program:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48)
sysfs$2(0x9, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000207265970000010902240001000000000904000002214c6a0009050702000000da00090589"], 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x4010, 0x3}, 0x18, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
mount$cgroup(0x0, 0x0, 0x0, 0x400, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0)
r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ecm(0x2, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, 0x0)

[   85.531000][ T5316] Bluetooth: hci0: command tx timeout
[   85.846847][ T5337] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.999930][ T5337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[   86.004228][ T5337] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[   86.008656][ T5337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 255, changing to 11
[   86.012994][ T5337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[   86.019333][ T5337] usb 5-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[   86.023588][ T5337] usb 5-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[   86.027844][ T5337] usb 5-1: Manufacturer: syz
[   86.036062][ T5337] usb 5-1: config 0 descriptor??
[   86.050234][ T5339] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   86.055331][ T5337] smsusb:smsusb_probe: board id=9, interface number 0
[   86.074960][ T5337] smsusb:siano_media_device_register: media controller created
[   86.090010][ T5337] usb 5-1: BOGUS urb xfer, pipe 3 != type 1
[   86.092677][ T5337] smsusb:smsusb_start_streaming: smsusb_submit_urb(...) failed
[   86.125916][ T5337] smsusb:smsusb_init_device: smsusb_start_streaming(...) failed
[   86.141394][ T5337] ------------[ cut here ]------------
[   86.143766][ T5337] WARNING: mm/slub.c:6789 at free_large_kmalloc+0xa3/0x150, CPU#0: kworker/0:6/5337
[   86.148147][ T5337] Modules linked in:
[   86.149903][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) 
[   86.153851][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.158456][ T5337] Workqueue: usb_hub_wq hub_event
[   86.160680][ T5337] RIP: 0010:free_large_kmalloc+0xa3/0x150
[   86.163151][ T5337] Code: f8 ff 74 17 25 00 00 00 ff 3d 00 00 00 f8 0f 85 a4 00 00 00 c7 43 30 ff ff ff ff 48 89 df 89 ee 5b 41 5e 5d e9 3e d9 fc ff 90 <0f> 0b 90 48 89 df 48 c7 c6 b5 e1 7a 8d 5b 41 5e 5d e9 87 6a 0a ff
[   86.170878][ T5337] RSP: 0018:ffffc9000ea0eac0 EFLAGS: 00010206
[   86.173306][ T5337] RAX: 00000000ff000000 RBX: ffffea00010ff880 RCX: ffff8880009d4901
[   86.176413][ T5337] RDX: 0000000000000000 RSI: ffff888043fe2000 RDI: ffffea00010ff880
[   86.179642][ T5337] RBP: 0000000000000000 R08: ffff888037675603 R09: 1ffff11006eceac0
[   86.182860][ T5337] R10: dffffc0000000000 R11: ffffed1006eceac1 R12: 1ffff110024af082
[   86.186229][ T5337] R13: 0000000000000000 R14: ffff888037675660 R15: dffffc0000000000
[   86.189762][ T5337] FS:  0000000000000000(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   86.193467][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.196189][ T5337] CR2: 00005580133bc4d0 CR3: 000000003680b000 CR4: 0000000000352ef0
[   86.199746][ T5337] Call Trace:
[   86.201253][ T5337]  <TASK>
[   86.202656][ T5337]  usb_free_urb+0xd0/0x120
[   86.204602][ T5337]  smsusb_term_device+0x1d7/0x3e0
[   86.207022][ T5337]  smsusb_probe+0x1a20/0x21f0
[   86.209148][ T5337]  ? __pfx_smsusb_probe+0x10/0x10
[   86.211367][ T5337]  ? do_raw_spin_lock+0x121/0x290
[   86.213617][ T5337]  ? __pfx_smsusb_sendrequest+0x10/0x10
[   86.216128][ T5337]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   86.218770][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.221285][ T5337]  ? __pm_runtime_set_status+0x785/0xa50
[   86.223641][ T5337]  usb_probe_interface+0x668/0xc90
[   86.225790][ T5337]  ? __pfx_usb_probe_interface+0x10/0x10
[   86.229268][ T5337]  really_probe+0x26d/0xad0
[   86.231259][ T5337]  __driver_probe_device+0x18c/0x320
[   86.233596][ T5337]  driver_probe_device+0x4f/0x240
[   86.235818][ T5337]  __device_attach_driver+0x279/0x430
[   86.238165][ T5337]  bus_for_each_drv+0x251/0x2e0
[   86.240267][ T5337]  ? __pfx___device_attach_driver+0x10/0x10
[   86.242851][ T5337]  ? __pfx_bus_for_each_drv+0x10/0x10
[   86.245185][ T5337]  ? lockdep_hardirqs_on+0x7b/0x110
[   86.247639][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.250175][ T5337]  __device_attach+0x2b8/0x430
[   86.252321][ T5337]  ? __pfx___device_attach+0x10/0x10
[   86.254554][ T5337]  ? _raw_spin_unlock+0x28/0x50
[   86.256951][ T5337]  device_initial_probe+0xa1/0xd0
[   86.259107][ T5337]  bus_probe_device+0x12a/0x220
[   86.261169][ T5337]  ? device_add+0x726/0xb80
[   86.262989][ T5337]  device_add+0x7b6/0xb80
[   86.264710][ T5337]  usb_set_configuration+0x1a87/0x2110
[   86.266930][ T5337]  usb_generic_driver_probe+0x8d/0x150
[   86.269032][ T5337]  usb_probe_device+0x1c4/0x3c0
[   86.270894][ T5337]  ? __pfx_usb_probe_device+0x10/0x10
[   86.272935][ T5337]  really_probe+0x26d/0xad0
[   86.274647][ T5337]  __driver_probe_device+0x18c/0x320
[   86.276791][ T5337]  driver_probe_device+0x4f/0x240
[   86.278886][ T5337]  __device_attach_driver+0x279/0x430
[   86.281038][ T5337]  bus_for_each_drv+0x251/0x2e0
[   86.283025][ T5337]  ? __pfx___device_attach_driver+0x10/0x10
[   86.285381][ T5337]  ? __pfx_bus_for_each_drv+0x10/0x10
[   86.287531][ T5337]  ? lockdep_hardirqs_on+0x7b/0x110
[   86.289690][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.292215][ T5337]  __device_attach+0x2b8/0x430
[   86.294520][ T5337]  ? __pfx___device_attach+0x10/0x10
[   86.296955][ T5337]  ? _raw_spin_unlock+0x28/0x50
[   86.299069][ T5337]  device_initial_probe+0xa1/0xd0
[   86.301259][ T5337]  bus_probe_device+0x12a/0x220
[   86.303420][ T5337]  ? device_add+0x726/0xb80
[   86.305434][ T5337]  device_add+0x7b6/0xb80
[   86.307289][ T5337]  usb_new_device+0xa39/0x1720
[   86.309095][ T5337]  ? __pfx_usb_new_device+0x10/0x10
[   86.310925][ T5337]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.313015][ T5337]  hub_event+0x29b1/0x4ef0
[   86.314789][ T5337]  ? __pfx_hub_event+0x10/0x10
[   86.316845][ T5337]  ? process_scheduled_works+0x9ef/0x1770
[   86.318971][ T5337]  ? process_scheduled_works+0x9ef/0x1770
[   86.321215][ T5337]  ? process_scheduled_works+0x9ef/0x1770
[   86.323882][ T5337]  process_scheduled_works+0xad1/0x1770
[   86.326447][ T5337]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.330379][ T5337]  ? do_raw_spin_lock+0x121/0x290
[   86.332809][ T5337]  worker_thread+0x8a0/0xda0
[   86.334843][ T5337]  ? __kthread_parkme+0x7b/0x200
[   86.337436][ T5337]  kthread+0x711/0x8a0
[   86.339272][ T5337]  ? __pfx_worker_thread+0x10/0x10
[   86.341584][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.343736][ T5337]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.346067][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.348226][ T5337]  ret_from_fork+0x510/0xa50
[   86.350211][ T5337]  ? __pfx_ret_from_fork+0x10/0x10
[   86.352012][ T5337]  ? __switch_to+0xc9e/0x1480
[   86.353956][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.355865][ T5337]  ret_from_fork_asm+0x1a/0x30
[   86.357922][ T5337]  </TASK>
[   86.359261][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.362196][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) 
[   86.365827][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.370191][ T5337] Workqueue: usb_hub_wq hub_event
[   86.372300][ T5337] Call Trace:
[   86.373749][ T5337]  <TASK>
[   86.375010][ T5337]  vpanic+0x1e0/0x670
[   86.376653][ T5337]  panic+0xb9/0xc0
[   86.378074][ T5337]  ? __pfx_panic+0x10/0x10
[   86.379871][ T5337]  ? ret_from_fork_asm+0x1a/0x30
[   86.381841][ T5337]  __warn+0x317/0x4b0
[   86.383494][ T5337]  ? free_large_kmalloc+0xa3/0x150
[   86.385625][ T5337]  ? free_large_kmalloc+0xa3/0x150
[   86.387704][ T5337]  __report_bug+0x288/0x500
[   86.389554][ T5337]  ? bus_for_each_drv+0x251/0x2e0
[   86.391448][ T5337]  ? __device_attach+0x2b8/0x430
[   86.393433][ T5337]  ? device_initial_probe+0xa1/0xd0
[   86.395239][ T5337]  ? free_large_kmalloc+0xa3/0x150
[   86.397028][ T5337]  ? __pfx___report_bug+0x10/0x10
[   86.398828][ T5337]  ? bus_probe_device+0x12a/0x220
[   86.400722][ T5337]  ? device_add+0x7b6/0xb80
[   86.402513][ T5337]  ? usb_new_device+0xa39/0x1720
[   86.404682][ T5337]  ? smscore_unregister_device+0x655/0x780
[   86.407225][ T5337]  ? free_large_kmalloc+0xa3/0x150
[   86.409572][ T5337]  report_bug+0x16a/0x220
[   86.411469][ T5337]  ? free_large_kmalloc+0xa3/0x150
[   86.413768][ T5337]  ? free_large_kmalloc+0xa5/0x150
[   86.416190][ T5337]  handle_bug+0x98/0x200
[   86.418096][ T5337]  exc_invalid_op+0x1a/0x50
[   86.420179][ T5337]  asm_exc_invalid_op+0x1a/0x20
[   86.422353][ T5337] RIP: 0010:free_large_kmalloc+0xa3/0x150
[   86.424763][ T5337] Code: f8 ff 74 17 25 00 00 00 ff 3d 00 00 00 f8 0f 85 a4 00 00 00 c7 43 30 ff ff ff ff 48 89 df 89 ee 5b 41 5e 5d e9 3e d9 fc ff 90 <0f> 0b 90 48 89 df 48 c7 c6 b5 e1 7a 8d 5b 41 5e 5d e9 87 6a 0a ff
[   86.432582][ T5337] RSP: 0018:ffffc9000ea0eac0 EFLAGS: 00010206
[   86.435057][ T5337] RAX: 00000000ff000000 RBX: ffffea00010ff880 RCX: ffff8880009d4901
[   86.438954][ T5337] RDX: 0000000000000000 RSI: ffff888043fe2000 RDI: ffffea00010ff880
[   86.442951][ T5337] RBP: 0000000000000000 R08: ffff888037675603 R09: 1ffff11006eceac0
[   86.447291][ T5337] R10: dffffc0000000000 R11: ffffed1006eceac1 R12: 1ffff110024af082
[   86.451718][ T5337] R13: 0000000000000000 R14: ffff888037675660 R15: dffffc0000000000
[   86.455415][ T5337]  usb_free_urb+0xd0/0x120
[   86.457896][ T5337]  smsusb_term_device+0x1d7/0x3e0
[   86.460567][ T5337]  smsusb_probe+0x1a20/0x21f0
[   86.463168][ T5337]  ? __pfx_smsusb_probe+0x10/0x10
[   86.465821][ T5337]  ? do_raw_spin_lock+0x121/0x290
[   86.467938][ T5337]  ? __pfx_smsusb_sendrequest+0x10/0x10
[   86.470265][ T5337]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   86.472916][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.475421][ T5337]  ? __pm_runtime_set_status+0x785/0xa50
[   86.477866][ T5337]  usb_probe_interface+0x668/0xc90
[   86.480164][ T5337]  ? __pfx_usb_probe_interface+0x10/0x10
[   86.482627][ T5337]  really_probe+0x26d/0xad0
[   86.484709][ T5337]  __driver_probe_device+0x18c/0x320
[   86.487081][ T5337]  driver_probe_device+0x4f/0x240
[   86.489396][ T5337]  __device_attach_driver+0x279/0x430
[   86.491806][ T5337]  bus_for_each_drv+0x251/0x2e0
[   86.494034][ T5337]  ? __pfx___device_attach_driver+0x10/0x10
[   86.497313][ T5337]  ? __pfx_bus_for_each_drv+0x10/0x10
[   86.499938][ T5337]  ? lockdep_hardirqs_on+0x7b/0x110
[   86.502293][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.504693][ T5337]  __device_attach+0x2b8/0x430
[   86.506814][ T5337]  ? __pfx___device_attach+0x10/0x10
[   86.509193][ T5337]  ? _raw_spin_unlock+0x28/0x50
[   86.511376][ T5337]  device_initial_probe+0xa1/0xd0
[   86.513644][ T5337]  bus_probe_device+0x12a/0x220
[   86.515804][ T5337]  ? device_add+0x726/0xb80
[   86.517784][ T5337]  device_add+0x7b6/0xb80
[   86.519798][ T5337]  usb_set_configuration+0x1a87/0x2110
[   86.522342][ T5337]  usb_generic_driver_probe+0x8d/0x150
[   86.524819][ T5337]  usb_probe_device+0x1c4/0x3c0
[   86.527066][ T5337]  ? __pfx_usb_probe_device+0x10/0x10
[   86.529455][ T5337]  really_probe+0x26d/0xad0
[   86.531491][ T5337]  __driver_probe_device+0x18c/0x320
[   86.533920][ T5337]  driver_probe_device+0x4f/0x240
[   86.536187][ T5337]  __device_attach_driver+0x279/0x430
[   86.538603][ T5337]  bus_for_each_drv+0x251/0x2e0
[   86.540693][ T5337]  ? __pfx___device_attach_driver+0x10/0x10
[   86.543094][ T5337]  ? __pfx_bus_for_each_drv+0x10/0x10
[   86.545093][ T5337]  ? lockdep_hardirqs_on+0x7b/0x110
[   86.546962][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.549230][ T5337]  __device_attach+0x2b8/0x430
[   86.550998][ T5337]  ? __pfx___device_attach+0x10/0x10
[   86.553415][ T5337]  ? _raw_spin_unlock+0x28/0x50
[   86.555593][ T5337]  device_initial_probe+0xa1/0xd0
[   86.557673][ T5337]  bus_probe_device+0x12a/0x220
[   86.559786][ T5337]  ? device_add+0x726/0xb80
[   86.561689][ T5337]  device_add+0x7b6/0xb80
[   86.563610][ T5337]  usb_new_device+0xa39/0x1720
[   86.565745][ T5337]  ? __pfx_usb_new_device+0x10/0x10
[   86.568080][ T5337]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.570488][ T5337]  hub_event+0x29b1/0x4ef0
[   86.572490][ T5337]  ? __pfx_hub_event+0x10/0x10
[   86.574639][ T5337]  ? process_scheduled_works+0x9ef/0x1770
[   86.577174][ T5337]  ? process_scheduled_works+0x9ef/0x1770
[   86.579716][ T5337]  ? process_scheduled_works+0x9ef/0x1770
[   86.582256][ T5337]  process_scheduled_works+0xad1/0x1770
[   86.584724][ T5337]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.587361][ T5337]  ? do_raw_spin_lock+0x121/0x290
[   86.589697][ T5337]  worker_thread+0x8a0/0xda0
[   86.591807][ T5337]  ? __kthread_parkme+0x7b/0x200
[   86.594049][ T5337]  kthread+0x711/0x8a0
[   86.595901][ T5337]  ? __pfx_worker_thread+0x10/0x10
[   86.598170][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.600131][ T5337]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.602526][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.604552][ T5337]  ret_from_fork+0x510/0xa50
[   86.606703][ T5337]  ? __pfx_ret_from_fork+0x10/0x10
[   86.609006][ T5337]  ? __switch_to+0xc9e/0x1480
[   86.611012][ T5337]  ? __pfx_kthread+0x10/0x10
[   86.613209][ T5337]  ret_from_fork_asm+0x1a/0x30
[   86.615948][ T5337]  </TASK>
[   86.618027][ T5337] Kernel Offset: disabled
[   86.620055][ T5337] Rebooting in 86400 seconds..