program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1}) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @multicast1}, r3}, 0x14) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000340)=0x14) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000940)={&(0x7f0000000540)=ANY=[], 0x1a4}}, 0xc000) r5 = socket$nl_audit(0x10, 0x3, 0x9) getsockopt$SO_TIMESTAMP(r5, 0x1, 0x23, 0x0, &(0x7f0000000480)) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000040)={{@my=0x1}, @any, 0x0, 0x0, 0x9}) ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x80047456, &(0x7f0000000280)) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f00000000c0)=0xb0000) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000580)='./file0\x00', 0x2000, &(0x7f00000002c0)=ANY=[@ANYRES64=0x0], 0x1, 0x186, &(0x7f0000000780)="$eJzsmL1OOkEUxc/M8of8jYnWNppIAhQuu4saLSyoLTTxK3YSWQm6iIEthM6nsPYJrIkNiY+hhVrZYGdlsWZmBxiJuCZ+ROP9FXfOzN6dvXMnOcWCIIg/y93t4815KnlpABhFEgm1fm/0c7iW3xp7ylyVVy5OrYfrVnt5cXA/BiAI3v/9GIB23oCv5kHw8u2kGtfBe3oDHBmlt8BgKr0Djk2lXTBsK72v6arIN829sueau1WvKIQlgi2CI0JusL7OCUNRq49pz+uN5kHB89zaF4qo/nXyHEtaffp9dXtjaf2zwWErnQPDmtILSHR7E7ZEO/9ErL+/8c3n/yQhThCdDHW7P6NmEiR+qej7U3DGkNL8Kab5R9avHGXrjeZMuVIouSX30HFy89asZc05WWlEYXzD//5LfxrR9v83JDfO4jgu+H7NDmNv7oTxNceNS//jSE+Hc6bWdKRjjLMpMaQNgA2tliAIgiAIgiAIgiAIgiAI4iNMgsm/oBE4qzL7OQAA//+q/HL+") r6 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) lseek(r6, 0xfffffffffffffffb, 0x2) getdents(r6, 0x0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7a4, &(0x7f0000000180)={{@my=0x1}, 0x400000000002, 0x2, 0x9, 0xfffffffe}) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="30000000400007012bbd700000004e35fffa5ec110caa88baf00017c00000400c2800c00018006000600843b00000c0002800800130001000000fdc7d8f74d54f5c87ea88ae505bfb9a38467c4479e39b30cbbfe08f941e568b626f56a84a90c8cf0a42a5c8949c6208b84c327497870667659d955bbe3b6dfd7ec1b6c218cb80b755fbf92099881843e707e"], 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r7 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r7, 0x0, 0x0) syz_usb_control_io$printer(r7, 0x0, 0x0) r8 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_usb_control_io$hid(r7, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) ioctl$I2C_SMBUS(r8, 0x720, &(0x7f0000000540)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x1c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x7, &(0x7f0000000500)=ANY=[@ANYBLOB="180050000000000000000000000100000010000401010000181a0820", @ANYRES32=r5, @ANYBLOB="00000000000000001b783000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x5}, 0x94) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f0000000080)={0x3, 0x2, 0x6, 0x35, 0xfffffffb, 0x7}) [ 84.323386][ T5304] Bluetooth: hci0: command tx timeout qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x10e000) [ 84.415421][ T1011] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 84.435898][ T5326] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 84.443433][ T1011] ata1: failed to read log page 10h (errno=-5) [ 84.446985][ T1011] ata1.00: exception Emask 0x1 SAct 0xc000 SErr 0x0 action 0x0 [ 84.450586][ T1011] ata1.00: irq_stat 0x41000000 [ 84.484129][ T5326] loop0: detected capacity change from 0 to 16 [ 84.492072][ T1011] ata1.00: failed command: WRITE FPDMA QUEUED [ 84.510068][ T1011] ata1.00: cmd 61/70:70:36:01:08/08:00:00:00:00/40 tag 14 ncq dma 1105920 ou [ 84.510068][ T1011] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 84.544178][ T1011] ata1.00: status: { DRDY } [ 84.551183][ T1011] ata1.00: failed command: WRITE FPDMA QUEUED [ 84.562885][ T1011] ata1.00: cmd 61/68:78:a6:09:08/04:00:00:00:00/40 tag 15 ncq dma 577536 out [ 84.562885][ T1011] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 84.578908][ T1011] ata1.00: status: { DRDY } [ 84.584945][ T1011] ata1.00: configured for UDMA/100 [ 84.593079][ T1011] ata1: EH complete [ 84.793636][ T5318] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 84.952624][ T5318] usb 5-1: Using ep0 maxpacket: 16 [ 84.961968][ T5318] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 84.973098][ T5318] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.976615][ T5318] usb 5-1: Product: syz [ 84.978457][ T5318] usb 5-1: Manufacturer: syz [ 84.980589][ T5318] usb 5-1: SerialNumber: syz [ 85.000889][ T5318] usb 5-1: config 0 descriptor?? [ 85.435537][ T5318] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 85.454536][ T5318] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 85.470437][ T5318] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 85.482717][ T5318] usb 5-1: media controller created [ 85.501372][ T5318] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 85.650577][ T5318] zl10353_read_register: readreg error (reg=127, ret==0) [ 85.658594][ T5318] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 85.664933][ T5318] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 86.012467][ T5327] ------------[ cut here ]------------ [ 86.015052][ T5327] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0 [ 86.019656][ T5327] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5327 [ 86.025095][ T5327] Modules linked in: [ 86.027056][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.031425][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.038521][ T5327] RIP: 0010:usb_submit_urb+0x1115/0x18b0 [ 86.041114][ T5327] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9 [ 86.051228][ T5327] RSP: 0018:ffffc9000d87f688 EFLAGS: 00010246 [ 86.054185][ T5327] RAX: 0000000000000000 RBX: ffff888033d80d00 RCX: 0000000080000280 [ 86.057760][ T5327] RDX: ffff88801ed99980 RSI: ffffffff8c7f4000 RDI: ffffffff901f3bd0 [ 86.061409][ T5327] RBP: 1ffff11003d8e63c R08: 00000000000000c0 R09: 0000000000000000 [ 86.065744][ T5327] R10: ffffc9000d87f780 R11: fffff52001b0fefc R12: ffff888038ee0100 [ 86.069974][ T5327] R13: ffff88801ec731e0 R14: 0000000080000280 R15: ffff88801ed99980 [ 86.073486][ T5327] FS: 00007f9e8be966c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 86.077487][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.080611][ T5327] CR2: 00007f9e8be95ff8 CR3: 0000000012ec6000 CR4: 0000000000352ef0 [ 86.084967][ T5327] Call Trace: [ 86.086701][ T5327] [ 86.088102][ T5327] ? __init_swait_queue_head+0xa9/0x150 [ 86.091055][ T5327] usb_start_wait_urb+0x13f/0x5b0 [ 86.093878][ T5327] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 86.097065][ T5327] usb_control_msg+0x234/0x3e0 [ 86.099372][ T5327] dtv5100_i2c_msg+0x231/0x2f0 [ 86.101476][ T5327] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 86.103558][ T5327] ? __bfs+0x153/0x290 [ 86.105345][ T5327] __i2c_transfer+0x79a/0x2020 [ 86.107448][ T5327] __i2c_smbus_xfer+0xfca/0x1f70 [ 86.109810][ T5327] ? __pfx___i2c_smbus_xfer+0x10/0x10 [ 86.112723][ T5327] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.116074][ T5327] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.119712][ T5327] ? rt_mutex_lock_nested+0x15c/0x1e0 [ 86.122431][ T5327] i2c_smbus_xfer+0x1f4/0x310 [ 86.124764][ T5327] i2cdev_ioctl_smbus+0x434/0x730 [ 86.127522][ T5327] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10 [ 86.130756][ T5327] i2cdev_ioctl+0x615/0x880 [ 86.133285][ T5327] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 86.135994][ T5327] ? __fget_files+0x2a/0x420 [ 86.138480][ T5327] ? __fget_files+0x3a0/0x420 [ 86.141165][ T5327] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.143584][ T5327] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 86.146002][ T5327] __se_sys_ioctl+0xfc/0x170 [ 86.148161][ T5327] do_syscall_64+0x14d/0xf80 [ 86.150342][ T5327] ? trace_irq_disable+0x3b/0x150 [ 86.152734][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.155411][ T5327] ? clear_bhb_loop+0x40/0x90 [ 86.158273][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.161124][ T5327] RIP: 0033:0x7f9e8af9c819 [ 86.163323][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.173762][ T5327] RSP: 002b:00007f9e8be95fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.178328][ T5327] RAX: ffffffffffffffda RBX: 00007f9e8b216090 RCX: 00007f9e8af9c819 [ 86.182141][ T5327] RDX: 0000200000000540 RSI: 0000000000000720 RDI: 000000000000000a [ 86.186011][ T5327] RBP: 00007f9e8b032c91 R08: 0000000000000000 R09: 0000000000000000 [ 86.190053][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.194861][ T5327] R13: 00007f9e8b216128 R14: 00007f9e8b216090 R15: 00007ffc99d03f98 [ 86.198403][ T5327] [ 86.199737][ T5327] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 86.203024][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 86.207769][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.212218][ T5327] Call Trace: [ 86.213677][ T5327] [ 86.215149][ T5327] vpanic+0x56c/0xa60 [ 86.217287][ T5327] ? __pfx__printk+0x10/0x10 [ 86.219658][ T5327] ? __pfx_vpanic+0x10/0x10 [ 86.221910][ T5327] ? is_bpf_text_address+0x292/0x2b0 [ 86.224430][ T5327] ? is_bpf_text_address+0x26/0x2b0 [ 86.226791][ T5327] panic+0xc5/0xd0 [ 86.228622][ T5327] ? __pfx_panic+0x10/0x10 [ 86.230870][ T5327] __warn+0x315/0x4f0 [ 86.232834][ T5327] ? usb_submit_urb+0x1053/0x18b0 [ 86.235344][ T5327] ? usb_submit_urb+0x1053/0x18b0 [ 86.237937][ T5327] __report_bug+0x29a/0x540 [ 86.240487][ T5327] ? usb_submit_urb+0x1053/0x18b0 [ 86.243218][ T5327] ? __pfx___report_bug+0x10/0x10 [ 86.245615][ T5327] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.248133][ T5327] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.250807][ T5327] report_bug_entry+0x19a/0x290 [ 86.253018][ T5327] ? usb_submit_urb+0x1115/0x18b0 [ 86.255339][ T5327] ? usb_submit_urb+0x111a/0x18b0 [ 86.257597][ T5327] handle_bug+0xce/0x200 [ 86.259265][ T5327] exc_invalid_op+0x1a/0x50 [ 86.261263][ T5327] asm_exc_invalid_op+0x1a/0x20 [ 86.263633][ T5327] RIP: 0010:usb_submit_urb+0x1115/0x18b0 [ 86.265987][ T5327] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9 [ 86.275718][ T5327] RSP: 0018:ffffc9000d87f688 EFLAGS: 00010246 [ 86.279006][ T5327] RAX: 0000000000000000 RBX: ffff888033d80d00 RCX: 0000000080000280 [ 86.282517][ T5327] RDX: ffff88801ed99980 RSI: ffffffff8c7f4000 RDI: ffffffff901f3bd0 [ 86.285981][ T5327] RBP: 1ffff11003d8e63c R08: 00000000000000c0 R09: 0000000000000000 [ 86.289237][ T5327] R10: ffffc9000d87f780 R11: fffff52001b0fefc R12: ffff888038ee0100 [ 86.293345][ T5327] R13: ffff88801ec731e0 R14: 0000000080000280 R15: ffff88801ed99980 [ 86.297864][ T5327] ? usb_submit_urb+0x10a4/0x18b0 [ 86.300264][ T5327] ? __init_swait_queue_head+0xa9/0x150 [ 86.302968][ T5327] usb_start_wait_urb+0x13f/0x5b0 [ 86.305313][ T5327] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 86.307816][ T5327] usb_control_msg+0x234/0x3e0 [ 86.310517][ T5327] dtv5100_i2c_msg+0x231/0x2f0 [ 86.313613][ T5327] dtv5100_i2c_xfer+0x1a4/0x3c0 [ 86.317330][ T5327] ? __bfs+0x153/0x290 [ 86.319833][ T5327] __i2c_transfer+0x79a/0x2020 [ 86.322427][ T5327] __i2c_smbus_xfer+0xfca/0x1f70 [ 86.324498][ T5327] ? __pfx___i2c_smbus_xfer+0x10/0x10 [ 86.326742][ T5327] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.328970][ T5327] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.331660][ T5327] ? rt_mutex_lock_nested+0x15c/0x1e0 [ 86.334499][ T5327] i2c_smbus_xfer+0x1f4/0x310 [ 86.337095][ T5327] i2cdev_ioctl_smbus+0x434/0x730 [ 86.339678][ T5327] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10 [ 86.342289][ T5327] i2cdev_ioctl+0x615/0x880 [ 86.344429][ T5327] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 86.346939][ T5327] ? __fget_files+0x2a/0x420 [ 86.349121][ T5327] ? __fget_files+0x3a0/0x420 [ 86.351461][ T5327] ? bpf_lsm_file_ioctl+0x9/0x20 [ 86.353509][ T5327] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 86.355972][ T5327] __se_sys_ioctl+0xfc/0x170 [ 86.358586][ T5327] do_syscall_64+0x14d/0xf80 [ 86.360807][ T5327] ? trace_irq_disable+0x3b/0x150 [ 86.363333][ T5327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.366558][ T5327] ? clear_bhb_loop+0x40/0x90 [ 86.369186][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.372557][ T5327] RIP: 0033:0x7f9e8af9c819 [ 86.374639][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.383318][ T5327] RSP: 002b:00007f9e8be95fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 86.387696][ T5327] RAX: ffffffffffffffda RBX: 00007f9e8b216090 RCX: 00007f9e8af9c819 [ 86.391061][ T5327] RDX: 0000200000000540 RSI: 0000000000000720 RDI: 000000000000000a [ 86.394110][ T5327] RBP: 00007f9e8b032c91 R08: 0000000000000000 R09: 0000000000000000 [ 86.397491][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.401255][ T5327] R13: 00007f9e8b216128 R14: 00007f9e8b216090 R15: 00007ffc99d03f98 [ 86.406576][ T5327] [ 86.408423][ T5327] Kernel Offset: disabled [ 86.410397][ T5327] Rebooting in 86400 seconds..