[   86.783774][   T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:62898' (ED25519) to the list of known hosts.
2025/11/30 04:47:55 parsed 1 programs
[   91.405545][   T40] audit: type=1400 audit(1764478077.970:116): avc:  denied  { unlink } for  pid=6171 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   92.493275][ T6171] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   94.345681][ T6185] chnl_net:caif_netlink_parms(): no params data found
[   94.437975][ T6185] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.441133][ T6185] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.445029][ T6185] bridge_slave_0: entered allmulticast mode
[   94.448985][ T6185] bridge_slave_0: entered promiscuous mode
[   94.454370][ T6185] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.457018][ T6185] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.460331][ T6185] bridge_slave_1: entered allmulticast mode
[   94.464521][ T6185] bridge_slave_1: entered promiscuous mode
[   94.510806][ T6185] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.517420][ T6185] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.564792][ T6185] team0: Port device team_slave_0 added
[   94.568973][ T6185] team0: Port device team_slave_1 added
[   94.617767][ T6185] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.620608][ T6185] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.631747][ T6185] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.638450][ T6185] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.641254][ T6185] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.651973][ T6185] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.687574][ T6185] hsr_slave_0: entered promiscuous mode
[   94.689823][ T6185] hsr_slave_1: entered promiscuous mode
[   95.186218][ T6185] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.193001][ T6185] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.198591][ T6185] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.205573][ T6185] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.227134][ T6185] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.230088][ T6185] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.233360][ T6185] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.235663][ T6185] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.270633][ T6185] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.279466][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.282677][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.291904][ T6185] 8021q: adding VLAN 0 to HW filter on device team0
[   95.305157][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.307544][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.310915][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.313462][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.420963][ T6185] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.448471][ T6185] veth0_vlan: entered promiscuous mode
[   95.453514][ T6185] veth1_vlan: entered promiscuous mode
[   95.467613][ T6185] veth0_macvtap: entered promiscuous mode
[   95.477086][ T6185] veth1_macvtap: entered promiscuous mode
[   95.489893][ T6185] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.495735][ T6185] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.504244][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.507192][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.510691][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.513757][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.598250][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.766523][   T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.854448][   T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.936952][   T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.340720][   T40] audit: type=1401 audit(1764478082.900:117): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   96.456512][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.459367][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.484964][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.488304][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.706532][ T5297] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.711660][ T5297] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.716668][ T5297] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.720485][ T5297] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.724606][ T5297] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/11/30 04:48:04 executed programs: 0
[   98.300497][ T6036] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.304810][ T6036] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.308652][ T6036] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.312809][ T6036] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.317057][ T6036] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.443268][ T6338] chnl_net:caif_netlink_parms(): no params data found
[   98.511390][ T6338] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.514719][ T6338] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.517129][ T6338] bridge_slave_0: entered allmulticast mode
[   98.520235][ T6338] bridge_slave_0: entered promiscuous mode
[   98.525337][ T6338] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.528331][ T6338] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.531454][ T6338] bridge_slave_1: entered allmulticast mode
[   98.535561][ T6338] bridge_slave_1: entered promiscuous mode
[   98.592799][ T6338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.600406][ T6338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.634708][ T6338] team0: Port device team_slave_0 added
[   98.638138][ T6338] team0: Port device team_slave_1 added
[   98.674825][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.677552][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.687230][ T6338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.691745][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.694031][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.702406][ T6338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.742380][ T6338] hsr_slave_0: entered promiscuous mode
[   98.744751][ T6338] hsr_slave_1: entered promiscuous mode
[   98.746892][ T6338] debugfs: 'hsr0' already exists in 'hsr'
[   98.748766][ T6338] Cannot create hsr debugfs directory
[   99.180163][   T46] bridge_slave_1: left allmulticast mode
[   99.182438][   T46] bridge_slave_1: left promiscuous mode
[   99.184931][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.190518][   T46] bridge_slave_0: left allmulticast mode
[   99.192842][   T46] bridge_slave_0: left promiscuous mode
[   99.195300][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.492601][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.496885][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.500455][   T46] bond0 (unregistering): Released all slaves
[   99.612512][   T46] hsr_slave_0: left promiscuous mode
[   99.615530][   T46] hsr_slave_1: left promiscuous mode
[   99.618395][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.621410][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.627588][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.630360][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.648762][   T46] veth1_macvtap: left promiscuous mode
[   99.651263][   T46] veth0_macvtap: left promiscuous mode
[   99.653858][   T46] veth1_vlan: left promiscuous mode
[   99.656152][   T46] veth0_vlan: left promiscuous mode
[  100.048465][   T46] team0 (unregistering): Port device team_slave_1 removed
[  100.087482][   T46] team0 (unregistering): Port device team_slave_0 removed
[  100.382777][ T5297] Bluetooth: hci0: command tx timeout
[  100.791216][ T6338] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.797714][ T6338] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.803642][ T6338] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.808480][ T6338] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.893206][ T6338] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.906480][ T6338] 8021q: adding VLAN 0 to HW filter on device team0
[  100.913077][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.915444][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.922557][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.925342][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.365417][ T6338] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.415687][ T6338] veth0_vlan: entered promiscuous mode
[  101.425388][ T6338] veth1_vlan: entered promiscuous mode
[  101.450585][ T6338] veth0_macvtap: entered promiscuous mode
[  101.456435][ T6338] veth1_macvtap: entered promiscuous mode
[  101.472003][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.480847][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.495440][ T1150] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.499004][ T1150] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.505567][ T1150] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.509377][ T1150] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.565049][   T96] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.568405][   T96] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.586045][   T96] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.588992][   T96] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.638274][   T40] audit: type=1400 audit(1764478088.200:118): avc:  denied  { read write } for  pid=6385 comm="syz.0.16" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  101.649673][   T40] audit: type=1400 audit(1764478088.200:119): avc:  denied  { open } for  pid=6385 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  101.661523][   T40] audit: type=1400 audit(1764478088.200:120): avc:  denied  { ioctl } for  pid=6385 comm="syz.0.16" path="/dev/raw-gadget" dev="devtmpfs" ino=849 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  101.882396][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  102.042411][   T24] usb 5-1: Using ep0 maxpacket: 32
[  102.047202][   T24] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  102.051495][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  102.055684][   T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA9, changing to 0x89
[  102.059968][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 255, changing to 11
[  102.063803][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  102.068372][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  102.076201][   T24] usb 5-1: New USB device found, idVendor=2040, idProduct=5500, bcdDevice=a9.c8
[  102.080001][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.083556][   T24] usb 5-1: Product: syz
[  102.085389][   T24] usb 5-1: Manufacturer: syz
[  102.087350][   T24] usb 5-1: SerialNumber: syz
[  102.092925][   T24] usb 5-1: config 0 descriptor??
[  102.096878][ T6386] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  102.308158][   T24] smsusb:smsusb_probe: board id=8, interface number 0
[  102.314240][   T24] smsusb:siano_media_device_register: media controller created
[  102.317629][   T24] usb 5-1: BOGUS urb xfer, pipe 3 != type 1
[  102.319567][   T24] smsusb:smsusb_start_streaming: smsusb_submit_urb(...) failed
[  102.322693][   T24] smsusb:smsusb_init_device: smsusb_start_streaming(...) failed
[  102.327193][   T24] ------------[ cut here ]------------
[  102.329184][   T24] WARNING: CPU: 2 PID: 24 at mm/slub.c:6760 free_large_kmalloc+0x114/0x180
[  102.333151][   T24] Modules linked in:
[  102.334956][   T24] CPU: 2 UID: 0 PID: 24 Comm: kworker/2:0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.338814][   T24] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.343702][   T24] Workqueue: usb_hub_wq hub_event
[  102.345826][   T24] RIP: 0010:free_large_kmalloc+0x114/0x180
[  102.348091][   T24] Code: 00 00 00 48 89 df e8 db 43 14 00 e8 16 41 ab ff 9c 58 f6 c4 02 75 6f fb eb 83 48 c7 c6 60 86 b4 8d e8 a0 5e ed ff 90 0f 0b 90 <0f> 0b 90 48 c7 c6 03 86 a1 8d 48 89 df 5b 5d 41 5c 41 5d e9 84 5e
[  102.354671][   T24] RSP: 0018:ffffc9000062eda0 EFLAGS: 00010202
[  102.357012][   T24] RAX: 00fff00000000000 RBX: ffffea00013c5880 RCX: ffffffff816dd2ee
[  102.360151][   T24] RDX: 00000000000000ff RSI: ffff88804f162000 RDI: ffffea00013c5880
[  102.363194][   T24] RBP: ffff88804f162000 R08: 0000000000000007 R09: 0000000000000000
[  102.365979][   T24] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802a2b8000
[  102.368427][   T24] R13: ffff88802a2ba000 R14: dffffc0000000000 R15: ffff88802a2b80f0
[  102.371078][   T24] FS:  0000000000000000(0000) GS:ffff8880d6c05000(0000) knlGS:0000000000000000
[  102.374243][   T24] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.376310][   T24] CR2: 000055725a936800 CR3: 00000000330b3000 CR4: 0000000000352ef0
[  102.378868][   T24] Call Trace:
[  102.379964][   T24]  <TASK>
[  102.380976][   T24]  usb_free_urb.part.0+0xe5/0x100
[  102.382870][   T24]  usb_free_urb+0x1f/0x30
[  102.384353][   T24]  smsusb_term_device+0x108/0x1e0
[  102.386450][   T24]  smsusb_init_device+0xaa0/0xe00
[  102.388052][   T24]  ? __pfx_smsusb_init_device+0x10/0x10
[  102.389831][   T24]  ? __pfx_smsusb_sendrequest+0x10/0x10
[  102.391645][   T24]  ? usb_clear_halt+0x61/0x160
[  102.393208][   T24]  smsusb_probe+0x5d3/0x1090
[  102.394719][   T24]  ? __pfx_smsusb_probe+0x10/0x10
[  102.396398][   T24]  ? mark_held_locks+0x49/0x80
[  102.397920][   T24]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  102.399823][   T24]  ? __pm_runtime_set_status+0x13c/0xa80
[  102.401608][   T24]  usb_probe_interface+0x303/0xa40
[  102.403413][   T24]  ? __pfx_usb_probe_interface+0x10/0x10
[  102.405218][   T24]  really_probe+0x241/0xa90
[  102.406793][   T24]  __driver_probe_device+0x1de/0x440
[  102.408508][   T24]  driver_probe_device+0x4c/0x1b0
[  102.410125][   T24]  __device_attach_driver+0x1df/0x310
[  102.411878][   T24]  ? __pfx___device_attach_driver+0x10/0x10
[  102.413875][   T24]  bus_for_each_drv+0x159/0x1e0
[  102.415488][   T24]  ? __pfx_bus_for_each_drv+0x10/0x10
[  102.417239][   T24]  ? lockdep_hardirqs_on+0x7c/0x110
[  102.418903][   T24]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  102.420758][   T24]  __device_attach+0x1e4/0x4b0
[  102.422388][   T24]  ? __pfx___device_attach+0x10/0x10
[  102.424105][   T24]  ? do_raw_spin_unlock+0x172/0x230
[  102.425768][   T24]  bus_probe_device+0x17f/0x1c0
[  102.427486][   T24]  device_add+0x1148/0x1aa0
[  102.429082][   T24]  ? __pfx_device_add+0x10/0x10
[  102.430681][   T24]  usb_set_configuration+0x1187/0x1e20
[  102.433022][   T24]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[  102.435539][   T24]  usb_generic_driver_probe+0xb1/0x110
[  102.437778][   T24]  usb_probe_device+0xef/0x3e0
[  102.439788][   T24]  ? __pfx_usb_probe_device+0x10/0x10
[  102.442044][   T24]  really_probe+0x241/0xa90
[  102.443589][   T24]  __driver_probe_device+0x1de/0x440
[  102.445260][   T24]  ? usb_driver_applicable+0x1c7/0x220
[  102.447006][   T24]  driver_probe_device+0x4c/0x1b0
[  102.448764][   T24]  __device_attach_driver+0x1df/0x310
[  102.450504][   T24]  ? __pfx___device_attach_driver+0x10/0x10
[  102.452433][   T24]  bus_for_each_drv+0x159/0x1e0
[  102.454007][   T24]  ? __pfx_bus_for_each_drv+0x10/0x10
[  102.455727][   T24]  ? lockdep_hardirqs_on+0x7c/0x110
[  102.457386][   T24]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  102.459304][   T24]  __device_attach+0x1e4/0x4b0
[  102.460822][   T24]  ? __pfx___device_attach+0x10/0x10
[  102.462684][   T24]  ? do_raw_spin_unlock+0x172/0x230
[  102.462826][ T5297] Bluetooth: hci0: command tx timeout
[  102.464338][   T24]  bus_probe_device+0x17f/0x1c0
[  102.467653][   T24]  device_add+0x1148/0x1aa0
[  102.469162][   T24]  ? __pfx_device_add+0x10/0x10
[  102.470952][   T24]  ? add_device_randomness+0xb7/0xf0
[  102.472660][   T24]  ? __usb_get_extra_descriptor+0x158/0x1c0
[  102.474536][   T24]  usb_new_device+0xd07/0x1a60
[  102.476070][   T24]  ? do_raw_spin_lock+0x12c/0x2b0
[  102.477676][   T24]  ? __pfx_usb_new_device+0x10/0x10
[  102.479361][   T24]  ? mark_held_locks+0x49/0x80
[  102.480943][   T24]  hub_event+0x2f34/0x4fe0
[  102.482455][   T24]  ? __pfx_hub_event+0x10/0x10
[  102.483977][   T24]  ? interval_tree_remove+0x800/0xee0
[  102.485684][   T24]  ? rcu_is_watching+0x12/0xc0
[  102.487230][   T24]  process_one_work+0x9cf/0x1b70
[  102.488828][   T24]  ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10
[  102.490901][   T24]  ? __pfx_process_one_work+0x10/0x10
[  102.492720][   T24]  ? assign_work+0x1a0/0x250
[  102.494206][   T24]  worker_thread+0x6c8/0xf10
[  102.495691][   T24]  ? __pfx_worker_thread+0x10/0x10
[  102.497334][   T24]  kthread+0x3c5/0x780
[  102.498670][   T24]  ? __pfx_kthread+0x10/0x10
[  102.500562][   T24]  ? rcu_is_watching+0x12/0xc0
[  102.502690][   T24]  ? __pfx_kthread+0x10/0x10
[  102.504675][   T24]  ret_from_fork+0x675/0x7d0
[  102.506658][   T24]  ? __pfx_kthread+0x10/0x10
[  102.508658][   T24]  ret_from_fork_asm+0x1a/0x30
[  102.510702][   T24]  </TASK>
[  102.512014][   T24] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  102.515051][   T24] CPU: 2 UID: 0 PID: 24 Comm: kworker/2:0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.518512][   T24] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  102.521872][   T24] Workqueue: usb_hub_wq hub_event
[  102.523638][   T24] Call Trace:
[  102.524974][   T24]  <TASK>
[  102.526146][   T24]  dump_stack_lvl+0x3d/0x1f0
[  102.527613][   T24]  vpanic+0x640/0x6f0
[  102.528941][   T24]  ? free_large_kmalloc+0x114/0x180
[  102.530605][   T24]  panic+0xca/0xd0
[  102.531804][   T24]  ? __pfx_panic+0x10/0x10
[  102.533365][   T24]  ? check_panic_on_warn+0x1f/0xb0
[  102.535103][   T24]  check_panic_on_warn+0xab/0xb0
[  102.536849][   T24]  __warn+0xf6/0x3c0
[  102.538512][   T24]  ? free_large_kmalloc+0x114/0x180
[  102.540640][   T24]  report_bug+0x3c3/0x580
[  102.542469][   T24]  ? free_large_kmalloc+0x114/0x180
[  102.544584][   T24]  handle_bug+0x184/0x210
[  102.546380][   T24]  exc_invalid_op+0x17/0x50
[  102.548256][   T24]  asm_exc_invalid_op+0x1a/0x20
[  102.550264][   T24] RIP: 0010:free_large_kmalloc+0x114/0x180
[  102.552416][   T24] Code: 00 00 00 48 89 df e8 db 43 14 00 e8 16 41 ab ff 9c 58 f6 c4 02 75 6f fb eb 83 48 c7 c6 60 86 b4 8d e8 a0 5e ed ff 90 0f 0b 90 <0f> 0b 90 48 c7 c6 03 86 a1 8d 48 89 df 5b 5d 41 5c 41 5d e9 84 5e
[  102.559030][   T24] RSP: 0018:ffffc9000062eda0 EFLAGS: 00010202
[  102.560971][   T24] RAX: 00fff00000000000 RBX: ffffea00013c5880 RCX: ffffffff816dd2ee
[  102.564251][   T24] RDX: 00000000000000ff RSI: ffff88804f162000 RDI: ffffea00013c5880
[  102.567530][   T24] RBP: ffff88804f162000 R08: 0000000000000007 R09: 0000000000000000
[  102.570490][   T24] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802a2b8000
[  102.573765][   T24] R13: ffff88802a2ba000 R14: dffffc0000000000 R15: ffff88802a2b80f0
[  102.577073][   T24]  ? __phys_addr+0xde/0x180
[  102.579084][   T24]  usb_free_urb.part.0+0xe5/0x100
[  102.581195][   T24]  usb_free_urb+0x1f/0x30
[  102.583058][   T24]  smsusb_term_device+0x108/0x1e0
[  102.585173][   T24]  smsusb_init_device+0xaa0/0xe00
[  102.587296][   T24]  ? __pfx_smsusb_init_device+0x10/0x10
[  102.589347][   T24]  ? __pfx_smsusb_sendrequest+0x10/0x10
[  102.590982][   T24]  ? usb_clear_halt+0x61/0x160
[  102.592446][   T24]  smsusb_probe+0x5d3/0x1090
[  102.593915][   T24]  ? __pfx_smsusb_probe+0x10/0x10
[  102.595544][   T24]  ? mark_held_locks+0x49/0x80
[  102.597486][   T24]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  102.599989][   T24]  ? __pm_runtime_set_status+0x13c/0xa80
[  102.602387][   T24]  usb_probe_interface+0x303/0xa40
[  102.604536][   T24]  ? __pfx_usb_probe_interface+0x10/0x10
[  102.606745][   T24]  really_probe+0x241/0xa90
[  102.608197][   T24]  __driver_probe_device+0x1de/0x440
[  102.610163][   T24]  driver_probe_device+0x4c/0x1b0
[  102.611769][   T24]  __device_attach_driver+0x1df/0x310
[  102.613466][   T24]  ? __pfx___device_attach_driver+0x10/0x10
[  102.615360][   T24]  bus_for_each_drv+0x159/0x1e0
[  102.616944][   T24]  ? __pfx_bus_for_each_drv+0x10/0x10
[  102.618682][   T24]  ? lockdep_hardirqs_on+0x7c/0x110
[  102.620683][   T24]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  102.623098][   T24]  __device_attach+0x1e4/0x4b0
[  102.624652][   T24]  ? __pfx___device_attach+0x10/0x10
[  102.626345][   T24]  ? do_raw_spin_unlock+0x172/0x230
[  102.628040][   T24]  bus_probe_device+0x17f/0x1c0
[  102.629620][   T24]  device_add+0x1148/0x1aa0
[  102.631139][   T24]  ? __pfx_device_add+0x10/0x10
[  102.632700][   T24]  usb_set_configuration+0x1187/0x1e20
[  102.634439][   T24]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[  102.636352][   T24]  usb_generic_driver_probe+0xb1/0x110
[  102.638147][   T24]  usb_probe_device+0xef/0x3e0
[  102.639698][   T24]  ? __pfx_usb_probe_device+0x10/0x10
[  102.641611][   T24]  really_probe+0x241/0xa90
[  102.643087][   T24]  __driver_probe_device+0x1de/0x440
[  102.644752][   T24]  ? usb_driver_applicable+0x1c7/0x220
[  102.646488][   T24]  driver_probe_device+0x4c/0x1b0
[  102.648147][   T24]  __device_attach_driver+0x1df/0x310
[  102.649864][   T24]  ? __pfx___device_attach_driver+0x10/0x10
[  102.651863][   T24]  bus_for_each_drv+0x159/0x1e0
[  102.653613][   T24]  ? __pfx_bus_for_each_drv+0x10/0x10
[  102.655321][   T24]  ? lockdep_hardirqs_on+0x7c/0x110
[  102.656967][   T24]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  102.658898][   T24]  __device_attach+0x1e4/0x4b0
[  102.660433][   T24]  ? __pfx___device_attach+0x10/0x10
[  102.662153][   T24]  ? do_raw_spin_unlock+0x172/0x230
[  102.663828][   T24]  bus_probe_device+0x17f/0x1c0
[  102.665373][   T24]  device_add+0x1148/0x1aa0
[  102.667148][   T24]  ? __pfx_device_add+0x10/0x10
[  102.669249][   T24]  ? add_device_randomness+0xb7/0xf0
[  102.671546][   T24]  ? __usb_get_extra_descriptor+0x158/0x1c0
[  102.674046][   T24]  usb_new_device+0xd07/0x1a60
[  102.675995][   T24]  ? do_raw_spin_lock+0x12c/0x2b0
[  102.678010][   T24]  ? __pfx_usb_new_device+0x10/0x10
[  102.680175][   T24]  ? mark_held_locks+0x49/0x80
[  102.682066][   T24]  hub_event+0x2f34/0x4fe0
[  102.683879][   T24]  ? __pfx_hub_event+0x10/0x10
[  102.685323][   T24]  ? interval_tree_remove+0x800/0xee0
[  102.686909][   T24]  ? rcu_is_watching+0x12/0xc0
[  102.688354][   T24]  process_one_work+0x9cf/0x1b70
[  102.689952][   T24]  ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10
[  102.691909][   T24]  ? __pfx_process_one_work+0x10/0x10
[  102.693536][   T24]  ? assign_work+0x1a0/0x250
[  102.695042][   T24]  worker_thread+0x6c8/0xf10
[  102.696483][   T24]  ? __pfx_worker_thread+0x10/0x10
[  102.698062][   T24]  kthread+0x3c5/0x780
[  102.699344][   T24]  ? __pfx_kthread+0x10/0x10
[  102.700749][   T24]  ? rcu_is_watching+0x12/0xc0
[  102.702360][   T24]  ? __pfx_kthread+0x10/0x10
[  102.703832][   T24]  ret_from_fork+0x675/0x7d0
[  102.705416][   T24]  ? __pfx_kthread+0x10/0x10
[  102.706988][   T24]  ret_from_fork_asm+0x1a/0x30
[  102.708615][   T24]  </TASK>
[  102.710305][   T24] Kernel Offset: disabled
[  102.711735][   T24] Rebooting in 86400 seconds..