last executing test programs: 12.644585581s ago: executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r1, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0]}) 12.219388667s ago: executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) write$P9_RSTATu(r1, 0x0, 0xc1) 11.027782535s ago: executing program 1: sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0x84, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x0, 0x0, @empty}}}}, &(0x7f0000000080)=0xb0) 10.516849856s ago: executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='nv\x00', 0x3) sendto$inet(r0, 0x0, 0x23, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 9.138977172s ago: executing program 1: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002c40)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x4}}}]}]}], {0x14}}, 0x5c}}, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x28}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x6}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x5c9}, {&(0x7f00000007c0)=""/154, 0x38}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 8.107686343s ago: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0) 6.595228034s ago: executing program 1: socket$kcm(0xa, 0x2, 0x73) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @multicast2}, 0x1b, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0x1000}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x43, 0x300}}, @ip_tos_u8={{0x38, 0x29, 0x37}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @remote}}}], 0xfe59}, 0x0) 5.899457272s ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x48, r2, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x29, 0x33, @probe_request={{{}, {}, @device_a, @device_b}, @val, @void, @val={0x3, 0x1}, @void, @val={0x72, 0x6}}}]}, 0x48}}, 0x0) 4.535545987s ago: executing program 1: sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0x84, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x0, 0x0, @empty}}}}, &(0x7f0000000080)=0xb0) 1.638414664s ago: executing program 1: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) 1.455429541s ago: executing program 0: socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) 0s ago: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r2, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf25040000000d000a0000000030323135340000000008"], 0xc0}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:28940' (ED25519) to the list of known hosts. 1970/01/01 00:07:02 fuzzer started 1970/01/01 00:07:10 dialing manager at localhost:30008 syzkaller login: [ 440.820692][ T3048] cgroup: Unknown subsys name 'net' [ 441.969556][ T3048] cgroup: Unknown subsys name 'rlimit' [ 493.456292][ T3049] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 1970/01/01 00:08:13 starting 2 executor processes [ 539.520418][ T34] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 539.561991][ C1] hrtimer: interrupt took 781000 ns [ 539.840489][ T34] usb 1-1: Using ep0 maxpacket: 32 [ 539.962074][ T34] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 539.966485][ T34] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 539.971670][ T34] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 539.973789][ T34] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.155178][ T34] usb 1-1: config 0 descriptor?? [ 540.402048][ T34] hub 1-1:0.0: bad descriptor, ignoring hub [ 540.430056][ T34] hub 1-1:0.0: probe with driver hub failed with error -5 [ 540.516011][ T34] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 551.920719][ T913] usb 1-1: USB disconnect, device number 2 [ 560.352686][ T913] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 560.670234][ T913] usb 2-1: Using ep0 maxpacket: 32 [ 560.863221][ T913] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 560.866043][ T913] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 560.890325][ T913] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 560.892190][ T913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.014231][ T913] usb 2-1: config 0 descriptor?? [ 561.126171][ T913] hub 2-1:0.0: bad descriptor, ignoring hub [ 561.149278][ T913] hub 2-1:0.0: probe with driver hub failed with error -5 [ 561.294460][ T913] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 572.339706][ T913] usb 2-1: USB disconnect, device number 2 [ 577.511257][ T913] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 577.768132][ T913] usb 1-1: Using ep0 maxpacket: 32 [ 577.854151][ T913] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 577.859457][ T913] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 577.871469][ T913] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 577.873016][ T913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.943470][ T913] usb 1-1: config 0 descriptor?? [ 578.039705][ T913] hub 1-1:0.0: bad descriptor, ignoring hub [ 578.042965][ T913] hub 1-1:0.0: probe with driver hub failed with error -5 [ 578.088844][ T913] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 589.839971][ T34] usb 1-1: USB disconnect, device number 3 [ 593.943595][ T3264] process 'syz-executor.1' launched '/dev/fd/3' with NULL argv: empty string added [ 595.673502][ T34] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 596.020401][ T34] usb 1-1: Using ep0 maxpacket: 32 [ 596.225915][ T34] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 596.233321][ T34] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 596.235516][ T34] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.334233][ T34] usb 1-1: config 0 descriptor?? [ 596.693696][ T34] hub 1-1:0.0: bad descriptor, ignoring hub [ 596.696309][ T34] hub 1-1:0.0: probe with driver hub failed with error -5 [ 596.825497][ T34] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 607.949596][ T34] usb 1-1: USB disconnect, device number 4 [ 649.290897][ T3372] loop1: detected capacity change from 0 to 512 [ 652.225884][ T3372] EXT4-fs (loop1): Test dummy encryption mode enabled [ 652.742651][ T3372] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 652.920044][ T3372] EXT4-fs error (device loop1): ext4_clear_blocks:881: inode #13: comm syz-executor.1: attempt to clear invalid blocks 2 len 1 [ 653.005808][ T3372] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 653.095369][ T3372] EXT4-fs error (device loop1): ext4_free_branches:1027: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 0) [ 653.155956][ T3372] EXT4-fs error (device loop1): ext4_free_branches:1027: inode #13: comm syz-executor.1: invalid indirect mapped block 1819239214 (level 1) [ 653.271094][ T3372] EXT4-fs (loop1): 1 truncate cleaned up [ 653.344515][ T3372] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 654.740283][ T3062] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 656.621698][ T3140] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 656.625310][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 656.838888][ T3140] usb 2-1: device descriptor read/64, error -32 [ 657.170343][ T3140] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 657.449700][ T3140] usb 2-1: Using ep0 maxpacket: 32 [ 657.513889][ T3140] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 657.519505][ T3140] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 657.522262][ T3140] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.665217][ T3140] usb 2-1: config 0 descriptor?? [ 657.802958][ T3140] hub 2-1:0.0: bad descriptor, ignoring hub [ 657.806472][ T3140] hub 2-1:0.0: probe with driver hub failed with error -5 [ 657.959363][ T3140] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 668.852163][ T913] usb 2-1: USB disconnect, device number 4 [ 673.270722][ T3424] loop0: detected capacity change from 0 to 512 [ 673.508198][ T3424] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 674.109018][ T3424] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 675.335785][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 677.442156][ T913] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 677.784796][ T913] usb 1-1: Using ep0 maxpacket: 32 [ 677.942059][ T913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 677.944871][ T913] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 677.960676][ T913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.141864][ T913] usb 1-1: config 0 descriptor?? [ 678.326303][ T913] hub 1-1:0.0: bad descriptor, ignoring hub [ 678.358827][ T913] hub 1-1:0.0: probe with driver hub failed with error -5 [ 678.503783][ T913] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 682.033373][ T3445] loop1: detected capacity change from 0 to 1024 [ 682.459055][ T3445] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 683.508541][ T3062] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 689.353721][ T913] usb 1-1: USB disconnect, device number 5 [ 703.739981][ T913] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 704.559657][ T913] usb 2-1: config 0 has an invalid interface number: 18 but max is 0 [ 704.562320][ T913] usb 2-1: config 0 has no interface number 0 [ 704.565352][ T913] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 704.574215][ T913] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 704.736043][ T913] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 704.739989][ T913] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 704.741921][ T913] usb 2-1: Manufacturer: syz [ 704.834416][ T913] usb 2-1: config 0 descriptor?? [ 706.149872][ T913] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.18/0003:054C:03D5.0001/input/input0 [ 706.349083][ T913] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 706.352624][ T913] CPU: 0 PID: 913 Comm: kworker/0:2 Not tainted 6.10.0-rc1-syzkaller-g7932b172ac7e #0 [ 706.355704][ T913] Hardware name: riscv-virtio,qemu (DT) [ 706.358759][ T913] Workqueue: usb_hub_wq hub_event [ 706.363169][ T913] Call Trace: [ 706.364695][ T913] [] dump_backtrace+0x2e/0x3c [ 706.367196][ T913] [] show_stack+0x34/0x40 [ 706.368791][ T913] [] dump_stack_lvl+0x108/0x196 [ 706.370368][ T913] [] dump_stack+0x1c/0x24 [ 706.371810][ T913] [] panic+0x382/0x800 [ 706.373361][ T913] [] __schedule+0x342e/0x3486 [ 706.374954][ T913] [] preempt_schedule+0xd2/0x1e2 [ 706.376595][ T913] [] _raw_spin_unlock_irqrestore+0xb4/0xd6 [ 706.378338][ T913] [] stack_depot_save_flags+0x3c6/0x8be [ 706.379992][ T913] [] kasan_save_stack+0x52/0x6a [ 706.381520][ T913] [] kasan_save_track+0x16/0x28 [ 706.383083][ T913] [] kasan_save_alloc_info+0x30/0x3e [ 706.384769][ T913] [] __kasan_kmalloc+0xa0/0xa6 [ 706.386326][ T913] [] kmalloc_node_track_caller_noprof+0x272/0x514 [ 706.388030][ T913] [] kvasprintf+0x50/0xc2 [ 706.389658][ T913] [] kasprintf+0x96/0xc4 [ 706.392097][ T913] [] input_devnode+0x56/0x9e [ 706.393773][ T913] [] device_get_devnode+0x13e/0x274 [ 706.395456][ T913] [] dev_uevent+0x400/0x75c [ 706.397067][ T913] [] kobject_uevent_env+0x5f0/0x1490 [ 706.398830][ T913] [] kobject_uevent+0x22/0x2e [ 706.400876][ T913] [] device_add+0x107e/0x181a [ 706.402560][ T913] [] cdev_device_add+0x130/0x258 [ 706.404346][ T913] [] evdev_connect+0x36c/0x46e [ 706.406174][ T913] [] input_attach_handler.isra.0+0x16e/0x23a [ 706.407942][ T913] [] input_register_device+0xc92/0xea0 [ 706.409555][ T913] [] hidinput_connect+0x4e80/0x8ce0 [ 706.411148][ T913] [] hid_connect+0x126a/0x16be [ 706.412728][ T913] [] hid_hw_start+0xb6/0x13c [ 706.414358][ T913] [] sony_probe+0x23c/0x684 [ 706.416017][ T913] [] hid_device_probe+0x2a4/0x3f2 [ 706.417827][ T913] [] really_probe+0x232/0x9be [ 706.420344][ T913] [] __driver_probe_device+0x1d4/0x3f2 [ 706.422234][ T913] [] driver_probe_device+0x60/0x1ce [ 706.423968][ T913] [] __device_attach_driver+0x1e2/0x2fc [ 706.425974][ T913] [] bus_for_each_drv+0x142/0x1da [ 706.427839][ T913] [] __device_attach+0x1c4/0x462 [ 706.429609][ T913] [] device_initial_probe+0x1c/0x26 [ 706.431907][ T913] [] bus_probe_device+0x15c/0x192 [ 706.433583][ T913] [] device_add+0x10d8/0x181a [ 706.435557][ T913] [] hid_add_device+0x374/0x9d8 [ 706.437625][ T913] [] usbhid_probe+0xa52/0xf86 [ 706.439306][ T913] [] usb_probe_interface+0x2d8/0x8c6 [ 706.441022][ T913] [] really_probe+0x232/0x9be [ 706.442711][ T913] [] __driver_probe_device+0x1d4/0x3f2 [ 706.444576][ T913] [] driver_probe_device+0x60/0x1ce [ 706.446390][ T913] [] __device_attach_driver+0x1e2/0x2fc [ 706.448157][ T913] [] bus_for_each_drv+0x142/0x1da [ 706.449945][ T913] [] __device_attach+0x1c4/0x462 [ 706.451713][ T913] [] device_initial_probe+0x1c/0x26 [ 706.453601][ T913] [] bus_probe_device+0x15c/0x192 [ 706.456215][ T913] [] device_add+0x10d8/0x181a [ 706.458011][ T913] [] usb_set_configuration+0xf08/0x19dc [ 706.459824][ T913] [] usb_generic_driver_probe+0xae/0x128 [ 706.461724][ T913] [] usb_probe_device+0xd6/0x360 [ 706.463376][ T913] [] really_probe+0x232/0x9be [ 706.465034][ T913] [] __driver_probe_device+0x1d4/0x3f2 [ 706.466845][ T913] [] driver_probe_device+0x60/0x1ce [ 706.468696][ T913] [] __device_attach_driver+0x1e2/0x2fc [ 706.470716][ T913] [] bus_for_each_drv+0x142/0x1da [ 706.472393][ T913] [] __device_attach+0x1c4/0x462 [ 706.474669][ T913] [] device_initial_probe+0x1c/0x26 [ 706.476471][ T913] [] bus_probe_device+0x15c/0x192 [ 706.478235][ T913] [] device_add+0x10d8/0x181a [ 706.479841][ T913] [] usb_new_device+0x960/0x1750 [ 706.481817][ T913] [] hub_event+0x2a2a/0x4a5c [ 706.483443][ T913] [] process_one_work+0x938/0x1d5c [ 706.485375][ T913] [] worker_thread+0x5be/0xe24 [ 706.487198][ T913] [] kthread+0x28c/0x3a6 [ 706.488867][ T913] [] ret_from_fork+0xe/0x1c [ 706.491730][ T913] SMP: stopping secondary CPUs [ 706.495581][ T913] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:24:53 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff8023264a mhartid 0000000000000000 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000200 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000000 medeleg 0000000000f0b509 hedeleg 0000000000000000 mtvec 0000000080000428 stvec ffffffff85ca8658 vstvec 0000000000000000 mepc ffffffff853c4a80 sepc ffffffff85ca7504 vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080029000 sscratch 0000000000000000 satp a006500000091f1a x0/zero 0000000000000000 x1/ra ffffffff8023298a x2/sp ff200000020509c0 x3/gp ffffffff89241aa0 x4/tp ff60000015063480 x5/t0 0000000000000000 x6/t1 ff60000015064130 x7/t2 ff60000015063fa0 x8/s0 ff20000002050ae0 x9/s1 1fe400000040a13c x10/a0 ff60000015063f9c x11/a1 ffffffff8b1a8b40 x12/a2 0000000000040000 x13/a3 1ffffffff12662d0 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000000003 x17/a7 0000000000000004 x18/s2 ffffffff8b1a8b40 x19/s3 ffffffff8604f708 x20/s4 ffffffff8b192df8 x21/s5 0000000200000020 x22/s6 ffffffff81ad3780 x23/s7 ff20000002050a60 x24/s8 ffffffff89279980 x25/s9 0000000000000000 x26/s10 0000000000000010 x27/s11 0000000000000010 x28/t3 d8c5929209149fab x29/t4 1fec000002a0c7f0 x30/t5 ffffffff8933fd80 x31/t6 1fec000002a0c82a f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 404fd1cac0000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 7fefffffffffffff f15/fa5 404fd1cac0000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff8098151a mhartid 0000000000000001 mstatus 0000000a000000a2 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000000 medeleg 0000000000f0b509 hedeleg 0000000000000000 mtvec 0000000080000428 stvec ffffffff85ca8658 vstvec 0000000000000000 mepc ffffffff8001c7f2 sepc ffffffff807cac5c vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080027000 sscratch 0000000000000000 satp a0177000000a8984 x0/zero 0000000000000000 x1/ra ffffffff807d4c3c x2/sp ff2000000782b600 x3/gp ffffffff89241aa0 x4/tp ff6000000d2c8000 x5/t0 0000000000000002 x6/t1 ffebffff02b2425c x7/t2 ff6000000d2c8b20 x8/s0 ff2000000782b600 x9/s1 0000000000000001 x10/a0 ff6000000d2c8008 x11/a1 ffffffff86509200 x12/a2 0000000000000002 x13/a3 0000000000000002 x14/a4 0000000000000011 x15/a5 0000000000000000 x16/a6 ffffffff8a73d460 x17/a7 ffffffff8604f484 x18/s2 0000000000000009 x19/s3 0000000000040385 x20/s4 0000000000000011 x21/s5 1fe4000000f0567c x22/s6 0000000000000000 x23/s7 ff6000000eec1980 x24/s8 0000000027319017 x25/s9 00007fff9d25c000 x26/s10 ff600000159212e0 x27/s11 ff2000000782bb40 x28/t3 8776ff85d5e1fcf4 x29/t4 1fec000001a59160 x30/t5 ffffffff8933fd80 x31/t6 1fec000001a59177 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000