.509097][T29231]  ? inet_csk_update_fastreuse+0xb00/0xb00
[ 3003.514927][T29231]  ? print_usage_bug.part.0+0x670/0x670
[ 3003.520510][T29231]  ? lockdep_init_map_type+0x16d/0x7c0
[ 3003.526001][T29231]  ? rcu_is_watching+0x12/0xb0
[ 3003.530783][T29231]  ? trace_inet_sock_set_state+0x188/0x1d0
[ 3003.536607][T29231]  ? inet_csk_update_fastreuse+0xb00/0xb00
[ 3003.542439][T29231]  inet_csk_listen_start+0x155/0x360
[ 3003.547748][T29231]  __inet_listen_sk+0x1b8/0x5c0
[ 3003.552614][T29231]  ? inet_recvmsg+0x630/0x630
[ 3003.557302][T29231]  ? reacquire_held_locks+0x4b0/0x4b0
[ 3003.562703][T29231]  ? mark_held_locks+0x9f/0xe0
[ 3003.567492][T29231]  ? __local_bh_enable_ip+0xa4/0x120
[ 3003.572809][T29231]  inet_listen+0x93/0xd0
[ 3003.577075][T29231]  __sys_listen+0x194/0x270
[ 3003.581610][T29231]  ? __ia32_sys_bind+0xb0/0xb0
[ 3003.586409][T29231]  ? syscall_enter_from_user_mode+0x26/0x80
[ 3003.592337][T29231]  __x64_sys_listen+0x53/0x80
[ 3003.597129][T29231]  do_syscall_64+0x38/0xb0
[ 3003.601577][T29231]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 3003.607495][T29231] RIP: 0033:0x7f6961e7cae9
[ 3003.612012][T29231] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 3003.631724][T29231] RSP: 002b:00007f6962b790c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000032
[ 3003.640201][T29231] RAX: ffffffffffffffda RBX: 00007f6961f9bf80 RCX: 00007f6961e7cae9
[ 3003.648187][T29231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 3003.656169][T29231] RBP: 00007f6961ec847a R08: 0000000000000000 R09: 0000000000000000
[ 3003.664151][T29231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3003.672133][T29231] R13: 000000000000000b R14: 00007f6961f9bf80 R15: 00007f69620bfa48
[ 3003.680132][T29231]  </TASK>
[ 3003.683332][T29231] Kernel Offset: disabled
[ 3003.688062][T29231] Rebooting in 86400 seconds..