./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1831178025

<...>
Warning: Permanently added '10.128.1.33' (ED25519) to the list of known hosts.
execve("./syz-executor1831178025", ["./syz-executor1831178025"], 0x7ffe3c30ddc0 /* 10 vars */) = 0
brk(NULL)                               = 0x55558eb35000
brk(0x55558eb35d00)                     = 0x55558eb35d00
arch_prctl(ARCH_SET_FS, 0x55558eb35380) = 0
set_tid_address(0x55558eb35650)         = 5830
set_robust_list(0x55558eb35660, 24)     = 0
rseq(0x55558eb35ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1831178025", 4096) = 28
getrandom("\x92\xe2\xb3\x0d\xcc\x17\xe2\x88", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55558eb35d00
brk(0x55558eb56d00)                     = 0x55558eb56d00
brk(0x55558eb57000)                     = 0x55558eb57000
mprotect(0x7f8fc1368000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558eb35650) = 5831
./strace-static-x86_64: Process 5831 attached
[pid  5831] set_robust_list(0x55558eb35660, 24) = 0
[pid  5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5831] getppid()                   = 0
[pid  5831] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5831] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5831] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5831] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5831] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5831] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5831] unshare(CLONE_NEWNS)        = 0
[pid  5831] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5831] unshare(CLONE_NEWIPC)       = 0
[pid  5831] unshare(CLONE_NEWCGROUP)    = 0
[pid  5831] unshare(CLONE_NEWUTS)       = 0
[pid  5831] unshare(CLONE_SYSVSEM)      = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "16777216", 8)     = 8
[pid  5831] close(3)                    = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "536870912", 9)    = 9
[pid  5831] close(3)                    = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "1024", 4)         = 4
[pid  5831] close(3)                    = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "8192", 4)         = 4
[pid  5831] close(3)                    = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "1024", 4)         = 4
[pid  5831] close(3)                    = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "1024", 4)         = 4
[pid  5831] close(3)                    = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5831] close(3)                    = 0
[pid  5831] getpid()                    = 1
[pid  5831] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5831] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5831] unshare(CLONE_NEWNET)       = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "0 65535", 7)      = 7
[pid  5831] close(3)                    = 0
[pid  5831] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5831] write(3, "100000", 6)       = 6
[pid  5831] close(3)                    = 0
[pid  5831] mkdir("./syz-tmp", 0777)    = 0
[pid  5831] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5831] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5831] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5831] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5831] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5831] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5831] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5831] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5831] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5831] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5831] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5831] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5831] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5831] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5831] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid  5831] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5831] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5831] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5831] chdir("/")                  = 0
[pid  5831] umount2("./pivot", MNT_DETACH) = 0
[pid  5831] chroot("./newroot")         = 0
[pid  5831] chdir("/")                  = 0
[pid  5831] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5831] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[pid  5831] mkdir("/dev/binderfs", 0777) = 0
[pid  5831] mount("binder", "/dev/binderfs", "binder", 0, NULL) = -1 ENODEV (No such device)
[pid  5831] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5831] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5831] write(1, "executing program\n", 18executing program
) = 18
[pid  5831] write(-1, "\x4c\x5f\x16\x5d\x12\x73\x36\x50\x02\x28\x84\xd9\x05\x9e\x89\x79\x13\xfa\x11\xcf\xe2\xd2\x83\xaf\xe9\x08\x06\x02\x82\x89\x7f\x5a\x40\x85\xff\xeb\x2e\x2b\xed\x3f\x5d\xde\x15\xec\x11\xd3\xb3\x9c\x15\x85\xba\x42\x64\xff\x80\xf5\x19\x8d\x75\x63\x06\x83\x05\x36\x14\xb1\xc2\x82\x68\x3c\xf4\xae\x21\x8e\xf2\x2d\xca\x23\xe8\x13\x44\xee\xdc\xa8\x33\xcf\xea\xb7\x6e\x50\x91\xee\xc3\x1f\x45\x27\x1d\x2d\xd7\xdf"..., 233) = -1 EBADF (Bad file descriptor)
[pid  5831] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  5831] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 18
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[   87.548826][  T119] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 18
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 9
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 36
[   87.708558][  T119] usb 1-1: Using ep0 maxpacket: 8
[   87.739598][  T119] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   87.749516][  T119] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[   87.759628][  T119] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[   87.771176][  T119] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 66, changing to 7
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 4
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 8
[   87.782289][  T119] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 41605, setting to 1024
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 8
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff9c373b00) = 8
[pid  5831] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff9c374b10) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f8fc136e3ec) = -1 EINVAL (Invalid argument)
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f8fc136e3fc) = -1 EINVAL (Invalid argument)
[pid  5831] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff9c373b00) = 0
[   87.879213][  T119] usb 1-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[   87.888491][  T119] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.896605][  T119] usb 1-1: Product: syz
[   87.900859][  T119] usb 1-1: Manufacturer: syz
[   87.905769][  T119] usb 1-1: SerialNumber: syz
[   87.914276][  T119] usb 1-1: config 0 descriptor??
[   87.959269][  T119] smsusb:smsusb_probe: board id=2, interface number 0
[   87.970158][  T119] smsusb:siano_media_device_register: media controller created
[   87.979965][  T119] smsusb:smsusb_start_streaming: smsusb_submit_urb(...) failed
[   87.987567][  T119] smsusb:smsusb_init_device: smsusb_start_streaming(...) failed
[   87.996984][  T119] ------------[ cut here ]------------
[   88.002511][  T119] WARNING: CPU: 0 PID: 119 at mm/slub.c:4766 free_large_kmalloc+0x165/0x200
[   88.011276][  T119] Modules linked in:
[   88.015301][  T119] CPU: 0 UID: 0 PID: 119 Comm: kworker/0:2 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[   88.027373][  T119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   88.037600][  T119] Workqueue: usb_hub_wq hub_event
[   88.042746][  T119] RIP: 0010:free_large_kmalloc+0x165/0x200
[   88.048655][  T119] Code: 75 08 48 89 df e8 db e9 e2 ff 65 48 8b 05 73 13 5e 10 48 3b 44 24 08 75 53 48 83 c4 10 5b 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 65 48 8b 05 50 13 5e 10 48 3b 44 24 08 75 30 48 89 df 48
[   88.068710][  T119] RSP: 0018:ffffc90002e06ba8 EFLAGS: 00010206
[   88.075009][  T119] RAX: 00000000ff000000 RBX: ffffea0001d8b880 RCX: ffffea0000000000
[   88.083195][  T119] RDX: 0000000000000000 RSI: ffff8880762e2000 RDI: ffffea0001d8b880
[   88.091486][  T119] RBP: 0000000000000100 R08: ffff88801ef69103 R09: 1ffff11003ded220
[   88.099522][  T119] R10: dffffc0000000000 R11: ffffed1003ded221 R12: 1ffff11006752082
[   88.107534][  T119] R13: 0000000000000000 R14: ffff88801ef69160 R15: dffffc0000000000
[   88.116137][  T119] FS:  0000000000000000(0000) GS:ffff8881260cc000(0000) knlGS:0000000000000000
[   88.125413][  T119] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.132173][  T119] CR2: 000055abf8b7cbb8 CR3: 000000001a7a4000 CR4: 00000000003526f0
[   88.140217][  T119] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   88.148200][  T119] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   88.156269][  T119] Call Trace:
[pid  5831] exit_group(1)               = ?
[   88.159620][  T119]  <TASK>
[   88.162652][  T119]  usb_free_urb+0xd0/0x120
[   88.167072][  T119]  smsusb_term_device+0x1d6/0x3b0
[   88.172200][  T119]  smsusb_probe+0x1a04/0x2060
[   88.176958][  T119]  ? __pfx_smsusb_probe+0x10/0x10
[   88.182059][  T119]  ? __pfx_smsusb_sendrequest+0x10/0x10
[   88.187654][  T119]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.193675][  T119]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.200070][  T119]  ? __pm_runtime_set_status+0x785/0xa50
[   88.205715][  T119]  usb_probe_interface+0x641/0xbc0
[   88.211020][  T119]  ? __pfx_usb_probe_interface+0x10/0x10
[   88.216702][  T119]  really_probe+0x26a/0x9a0
[   88.221289][  T119]  __driver_probe_device+0x18c/0x2f0
[   88.226611][  T119]  driver_probe_device+0x4f/0x430
[   88.231797][  T119]  __device_attach_driver+0x2ce/0x530
[   88.237202][  T119]  bus_for_each_drv+0x24e/0x2e0
[   88.242246][  T119]  ? __pfx___device_attach_driver+0x10/0x10
[   88.248172][  T119]  ? __pfx_bus_for_each_drv+0x10/0x10
[   88.253640][  T119]  __device_attach+0x2b8/0x400
[   88.258467][  T119]  ? __pfx___device_attach+0x10/0x10
[   88.263772][  T119]  ? do_raw_spin_unlock+0x122/0x240
[   88.269037][  T119]  bus_probe_device+0x185/0x260
[   88.273927][  T119]  device_add+0x7b6/0xb50
[   88.278274][  T119]  usb_set_configuration+0x1a87/0x20e0
[   88.283830][  T119]  usb_generic_driver_probe+0x8d/0x150
[   88.289353][  T119]  usb_probe_device+0x1c1/0x390
[   88.294310][  T119]  ? __pfx_usb_probe_device+0x10/0x10
[   88.299861][  T119]  really_probe+0x26a/0x9a0
[   88.304583][  T119]  __driver_probe_device+0x18c/0x2f0
[   88.310479][  T119]  driver_probe_device+0x4f/0x430
[   88.315676][  T119]  __device_attach_driver+0x2ce/0x530
[   88.321135][  T119]  bus_for_each_drv+0x24e/0x2e0
[   88.326397][  T119]  ? __pfx___device_attach_driver+0x10/0x10
[   88.332660][  T119]  ? __pfx_bus_for_each_drv+0x10/0x10
[   88.338183][  T119]  __device_attach+0x2b8/0x400
[   88.343481][  T119]  ? __pfx___device_attach+0x10/0x10
[   88.348873][  T119]  ? do_raw_spin_unlock+0x122/0x240
[   88.354177][  T119]  bus_probe_device+0x185/0x260
[   88.359111][  T119]  device_add+0x7b6/0xb50
[   88.363483][  T119]  usb_new_device+0xa39/0x16c0
[   88.368283][  T119]  ? __pfx_usb_new_device+0x10/0x10
[   88.373575][  T119]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.378831][  T119]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.384049][  T119]  hub_event+0x2941/0x4a00
[   88.388673][  T119]  ? __pfx_hub_event+0x10/0x10
[   88.393469][  T119]  ? process_scheduled_works+0x9ec/0x17a0
[   88.399302][  T119]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.404563][  T119]  ? process_scheduled_works+0x9ec/0x17a0
[   88.410398][  T119]  ? process_scheduled_works+0x9ec/0x17a0
[   88.416157][  T119]  process_scheduled_works+0xadb/0x17a0
[   88.421816][  T119]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.427862][  T119]  worker_thread+0x8a0/0xda0
[   88.432536][  T119]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.438959][  T119]  ? __kthread_parkme+0x7b/0x200
[   88.444188][  T119]  kthread+0x70e/0x8a0
[   88.448263][  T119]  ? __pfx_worker_thread+0x10/0x10
[   88.453440][  T119]  ? __pfx_kthread+0x10/0x10
[   88.458061][  T119]  ? __pfx_kthread+0x10/0x10
[   88.462711][  T119]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.467954][  T119]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.473236][  T119]  ? __pfx_kthread+0x10/0x10
[   88.477877][  T119]  ret_from_fork+0x4b/0x80
[   88.482338][  T119]  ? __pfx_kthread+0x10/0x10
[   88.486955][  T119]  ret_from_fork_asm+0x1a/0x30
[   88.491839][  T119]  </TASK>
[   88.494913][  T119] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.502195][  T119] CPU: 0 UID: 0 PID: 119 Comm: kworker/0:2 Not tainted 6.15.0-rc3-syzkaller-00342-g5bc1018675ec #0 PREEMPT(full) 
[   88.514343][  T119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[   88.524424][  T119] Workqueue: usb_hub_wq hub_event
[   88.529467][  T119] Call Trace:
[   88.532758][  T119]  <TASK>
[   88.535685][  T119]  dump_stack_lvl+0x99/0x250
[   88.540284][  T119]  ? __asan_memcpy+0x40/0x70
[   88.544871][  T119]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.550079][  T119]  ? __pfx__printk+0x10/0x10
[   88.554686][  T119]  panic+0x2db/0x790
[   88.558619][  T119]  ? __pfx_panic+0x10/0x10
[   88.563054][  T119]  ? show_trace_log_lvl+0x4fb/0x550
[   88.568405][  T119]  ? ret_from_fork_asm+0x1a/0x30
[   88.573393][  T119]  __warn+0x31b/0x4b0
[   88.577409][  T119]  ? free_large_kmalloc+0x165/0x200
[   88.582629][  T119]  ? free_large_kmalloc+0x165/0x200
[   88.587838][  T119]  report_bug+0x2be/0x4f0
[   88.592197][  T119]  ? free_large_kmalloc+0x165/0x200
[   88.597427][  T119]  ? free_large_kmalloc+0x165/0x200
[   88.602742][  T119]  ? free_large_kmalloc+0x167/0x200
[   88.607954][  T119]  handle_bug+0x84/0x160
[   88.612223][  T119]  exc_invalid_op+0x1a/0x50
[   88.617804][  T119]  asm_exc_invalid_op+0x1a/0x20
[   88.622752][  T119] RIP: 0010:free_large_kmalloc+0x165/0x200
[   88.628659][  T119] Code: 75 08 48 89 df e8 db e9 e2 ff 65 48 8b 05 73 13 5e 10 48 3b 44 24 08 75 53 48 83 c4 10 5b 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 65 48 8b 05 50 13 5e 10 48 3b 44 24 08 75 30 48 89 df 48
[   88.648363][  T119] RSP: 0018:ffffc90002e06ba8 EFLAGS: 00010206
[   88.654551][  T119] RAX: 00000000ff000000 RBX: ffffea0001d8b880 RCX: ffffea0000000000
[   88.663055][  T119] RDX: 0000000000000000 RSI: ffff8880762e2000 RDI: ffffea0001d8b880
[   88.671031][  T119] RBP: 0000000000000100 R08: ffff88801ef69103 R09: 1ffff11003ded220
[   88.679007][  T119] R10: dffffc0000000000 R11: ffffed1003ded221 R12: 1ffff11006752082
[   88.687090][  T119] R13: 0000000000000000 R14: ffff88801ef69160 R15: dffffc0000000000
[   88.695383][  T119]  usb_free_urb+0xd0/0x120
[   88.699831][  T119]  smsusb_term_device+0x1d6/0x3b0
[   88.704880][  T119]  smsusb_probe+0x1a04/0x2060
[   88.709579][  T119]  ? __pfx_smsusb_probe+0x10/0x10
[   88.714619][  T119]  ? __pfx_smsusb_sendrequest+0x10/0x10
[   88.720178][  T119]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.726112][  T119]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.732585][  T119]  ? __pm_runtime_set_status+0x785/0xa50
[   88.738794][  T119]  usb_probe_interface+0x641/0xbc0
[   88.744454][  T119]  ? __pfx_usb_probe_interface+0x10/0x10
[   88.750096][  T119]  really_probe+0x26a/0x9a0
[   88.754619][  T119]  __driver_probe_device+0x18c/0x2f0
[   88.759970][  T119]  driver_probe_device+0x4f/0x430
[   88.765781][  T119]  __device_attach_driver+0x2ce/0x530
[   88.771895][  T119]  bus_for_each_drv+0x24e/0x2e0
[   88.777148][  T119]  ? __pfx___device_attach_driver+0x10/0x10
[   88.783352][  T119]  ? __pfx_bus_for_each_drv+0x10/0x10
[   88.789389][  T119]  __device_attach+0x2b8/0x400
[   88.794691][  T119]  ? __pfx___device_attach+0x10/0x10
[   88.799991][  T119]  ? do_raw_spin_unlock+0x122/0x240
[   88.805201][  T119]  bus_probe_device+0x185/0x260
[   88.810254][  T119]  device_add+0x7b6/0xb50
[   88.814615][  T119]  usb_set_configuration+0x1a87/0x20e0
[   88.820299][  T119]  usb_generic_driver_probe+0x8d/0x150
[   88.825772][  T119]  usb_probe_device+0x1c1/0x390
[   88.830642][  T119]  ? __pfx_usb_probe_device+0x10/0x10
[   88.836022][  T119]  really_probe+0x26a/0x9a0
[   88.840555][  T119]  __driver_probe_device+0x18c/0x2f0
[   88.845851][  T119]  driver_probe_device+0x4f/0x430
[   88.850891][  T119]  __device_attach_driver+0x2ce/0x530
[   88.856412][  T119]  bus_for_each_drv+0x24e/0x2e0
[   88.861286][  T119]  ? __pfx___device_attach_driver+0x10/0x10
[   88.867214][  T119]  ? __pfx_bus_for_each_drv+0x10/0x10
[   88.872611][  T119]  __device_attach+0x2b8/0x400
[   88.877383][  T119]  ? __pfx___device_attach+0x10/0x10
[   88.882678][  T119]  ? do_raw_spin_unlock+0x122/0x240
[   88.887974][  T119]  bus_probe_device+0x185/0x260
[   88.892931][  T119]  device_add+0x7b6/0xb50
[   88.897276][  T119]  usb_new_device+0xa39/0x16c0
[   88.902233][  T119]  ? __pfx_usb_new_device+0x10/0x10
[   88.907527][  T119]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.912742][  T119]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.917947][  T119]  hub_event+0x2941/0x4a00
[   88.922433][  T119]  ? __pfx_hub_event+0x10/0x10
[   88.927220][  T119]  ? process_scheduled_works+0x9ec/0x17a0
[   88.932962][  T119]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.938170][  T119]  ? process_scheduled_works+0x9ec/0x17a0
[   88.943904][  T119]  ? process_scheduled_works+0x9ec/0x17a0
[   88.949727][  T119]  process_scheduled_works+0xadb/0x17a0
[   88.955335][  T119]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.961459][  T119]  worker_thread+0x8a0/0xda0
[   88.966092][  T119]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.972463][  T119]  ? __kthread_parkme+0x7b/0x200
[   88.977466][  T119]  kthread+0x70e/0x8a0
[   88.981573][  T119]  ? __pfx_worker_thread+0x10/0x10
[   88.986715][  T119]  ? __pfx_kthread+0x10/0x10
[   88.991587][  T119]  ? __pfx_kthread+0x10/0x10
[   88.996468][  T119]  ? _raw_spin_unlock_irq+0x23/0x50
[   89.001694][  T119]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.006919][  T119]  ? __pfx_kthread+0x10/0x10
[   89.011527][  T119]  ret_from_fork+0x4b/0x80
[   89.015956][  T119]  ? __pfx_kthread+0x10/0x10
[   89.020649][  T119]  ret_from_fork_asm+0x1a/0x30
[   89.025442][  T119]  </TASK>
[   89.028861][  T119] Kernel Offset: disabled
[   89.033198][  T119] Rebooting in 86400 seconds..