./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3132512067

<...>
Warning: Permanently added '10.128.10.8' (ED25519) to the list of known hosts.
execve("./syz-executor3132512067", ["./syz-executor3132512067"], 0x7ffdbf26cce0 /* 10 vars */) = 0
brk(NULL)                               = 0x55557f898000
brk(0x55557f898d00)                     = 0x55557f898d00
arch_prctl(ARCH_SET_FS, 0x55557f898380) = 0
set_tid_address(0x55557f898650)         = 5865
set_robust_list(0x55557f898660, 24)     = 0
rseq(0x55557f898ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3132512067", 4096) = 28
getrandom("\x14\x45\x0a\x37\x7b\x01\x65\x13", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557f898d00
brk(0x55557f8b9d00)                     = 0x55557f8b9d00
brk(0x55557f8ba000)                     = 0x55557f8ba000
mprotect(0x7f6c5463d000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
executing program
write(1, "executing program\n", 18)     = 18
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd22af2b30) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
[   71.880754][   T44] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 72
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 4
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 8
[   72.073622][   T44] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   72.083919][   T44] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b20) = 8
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b30) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x40) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6c546433ec) = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6c546433fc) = -1 EINVAL (Invalid argument)
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd22af1b20) = 0
[   72.151736][   T44] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   72.160927][   T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.168933][   T44] usb 1-1: Product: syz
[   72.173154][   T44] usb 1-1: Manufacturer: syz
[   72.177764][   T44] usb 1-1: SerialNumber: syz
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 4
ioctl(4, USB_RAW_IOCTL_INIT, 0x7ffd22af2b40) = 0
ioctl(4, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = -1 EBUSY (Device or resource busy)
close(3)                                = 0
[   72.450023][ T5865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   72.458763][ T5865] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   72.478701][   T44] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[   72.488990][   T44] usb 1-1: USB disconnect, device number 2
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd22af2b40) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b30) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
[   72.930778][   T44] usb 1-1: new high-speed USB device number 3 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b30) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b30) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
[   73.090719][   T44] usb 1-1: Using ep0 maxpacket: 8
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd22af1b30) = 72
[   73.119105][   T44] usb 1-1: config index 0 descriptor too short (expected 301, got 72)
[   73.127365][   T44] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   73.137616][   T44] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   73.147386][   T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   73.157156][   T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b40) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x40) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0)    = 0
ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0)   = -1 EINVAL (Invalid argument)
ioctl(3, USB_RAW_IOCTL_EP_DISABLE, 0)   = -1 EINVAL (Invalid argument)
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6c546433ec) = 0
[   73.167348][   T44] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   73.178431][   T44] usb 1-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[   73.191435][   T44] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   73.200464][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f6c546433fc) = -1 EINVAL (Invalid argument)
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd22af1b30) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd22af2b70) = 0
ioctl(3, USB_RAW_IOCTL_EP0_STALL, 0)    = 0
[   73.506106][   T44] usb 1-1: usb_control_msg returned -32
[   73.511861][   T44] usbtmc 1-1:16.0: can't read capabilities
[   73.517890][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.524059][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.530050][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.536057][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.542065][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.548065][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.554075][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.560093][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.566109][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.572115][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.578093][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.584076][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.590083][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.596103][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.602115][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.608122][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.614139][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.620141][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.626121][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.632111][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.638195][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.644185][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.650190][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.656167][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.662160][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.668132][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.674140][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.680125][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.686102][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.692117][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.698089][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.704082][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.710089][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.716096][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.722090][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.728066][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.734073][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.740064][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.746071][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.752055][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.758041][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.764062][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.770054][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.776040][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.782039][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.788015][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.793983][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.799969][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.805945][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.811940][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.817946][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.823958][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.829992][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.835968][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.841976][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.847934][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.853894][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.859893][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.865904][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.871909][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.877920][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.883910][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.889913][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.895924][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.901936][    C1] usbtmc 1-1:16.0: invalid notification: 11
[   73.908022][    C1] usbtmc 1-1:16.0: invalid notification: 1
[   73.914038][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.920041][    C1] usbtmc 1-1:16.0: invalid notification: 0
[   73.926063][    C1] usbtmc 1-1:16.0: invalid notification: 73
[   73.932163][    C1] usbtmc 1-1:16.0: invalid notification: 33
[   73.938252][    C1] usbtmc 1-1:16.0: invalid notification: 36
[   73.944310][    C1] usbtmc 1-1:16.0: invalid notification: 8
[   73.950303][    C1] ==================================================================
[   73.958373][    C1] BUG: KASAN: slab-out-of-bounds in usbtmc_interrupt+0x4c7/0x690
[   73.966115][    C1] Read of size 1 at addr ffff8880291a69a1 by task swapper/1/0
[   73.973571][    C1] 
[   73.975923][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[   73.975943][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   73.975953][    C1] Call Trace:
[   73.975961][    C1]  <IRQ>
[   73.975968][    C1]  dump_stack_lvl+0x189/0x250
[   73.975994][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[   73.976008][    C1]  ? rcu_is_watching+0x15/0xb0
[   73.976028][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.976049][    C1]  ? rcu_is_watching+0x15/0xb0
[   73.976067][    C1]  ? lock_release+0x4b/0x3e0
[   73.976084][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[   73.976098][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[   73.976111][    C1]  print_report+0xca/0x240
[   73.976133][    C1]  ? usbtmc_interrupt+0x4c7/0x690
[   73.976156][    C1]  kasan_report+0x118/0x150
[   73.976173][    C1]  ? usbtmc_interrupt+0x4c7/0x690
[   73.976196][    C1]  usbtmc_interrupt+0x4c7/0x690
[   73.976216][    C1]  ? usb_unanchor_urb+0xa5/0xc0
[   73.976233][    C1]  ? usb_anchor_suspend_wakeups+0x3b/0x50
[   73.976254][    C1]  __usb_hcd_giveback_urb+0x376/0x540
[   73.976271][    C1]  dummy_timer+0x862/0x4550
[   73.976286][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   73.976330][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   73.976346][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   73.976359][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   73.976373][    C1]  __hrtimer_run_queues+0x52c/0xc60
[   73.976399][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   73.976416][    C1]  ? read_tsc+0x9/0x20
[   73.976432][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   73.976454][    C1]  hrtimer_run_softirq+0x187/0x2b0
[   73.976475][    C1]  handle_softirqs+0x286/0x870
[   73.976494][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[   73.976520][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   73.976540][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[   73.976563][    C1]  __irq_exit_rcu+0xca/0x1f0
[   73.976582][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   73.976603][    C1]  irq_exit_rcu+0x9/0x30
[   73.976620][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   73.976635][    C1]  </IRQ>
[   73.976640][    C1]  <TASK>
[   73.976645][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   73.976662][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[   73.976678][    C1] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 1a 25 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[   73.976696][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[   73.976713][    C1] RAX: 01516c1b89febd00 RBX: ffffffff8196d368 RCX: 01516c1b89febd00
[   73.976725][    C1] RDX: 0000000000000001 RSI: ffffffff8c04d960 RDI: ffffffff8196d368
[   73.976736][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f9b R09: 1ffff110170e65f3
[   73.976747][    C1] R10: dffffc0000000000 R11: ffffed10170e65f4 R12: ffffffff8fe4db30
[   73.976760][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a55b40
[   73.976771][    C1]  ? do_idle+0x1e8/0x510
[   73.976790][    C1]  ? do_idle+0x1e8/0x510
[   73.976808][    C1]  default_idle+0x13/0x20
[   73.976825][    C1]  default_idle_call+0x74/0xb0
[   73.976843][    C1]  do_idle+0x1e8/0x510
[   73.976862][    C1]  ? __pfx_do_idle+0x10/0x10
[   73.976879][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   73.976902][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.976917][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   73.976940][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   73.976967][    C1]  cpu_startup_entry+0x44/0x60
[   73.976984][    C1]  start_secondary+0x101/0x110
[   73.977001][    C1]  common_startup_64+0x13e/0x147
[   73.977022][    C1]  </TASK>
[   73.977027][    C1] 
[   74.326995][    C1] Allocated by task 44:
[   74.331155][    C1]  kasan_save_track+0x3e/0x80
[   74.335823][    C1]  __kasan_kmalloc+0x93/0xb0
[   74.340413][    C1]  __kmalloc_noprof+0x27a/0x4f0
[   74.345272][    C1]  usbtmc_probe+0xa3a/0x1a60
[   74.349858][    C1]  usb_probe_interface+0x665/0xc30
[   74.354960][    C1]  really_probe+0x26a/0x9e0
[   74.359486][    C1]  __driver_probe_device+0x18c/0x2f0
[   74.364767][    C1]  driver_probe_device+0x4f/0x430
[   74.369787][    C1]  __device_attach_driver+0x2ce/0x530
[   74.375157][    C1]  bus_for_each_drv+0x251/0x2e0
[   74.379997][    C1]  __device_attach+0x2b8/0x400
[   74.384843][    C1]  bus_probe_device+0x185/0x260
[   74.389684][    C1]  device_add+0x7b6/0xb50
[   74.394006][    C1]  usb_set_configuration+0x1a87/0x20e0
[   74.399468][    C1]  usb_generic_driver_probe+0x8d/0x150
[   74.404940][    C1]  usb_probe_device+0x1c4/0x390
[   74.409799][    C1]  really_probe+0x26a/0x9e0
[   74.414306][    C1]  __driver_probe_device+0x18c/0x2f0
[   74.419615][    C1]  driver_probe_device+0x4f/0x430
[   74.424644][    C1]  __device_attach_driver+0x2ce/0x530
[   74.430012][    C1]  bus_for_each_drv+0x251/0x2e0
[   74.434856][    C1]  __device_attach+0x2b8/0x400
[   74.439640][    C1]  bus_probe_device+0x185/0x260
[   74.444482][    C1]  device_add+0x7b6/0xb50
[   74.448803][    C1]  usb_new_device+0xa39/0x16f0
[   74.453563][    C1]  hub_event+0x2958/0x4a20
[   74.457978][    C1]  process_scheduled_works+0xae1/0x17b0
[   74.463530][    C1]  worker_thread+0x8a0/0xda0
[   74.468117][    C1]  kthread+0x711/0x8a0
[   74.472185][    C1]  ret_from_fork+0x3f9/0x770
[   74.476793][    C1]  ret_from_fork_asm+0x1a/0x30
[   74.481562][    C1] 
[   74.483891][    C1] The buggy address belongs to the object at ffff8880291a69a0
[   74.483891][    C1]  which belongs to the cache kmalloc-8 of size 8
[   74.497688][    C1] The buggy address is located 0 bytes to the right of
[   74.497688][    C1]  allocated 1-byte region [ffff8880291a69a0, ffff8880291a69a1)
[   74.512012][    C1] 
[   74.514334][    C1] The buggy address belongs to the physical page:
[   74.520762][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x291a6
[   74.529521][    C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   74.536641][    C1] page_type: f5(slab)
[   74.540649][    C1] raw: 00fff00000000000 ffff88801a841500 dead000000000100 dead000000000122
[   74.549241][    C1] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   74.557827][    C1] page dumped because: kasan: bad access detected
[   74.564253][    C1] page_owner tracks the page as allocated
[   74.569968][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 16852153284, free_ts 0
[   74.587604][    C1]  post_alloc_hook+0x240/0x2a0
[   74.592376][    C1]  get_page_from_freelist+0x21e4/0x22c0
[   74.597936][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[   74.603750][    C1]  alloc_pages_mpol+0x232/0x4a0
[   74.608687][    C1]  allocate_slab+0x8a/0x370
[   74.613635][    C1]  ___slab_alloc+0xbeb/0x1410
[   74.618315][    C1]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[   74.624728][    C1]  kstrdup+0x42/0x100
[   74.628722][    C1]  __kernfs_new_node+0x9c/0x7e0
[   74.633665][    C1]  kernfs_new_node+0x102/0x210
[   74.638431][    C1]  kernfs_create_dir_ns+0x44/0x130
[   74.643545][    C1]  sysfs_create_dir_ns+0x123/0x280
[   74.648667][    C1]  kobject_add_internal+0x59f/0xb40
[   74.653888][    C1]  kobject_add+0x155/0x220
[   74.658396][    C1]  device_add+0x408/0xb50
[   74.662824][    C1]  usb_create_ep_devs+0x12c/0x230
[   74.667861][    C1] page_owner free stack trace missing
[   74.673222][    C1] 
[   74.675550][    C1] Memory state around the buggy address:
[   74.681263][    C1]  ffff8880291a6880: 04 fc fc fc 04 fc fc fc 06 fc fc fc 04 fc fc fc
[   74.689324][    C1]  ffff8880291a6900: 06 fc fc fc 06 fc fc fc fa fc fc fc fa fc fc fc
[   74.697402][    C1] >ffff8880291a6980: fa fc fc fc 01 fc fc fc 00 fc fc fc 00 fc fc fc
[   74.705463][    C1]                                ^
[   74.710567][    C1]  ffff8880291a6a00: 00 fc fc fc 06 fc fc fc 06 fc fc fc 06 fc fc fc
[   74.718627][    C1]  ffff8880291a6a80: 07 fc fc fc 06 fc fc fc 06 fc fc fc 06 fc fc fc
[   74.726693][    C1] ==================================================================
[   74.734770][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.741970][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.17.0-rc1-next-20250814-syzkaller #0 PREEMPT(full) 
[   74.753084][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   74.763147][    C1] Call Trace:
[   74.766435][    C1]  <IRQ>
[   74.769291][    C1]  dump_stack_lvl+0x99/0x250
[   74.773897][    C1]  ? __asan_memcpy+0x40/0x70
[   74.778496][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.783703][    C1]  ? __pfx__printk+0x10/0x10
[   74.788314][    C1]  vpanic+0x281/0x750
[   74.792304][    C1]  ? __pfx_print_hex_dump+0x10/0x10
[   74.797509][    C1]  ? __pfx_vpanic+0x10/0x10
[   74.802023][    C1]  panic+0xb9/0xc0
[   74.805750][    C1]  ? __pfx_panic+0x10/0x10
[   74.810169][    C1]  ? do_raw_spin_unlock+0x122/0x240
[   74.815462][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.821801][    C1]  ? usbtmc_interrupt+0x4c7/0x690
[   74.826836][    C1]  check_panic_on_warn+0x89/0xb0
[   74.831774][    C1]  ? usbtmc_interrupt+0x4c7/0x690
[   74.836809][    C1]  end_report+0x78/0x160
[   74.841065][    C1]  kasan_report+0x129/0x150
[   74.845572][    C1]  ? usbtmc_interrupt+0x4c7/0x690
[   74.850616][    C1]  usbtmc_interrupt+0x4c7/0x690
[   74.855491][    C1]  ? usb_unanchor_urb+0xa5/0xc0
[   74.860356][    C1]  ? usb_anchor_suspend_wakeups+0x3b/0x50
[   74.866092][    C1]  __usb_hcd_giveback_urb+0x376/0x540
[   74.871482][    C1]  dummy_timer+0x862/0x4550
[   74.875995][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.882371][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   74.887316][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   74.892253][    C1]  ? __pfx_dummy_timer+0x10/0x10
[   74.897186][    C1]  __hrtimer_run_queues+0x52c/0xc60
[   74.902407][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   74.908145][    C1]  ? read_tsc+0x9/0x20
[   74.912216][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   74.918030][    C1]  hrtimer_run_softirq+0x187/0x2b0
[   74.923148][    C1]  handle_softirqs+0x286/0x870
[   74.927919][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[   74.932688][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   74.938071][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[   74.943281][    C1]  __irq_exit_rcu+0xca/0x1f0
[   74.947877][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   74.953105][    C1]  irq_exit_rcu+0x9/0x30
[   74.957355][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   74.962989][    C1]  </IRQ>
[   74.965917][    C1]  <TASK>
[   74.968848][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   74.974828][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[   74.980547][    C1] Code: 53 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 1a 25 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[   75.000177][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[   75.006261][    C1] RAX: 01516c1b89febd00 RBX: ffffffff8196d368 RCX: 01516c1b89febd00
[   75.014239][    C1] RDX: 0000000000000001 RSI: ffffffff8c04d960 RDI: ffffffff8196d368
[   75.022299][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f9b R09: 1ffff110170e65f3
[   75.030269][    C1] R10: dffffc0000000000 R11: ffffed10170e65f4 R12: ffffffff8fe4db30
[   75.038241][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a55b40
[   75.046234][    C1]  ? do_idle+0x1e8/0x510
[   75.050483][    C1]  ? do_idle+0x1e8/0x510
[   75.054729][    C1]  default_idle+0x13/0x20
[   75.059064][    C1]  default_idle_call+0x74/0xb0
[   75.063837][    C1]  do_idle+0x1e8/0x510
[   75.067914][    C1]  ? __pfx_do_idle+0x10/0x10
[   75.072506][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.078415][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.083615][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.089537][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.095881][    C1]  cpu_startup_entry+0x44/0x60
[   75.100653][    C1]  start_secondary+0x101/0x110
[   75.105425][    C1]  common_startup_64+0x13e/0x147
[   75.110372][    C1]  </TASK>
[   75.113720][    C1] Kernel Offset: disabled
[   75.118042][    C1] Rebooting in 86400 seconds..