./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1659006105

<...>
Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts.
execve("./syz-executor1659006105", ["./syz-executor1659006105"], 0x7ffcda843870 /* 10 vars */) = 0
brk(NULL)                               = 0x555584048000
brk(0x555584048d00)                     = 0x555584048d00
arch_prctl(ARCH_SET_FS, 0x555584048380) = 0
set_tid_address(0x555584048650)         = 5232
set_robust_list(0x555584048660, 24)     = 0
rseq(0x555584048ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1659006105", 4096) = 28
getrandom("\x12\x9f\x4c\xcd\xed\x84\xf1\xdf", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555584048d00
brk(0x555584069d00)                     = 0x555584069d00
brk(0x55558406a000)                     = 0x55558406a000
mprotect(0x7fae94893000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached
 <unfinished ...>
[pid  5233] set_robust_list(0x555584048660, 24 <unfinished ...>
[pid  5232] <... clone resumed>, child_tidptr=0x555584048650) = 5233
[pid  5233] <... set_robust_list resumed>) = 0
[pid  5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5233] setsid()                    = 1
[pid  5233] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5233] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5233] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5233] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5233] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5233] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5233] unshare(CLONE_NEWNS)        = 0
[pid  5233] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5233] unshare(CLONE_NEWIPC)       = 0
[pid  5233] unshare(CLONE_NEWCGROUP)    = 0
[pid  5233] unshare(CLONE_NEWUTS)       = 0
[pid  5233] unshare(CLONE_SYSVSEM)      = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "16777216", 8)     = 8
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "536870912", 9)    = 9
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "1024", 4)         = 4
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "8192", 4)         = 4
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "1024", 4)         = 4
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "1024", 4)         = 4
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5233] close(3)                    = 0
[pid  5233] getpid()                    = 1
[pid  5233] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5233] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5233] unshare(CLONE_NEWNET)       = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "0 65535", 7)      = 7
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5233] dup2(3, 200)                = 200
[pid  5233] close(3)                    = 0
[pid  5233] ioctl(200, TUNSETIFF, 0x7ffeb014eff0) = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "0", 1)            = 1
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "0", 1)            = 1
[pid  5233] close(3)                    = 0
[pid  5233] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5233] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5233] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5233] close(4)                    = 0
[pid  5233] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5233] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5233] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5233] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5233] close(4)                    = 0
[pid  5233] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5233] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5233] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5233] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5233] close(4)                    = 0
[pid  5233] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5233] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5233] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5233] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5233] close(4)                    = 0
[pid  5233] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5233] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5233] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5233] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5233] close(4)                    = 0
[pid  5233] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5233] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5233] close(3)                    = 0
[pid  5233] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5233] write(3, "100000", 6)       = 6
[pid  5233] close(3)                    = 0
[pid  5233] mkdir("./syz-tmp", 0777)    = 0
[pid  5233] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5233] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5233] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5233] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5233] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5233] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5233] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5233] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5233] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5233] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5233] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5233] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5233] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5233] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5233] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5233] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5233] chdir("/")                  = 0
[pid  5233] umount2("./pivot", MNT_DETACH) = 0
[pid  5233] chroot("./newroot")         = 0
[pid  5233] chdir("/")                  = 0
[pid  5233] mkdir("/dev/binderfs", 0777) = 0
[pid  5233] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5233] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5233] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5233] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached
 <unfinished ...>
[pid  5236] set_robust_list(0x555584048660, 24 <unfinished ...>
[pid  5233] <... clone resumed>, child_tidptr=0x555584048650) = 2
[pid  5236] <... set_robust_list resumed>) = 0
[pid  5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5236] setpgid(0, 0)               = 0
[pid  5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5236] write(3, "1000", 4)         = 4
[pid  5236] close(3)                    = 0
[pid  5236] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5236] read(200, 0x7ffeb014eb90, 1000) = -1 EAGAIN (Resource temporarily unavailable)
executing program
[pid  5236] write(1, "executing program\n", 18) = 18
[pid  5236] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xff\xff\xff\xff\xff\xff\x08\x00\x45\x00\x00\x30\x00\x00\x00\x00\x00\x01\x4d\xf0\xac\x1e\x00\x01\xac\x14\x14\xaa\x03\x03\x14\xad\x03\x00\x00\x00\x45\x00\x00\x00\x00\x00\x00\x00\x00\x2f\x00\x00\xac\x14\x14\x0a\xe0\x00\x00\x01", 62) = 62
[pid  5236] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid  5236] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 18
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[   67.184127][    T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 18
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 9
[   67.373938][    T8] usb 1-1: Using ep0 maxpacket: 32
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 54
[   67.428274][    T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   67.438688][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[   67.448557][    T8] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA9, changing to 0x89
[   67.460100][    T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 224
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 4
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 8
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 8
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[   67.470066][    T8] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffeb014cf30) = 8
[pid  5236] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fae948993ec) = -1 EINVAL (Invalid argument)
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fae948993fc) = -1 EINVAL (Invalid argument)
[   67.528371][    T8] usb 1-1: New USB device found, idVendor=2040, idProduct=5500, bcdDevice=a9.c8
[   67.537724][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.545938][    T8] usb 1-1: Product: syz
[   67.550130][    T8] usb 1-1: Manufacturer: syz
[   67.554832][    T8] usb 1-1: SerialNumber: syz
[   67.562650][    T8] usb 1-1: config 0 descriptor??
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fae9489940c) = -1 EINVAL (Invalid argument)
[pid  5236] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffeb014cf30) = 0
[   67.573713][ T5236] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[pid  5236] close(3)                    = 0
[pid  5236] close(4)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5236] exit_group(0)               = ?
[pid  5236] +++ exited with 0 +++
[pid  5233] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5233] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5233] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555584048650) = 3
[   67.789244][    T8] smsusb:smsusb_probe: board id=8, interface number 0
[   67.808234][    T8] smsusb:siano_media_device_register: media controller created
[   67.817298][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.824588][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.831822][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
./strace-static-x86_64: Process 5239 attached
[pid  5239] set_robust_list(0x555584048660, 24) = 0
[pid  5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5239] setpgid(0, 0)               = 0
[pid  5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5239] write(3, "1000", 4)         = 4
[pid  5239] close(3)                    = 0
[pid  5239] read(200, executing program
0x7ffeb014eb90, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5239] write(1, "executing program\n", 18) = 18
[pid  5239] write(200, "\xaa\xaa\xaa\xaa\xaa\xaa\xff\xff\xff\xff\xff\xff\x08\x00\x45\x00\x00\x30\x00\x00\x00\x00\x00\x01\x4d\xf0\xac\x1e\x00\x01\xac\x14\x14\xaa\x03\x03\x14\xad\x03\x00\x00\x00\x45\x00\x00\x00\x00\x00\x00\x00\x00\x2f\x00\x00\xac\x14\x14\x0a\xe0\x00\x00\x01", 62) = 62
[pid  5239] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[   67.839079][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.846293][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.853510][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.860769][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.868016][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.875263][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.882503][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[pid  5239] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffeb014df40) = 0
[   67.891763][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.899326][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.906574][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.913786][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.921006][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.928215][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[pid  5239] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid  5239] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffeb014df40) = 0
[   67.935425][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.942653][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.949871][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.957111][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.965255][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.972522][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.979772][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.986982][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   67.994194][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.001401][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.008606][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.015834][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.023101][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.030319][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.038181][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.045436][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.052642][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.059841][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.067054][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.074269][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.081479][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.088690][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.095908][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.103159][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.110834][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.118121][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.125359][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.132561][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.139780][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.146990][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.154197][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.161399][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.168897][    T8] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[   68.177239][    T8] smsmdtv:smscore_set_device_mode: mode detect failed -22
[   68.184433][    T8] smsmdtv:smscore_start_device: set device mode failed , rc -22
[   68.192080][    T8] smsusb:smsusb_init_device: smscore_start_device(...) failed
[   68.200580][    C0] smsusb:smsusb_onresponse: error, urb status -2, 0 bytes
[   68.208073][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   68.216552][    T8] ------------[ cut here ]------------
[   68.222021][    T8] WARNING: CPU: 0 PID: 8 at mm/slub.c:4689 free_large_kmalloc+0x38/0x1c0
[   68.230575][    T8] Modules linked in:
[   68.234754][    T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[   68.245332][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   68.255518][    T8] Workqueue: usb_hub_wq hub_event
[   68.260654][    T8] RIP: 0010:free_large_kmalloc+0x38/0x1c0
[   68.266572][    T8] Code: 8b 04 25 28 00 00 00 48 89 44 24 08 48 8b 47 08 a8 01 0f 85 78 01 00 00 49 89 f6 0f 1f 44 00 00 49 f7 07 40 00 00 00 75 27 90 <0f> 0b 90 31 db 80 3d 6c 04 14 0e 00 75 21 c6 05 63 04 14 0e 01 48
[   68.286279][    T8] RSP: 0018:ffffc900000d6ad0 EFLAGS: 00010246
[   68.292374][    T8] RAX: 0000000000000000 RBX: ffffffff8737dd42 RCX: ffffea0000000000
[   68.300417][    T8] RDX: 0000000000000000 RSI: ffff888076ee2000 RDI: ffffea0001dbb880
[   68.308468][    T8] RBP: ffff888020ac2160 R08: ffffffff8142fe9c R09: 1ffff11004158420
[   68.316487][    T8] R10: dffffc0000000000 R11: ffffed1004158421 R12: ffff88807bbb5000
[   68.324616][    T8] R13: ffff888076ee2000 R14: ffff888076ee2000 R15: ffffea0001dbb880
[   68.332593][    T8] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[   68.341587][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.348252][    T8] CR2: 00007fae94897130 CR3: 0000000077708000 CR4: 00000000003526f0
[   68.356286][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.364319][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.372303][    T8] Call Trace:
[   68.375640][    T8]  <TASK>
[   68.378590][    T8]  ? __warn+0x168/0x4e0
[   68.382795][    T8]  ? free_large_kmalloc+0x38/0x1c0
[   68.388001][    T8]  ? report_bug+0x2b3/0x500
[   68.392542][    T8]  ? free_large_kmalloc+0x38/0x1c0
[   68.397901][    T8]  ? handle_bug+0x60/0x90
[   68.402252][    T8]  ? exc_invalid_op+0x1a/0x50
[   68.407111][    T8]  ? asm_exc_invalid_op+0x1a/0x20
[   68.412174][    T8]  ? usb_free_urb+0xd2/0x120
[   68.416859][    T8]  ? __phys_addr+0xac/0x170
[   68.421380][    T8]  ? free_large_kmalloc+0x38/0x1c0
[   68.426591][    T8]  ? usb_free_urb+0xd2/0x120
[   68.431225][    T8]  kfree+0x21c/0x440
[   68.435176][    T8]  ? smscore_unregister_device+0x616/0x6e0
[   68.441029][    T8]  usb_free_urb+0xd2/0x120
[   68.445528][    T8]  smsusb_term_device+0x1d3/0x3c0
[   68.450593][    T8]  smsusb_probe+0x1d00/0x2410
[   68.455357][    T8]  ? __pfx_smsusb_probe+0x10/0x10
[   68.460420][    T8]  ? __pfx_smsusb_sendrequest+0x10/0x10
[   68.466071][    T8]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.472044][    T8]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.478441][    T8]  ? __pm_runtime_set_status+0x6c1/0xa10
[   68.484146][    T8]  usb_probe_interface+0x645/0xbb0
[   68.489285][    T8]  ? __pfx_usb_probe_interface+0x10/0x10
[   68.495068][    T8]  really_probe+0x2b8/0xad0
[   68.499696][    T8]  __driver_probe_device+0x1a2/0x390
[   68.505092][    T8]  driver_probe_device+0x50/0x430
[   68.510167][    T8]  __device_attach_driver+0x2d6/0x530
[   68.515616][    T8]  bus_for_each_drv+0x24e/0x2e0
[   68.520508][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[   68.526502][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[   68.531920][    T8]  __device_attach+0x333/0x520
[   68.536737][    T8]  ? __pfx_lock_release+0x10/0x10
[   68.541791][    T8]  ? __pfx___device_attach+0x10/0x10
[   68.547138][    T8]  ? do_raw_spin_unlock+0x13c/0x8b0
[   68.552366][    T8]  bus_probe_device+0x189/0x260
[   68.557273][    T8]  device_add+0x856/0xbf0
[   68.561641][    T8]  usb_set_configuration+0x1976/0x1fb0
[   68.567211][    T8]  usb_generic_driver_probe+0x88/0x140
[   68.572717][    T8]  usb_probe_device+0x1b8/0x380
[   68.577649][    T8]  ? __pfx_usb_probe_device+0x10/0x10
[   68.583038][    T8]  really_probe+0x2b8/0xad0
[   68.587619][    T8]  __driver_probe_device+0x1a2/0x390
[   68.592937][    T8]  driver_probe_device+0x50/0x430
[   68.598037][    T8]  __device_attach_driver+0x2d6/0x530
[   68.603433][    T8]  bus_for_each_drv+0x24e/0x2e0
[   68.608423][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[   68.614373][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[   68.619766][    T8]  __device_attach+0x333/0x520
[   68.624618][    T8]  ? __pfx___device_attach+0x10/0x10
[   68.629955][    T8]  bus_probe_device+0x189/0x260
[   68.634906][    T8]  device_add+0x856/0xbf0
[   68.639278][    T8]  usb_new_device+0x104a/0x19a0
[   68.644234][    T8]  ? __pfx_usb_new_device+0x10/0x10
[   68.649469][    T8]  ? _raw_spin_unlock_irq+0x23/0x50
[   68.654768][    T8]  ? lockdep_hardirqs_on+0x99/0x150
[   68.659990][    T8]  hub_event+0x2d6d/0x5150
[   68.664531][    T8]  ? __pfx_hub_event+0x10/0x10
[   68.669326][    T8]  ? __pfx_lock_acquire+0x10/0x10
[   68.674420][    T8]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.680444][    T8]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.686872][    T8]  ? process_scheduled_works+0x976/0x1850
[   68.692641][    T8]  process_scheduled_works+0xa63/0x1850
[   68.698266][    T8]  ? __pfx_process_scheduled_works+0x10/0x10
[   68.704319][    T8]  ? assign_work+0x364/0x3d0
[   68.709025][    T8]  worker_thread+0x870/0xd30
[   68.713624][    T8]  ? __kthread_parkme+0x169/0x1d0
[   68.718756][    T8]  ? __pfx_worker_thread+0x10/0x10
[   68.723973][    T8]  kthread+0x2f0/0x390
[   68.728043][    T8]  ? __pfx_worker_thread+0x10/0x10
[   68.733153][    T8]  ? __pfx_kthread+0x10/0x10
[   68.737795][    T8]  ret_from_fork+0x4b/0x80
[   68.742233][    T8]  ? __pfx_kthread+0x10/0x10
[   68.746895][    T8]  ret_from_fork_asm+0x1a/0x30
[   68.751723][    T8]  </TASK>
[   68.754834][    T8] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   68.762135][    T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0
[   68.772647][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   68.782706][    T8] Workqueue: usb_hub_wq hub_event
[   68.787765][    T8] Call Trace:
[   68.791058][    T8]  <TASK>
[   68.793992][    T8]  dump_stack_lvl+0x241/0x360
[   68.798676][    T8]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.803879][    T8]  ? __pfx__printk+0x10/0x10
[   68.808476][    T8]  ? _printk+0xd5/0x120
[   68.812663][    T8]  ? __init_begin+0x41000/0x41000
[   68.817700][    T8]  ? vscnprintf+0x5d/0x90
[   68.822034][    T8]  panic+0x349/0x880
[   68.825931][    T8]  ? __warn+0x177/0x4e0
[   68.830089][    T8]  ? __pfx_panic+0x10/0x10
[   68.834526][    T8]  ? show_trace_log_lvl+0x3b2/0x410
[   68.839736][    T8]  ? ret_from_fork_asm+0x1a/0x30
[   68.844685][    T8]  __warn+0x34b/0x4e0
[   68.848668][    T8]  ? free_large_kmalloc+0x38/0x1c0
[   68.853788][    T8]  report_bug+0x2b3/0x500
[   68.858129][    T8]  ? free_large_kmalloc+0x38/0x1c0
[   68.863247][    T8]  handle_bug+0x60/0x90
[   68.867409][    T8]  exc_invalid_op+0x1a/0x50
[   68.871919][    T8]  asm_exc_invalid_op+0x1a/0x20
[   68.876769][    T8] RIP: 0010:free_large_kmalloc+0x38/0x1c0
[   68.882493][    T8] Code: 8b 04 25 28 00 00 00 48 89 44 24 08 48 8b 47 08 a8 01 0f 85 78 01 00 00 49 89 f6 0f 1f 44 00 00 49 f7 07 40 00 00 00 75 27 90 <0f> 0b 90 31 db 80 3d 6c 04 14 0e 00 75 21 c6 05 63 04 14 0e 01 48
[   68.902118][    T8] RSP: 0018:ffffc900000d6ad0 EFLAGS: 00010246
[   68.908186][    T8] RAX: 0000000000000000 RBX: ffffffff8737dd42 RCX: ffffea0000000000
[   68.916158][    T8] RDX: 0000000000000000 RSI: ffff888076ee2000 RDI: ffffea0001dbb880
[   68.924132][    T8] RBP: ffff888020ac2160 R08: ffffffff8142fe9c R09: 1ffff11004158420
[   68.932104][    T8] R10: dffffc0000000000 R11: ffffed1004158421 R12: ffff88807bbb5000
[   68.940168][    T8] R13: ffff888076ee2000 R14: ffff888076ee2000 R15: ffffea0001dbb880
[   68.948151][    T8]  ? usb_free_urb+0xd2/0x120
[   68.952753][    T8]  ? __phys_addr+0xac/0x170
[   68.957268][    T8]  ? usb_free_urb+0xd2/0x120
[   68.961866][    T8]  kfree+0x21c/0x440
[   68.965771][    T8]  ? smscore_unregister_device+0x616/0x6e0
[   68.971591][    T8]  usb_free_urb+0xd2/0x120
[   68.976060][    T8]  smsusb_term_device+0x1d3/0x3c0
[   68.981125][    T8]  smsusb_probe+0x1d00/0x2410
[   68.985851][    T8]  ? __pfx_smsusb_probe+0x10/0x10
[   68.990901][    T8]  ? __pfx_smsusb_sendrequest+0x10/0x10
[   68.996465][    T8]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   69.002375][    T8]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.008726][    T8]  ? __pm_runtime_set_status+0x6c1/0xa10
[   69.014383][    T8]  usb_probe_interface+0x645/0xbb0
[   69.019528][    T8]  ? __pfx_usb_probe_interface+0x10/0x10
[   69.025183][    T8]  really_probe+0x2b8/0xad0
[   69.029718][    T8]  __driver_probe_device+0x1a2/0x390
[   69.035025][    T8]  driver_probe_device+0x50/0x430
[   69.040072][    T8]  __device_attach_driver+0x2d6/0x530
[   69.045465][    T8]  bus_for_each_drv+0x24e/0x2e0
[   69.050340][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[   69.056247][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[   69.061643][    T8]  __device_attach+0x333/0x520
[   69.066417][    T8]  ? __pfx_lock_release+0x10/0x10
[   69.071467][    T8]  ? __pfx___device_attach+0x10/0x10
[   69.076762][    T8]  ? do_raw_spin_unlock+0x13c/0x8b0
[   69.081980][    T8]  bus_probe_device+0x189/0x260
[   69.086853][    T8]  device_add+0x856/0xbf0
[   69.091193][    T8]  usb_set_configuration+0x1976/0x1fb0
[   69.096682][    T8]  usb_generic_driver_probe+0x88/0x140
[   69.102151][    T8]  usb_probe_device+0x1b8/0x380
[   69.107009][    T8]  ? __pfx_usb_probe_device+0x10/0x10
[   69.112385][    T8]  really_probe+0x2b8/0xad0
[   69.116905][    T8]  __driver_probe_device+0x1a2/0x390
[   69.122198][    T8]  driver_probe_device+0x50/0x430
[   69.127230][    T8]  __device_attach_driver+0x2d6/0x530
[   69.132611][    T8]  bus_for_each_drv+0x24e/0x2e0
[   69.137467][    T8]  ? __pfx___device_attach_driver+0x10/0x10
[   69.143368][    T8]  ? __pfx_bus_for_each_drv+0x10/0x10
[   69.148758][    T8]  __device_attach+0x333/0x520
[   69.153537][    T8]  ? __pfx___device_attach+0x10/0x10
[   69.158840][    T8]  bus_probe_device+0x189/0x260
[   69.163701][    T8]  device_add+0x856/0xbf0
[   69.168039][    T8]  usb_new_device+0x104a/0x19a0
[   69.172915][    T8]  ? __pfx_usb_new_device+0x10/0x10
[   69.178121][    T8]  ? _raw_spin_unlock_irq+0x23/0x50
[   69.183331][    T8]  ? lockdep_hardirqs_on+0x99/0x150
[   69.188537][    T8]  hub_event+0x2d6d/0x5150
[   69.193004][    T8]  ? __pfx_hub_event+0x10/0x10
[   69.197786][    T8]  ? __pfx_lock_acquire+0x10/0x10
[   69.202828][    T8]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   69.208820][    T8]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   69.215161][    T8]  ? process_scheduled_works+0x976/0x1850
[   69.220890][    T8]  process_scheduled_works+0xa63/0x1850
[   69.226470][    T8]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.232467][    T8]  ? assign_work+0x364/0x3d0
[   69.237071][    T8]  worker_thread+0x870/0xd30
[   69.241686][    T8]  ? __kthread_parkme+0x169/0x1d0
[   69.246728][    T8]  ? __pfx_worker_thread+0x10/0x10
[   69.251864][    T8]  kthread+0x2f0/0x390
[   69.255937][    T8]  ? __pfx_worker_thread+0x10/0x10
[   69.261057][    T8]  ? __pfx_kthread+0x10/0x10
[   69.265654][    T8]  ret_from_fork+0x4b/0x80
[   69.270085][    T8]  ? __pfx_kthread+0x10/0x10
[   69.274681][    T8]  ret_from_fork_asm+0x1a/0x30
[   69.279473][    T8]  </TASK>
[   69.282824][    T8] Kernel Offset: disabled
[   69.287189][    T8] Rebooting in 86400 seconds..