Warning: Permanently added '10.128.1.173' (ED25519) to the list of known hosts.
2026/04/26 02:39:21 parsed 1 programs
[   94.909365][   T29] audit: type=1400 audit(1777171163.638:105): avc:  denied  { unlink } for  pid=3986 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[   95.027128][ T3986] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.912709][   T29] audit: type=1401 audit(1777171166.638:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2026/04/26 02:39:37 executed programs: 0
2026/04/26 02:40:22 executed programs: 10
[  154.031368][   T29] audit: type=1400 audit(1777171222.758:107): avc:  denied  { read write } for  pid=6762 comm="syz.6.20" name="raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  154.115182][   T29] audit: type=1400 audit(1777171222.788:108): avc:  denied  { open } for  pid=6762 comm="syz.6.20" path="/dev/raw-gadget" dev="devtmpfs" ino=236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  154.170257][   T29] audit: type=1400 audit(1777171222.788:109): avc:  denied  { ioctl } for  pid=6762 comm="syz.6.20" path="/dev/raw-gadget" dev="devtmpfs" ino=236 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  154.334433][   T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  154.343151][ T1122] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  154.505245][   T23] usb 1-1: Using ep0 maxpacket: 16
[  154.510455][ T1122] usb 7-1: Using ep0 maxpacket: 16
[  154.520217][   T23] usb 1-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  154.533478][ T1122] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  154.545970][   T23] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024
[  154.558087][ T1122] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024
[  154.572002][ T1122] usb 7-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1
[  154.581456][   T23] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1
[  154.592030][ T1122] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.600221][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.608505][ T1122] usb 7-1: Product: syz
[  154.612695][   T23] usb 1-1: Product: syz
[  154.616933][ T1122] usb 7-1: Manufacturer: syz
[  154.621601][   T23] usb 1-1: Manufacturer: syz
[  154.624302][   T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  154.626319][ T1122] usb 7-1: SerialNumber: syz
[  154.627718][   T23] usb 1-1: SerialNumber: syz
[  154.644219][ T6769] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  154.661331][ T1122] em28xx 7-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0)
[  154.673275][ T1122] em28xx 7-1:246.0: Audio interface 0 found (Vendor Class)
[  154.687928][   T23] em28xx 1-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0)
[  154.694054][ T2801] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  154.698915][   T23] em28xx 1-1:246.0: Audio interface 0 found (Vendor Class)
[  154.784078][   T10] usb 2-1: Using ep0 maxpacket: 16
[  154.791170][   T10] usb 2-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  154.803047][   T10] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024
[  154.814057][ T6769] usb 8-1: Using ep0 maxpacket: 16
[  154.816771][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1
[  154.821685][ T6769] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  154.828963][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.841799][ T6769] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024
[  154.849551][   T10] usb 2-1: Product: syz
[  154.864194][ T6769] usb 8-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1
[  154.865318][   T10] usb 2-1: Manufacturer: syz
[  154.876482][ T6769] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.878429][   T10] usb 2-1: SerialNumber: syz
[  154.889879][ T6769] usb 8-1: Product: syz
[  154.894007][ T2801] usb 5-1: Using ep0 maxpacket: 16
[  154.896203][ T6769] usb 8-1: Manufacturer: syz
[  154.905982][ T6769] usb 8-1: SerialNumber: syz
[  154.906182][ T2801] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  154.920309][ T6769] em28xx 8-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0)
[  154.927154][ T2801] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024
[  154.944967][ T1122] em28xx 7-1:246.0: unknown em28xx chip ID (0)
[  154.946476][   T10] em28xx 2-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0)
[  154.956467][ T6769] em28xx 8-1:246.0: Audio interface 0 found (Vendor Class)
[  154.960843][   T10] em28xx 2-1:246.0: Audio interface 0 found (Vendor Class)
[  154.968509][   T23] em28xx 1-1:246.0: unknown em28xx chip ID (0)
[  154.985113][ T1122] em28xx 7-1:246.0: Config register raw data: 0xfffffffb
[  154.990183][ T2801] usb 5-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1
[  154.995112][   T23] em28xx 1-1:246.0: Config register raw data: 0xfffffffb
[  155.009896][ T1122] em28xx 7-1:246.0: AC97 chip type couldn't be determined
[  155.018686][ T1122] em28xx 7-1:246.0: No AC97 audio processor
[  155.021911][ T2801] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.028615][   T23] em28xx 1-1:246.0: AC97 chip type couldn't be determined
[  155.033898][ T2801] usb 5-1: Product: syz
[  155.044197][ T1122] em28xx 7-1:246.0: We currently don't support analog TV or stream capture on dual tuners.
[  155.044708][ T2801] usb 5-1: Manufacturer: syz
[  155.060176][ T2801] usb 5-1: SerialNumber: syz
[  155.060399][   T23] em28xx 1-1:246.0: No AC97 audio processor
[  155.071664][   T23] em28xx 1-1:246.0: We currently don't support analog TV or stream capture on dual tuners.
[  155.083542][ T2801] em28xx 5-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0)
[  155.093396][ T2801] em28xx 5-1:246.0: Audio interface 0 found (Vendor Class)
[  155.134543][ T1122] em28xx 7-1:246.0: unknown em28xx chip ID (0)
[  155.141316][ T1122] em28xx 7-1:246.0: Config register raw data: 0xfffffffb
[  155.149281][   T23] em28xx 1-1:246.0: unknown em28xx chip ID (0)
[  155.156198][ T1122] em28xx 7-1:246.0: AC97 chip type couldn't be determined
[  155.163596][ T1122] em28xx 7-1:246.0: No AC97 audio processor
[  155.170030][   T23] em28xx 1-1:246.0: Config register raw data: 0xfffffffb
[  155.177738][ T6769] em28xx 8-1:246.0: unknown em28xx chip ID (0)
[  155.192938][ T6769] em28xx 8-1:246.0: Config register raw data: 0xfffffffb
[  155.201682][   T23] em28xx 1-1:246.0: AC97 chip type couldn't be determined
[  155.204409][   T10] em28xx 2-1:246.0: unknown em28xx chip ID (0)
[  155.214111][   T23] em28xx 1-1:246.0: No AC97 audio processor
[  155.216227][   T10] em28xx 2-1:246.0: Config register raw data: 0xfffffffb
[  155.221585][ T6769] em28xx 8-1:246.0: AC97 chip type couldn't be determined
[  155.229816][   T10] em28xx 2-1:246.0: AC97 chip type couldn't be determined
[  155.243499][   T10] em28xx 2-1:246.0: No AC97 audio processor
[  155.249779][   T10] em28xx 2-1:246.0: We currently don't support analog TV or stream capture on dual tuners.
[  155.263989][ T6769] em28xx 8-1:246.0: No AC97 audio processor
[  155.273991][ T6769] em28xx 8-1:246.0: We currently don't support analog TV or stream capture on dual tuners.
[  155.314691][   T10] em28xx 2-1:246.0: unknown em28xx chip ID (0)
[  155.321585][   T10] em28xx 2-1:246.0: Config register raw data: 0xfffffffb
[  155.329489][   T10] em28xx 2-1:246.0: AC97 chip type couldn't be determined
[  155.338779][   T10] em28xx 2-1:246.0: No AC97 audio processor
[  155.344877][ T2801] em28xx 5-1:246.0: unknown em28xx chip ID (0)
[  155.360456][ T2801] em28xx 5-1:246.0: Config register raw data: 0xfffffffb
[  155.364360][ T6769] em28xx 8-1:246.0: unknown em28xx chip ID (0)
[  155.374372][ T2801] em28xx 5-1:246.0: AC97 chip type couldn't be determined
[  155.387833][ T6769] em28xx 8-1:246.0: Config register raw data: 0xfffffffb
[  155.391991][ T2801] em28xx 5-1:246.0: No AC97 audio processor
[  155.409760][ T6769] em28xx 8-1:246.0: AC97 chip type couldn't be determined
[  155.431285][ T2801] em28xx 5-1:246.0: We currently don't support analog TV or stream capture on dual tuners.
[  155.432614][ T6769] em28xx 8-1:246.0: No AC97 audio processor
[  155.545372][ T2801] em28xx 5-1:246.0: unknown em28xx chip ID (0)
[  155.564629][ T2801] em28xx 5-1:246.0: Config register raw data: 0xfffffffb
[  155.584432][ T2801] em28xx 5-1:246.0: AC97 chip type couldn't be determined
[  155.600063][ T2801] em28xx 5-1:246.0: No AC97 audio processor
[  155.684862][ T1122] usb 7-1: USB disconnect, device number 2
[  155.702736][   T23] usb 1-1: USB disconnect, device number 2
[  155.746314][   T23] em28xx 1-1:246.0: Disconnecting em28xx #5
[  155.752293][   T23] em28xx 1-1:246.0: Disconnecting em28xx
[  155.767764][ T1122] em28xx 7-1:246.0: Disconnecting em28xx #4
[  155.788693][ T1122] em28xx 7-1:246.0: Disconnecting em28xx
[  155.827705][   T23] em28xx 1-1:246.0: Freeing device
[  155.839287][ T1122] em28xx 7-1:246.0: Freeing device
[  155.852447][   T23] em28xx 1-1:246.0: Freeing device
[  155.865226][ T1122] em28xx 7-1:246.0: Freeing device
[  155.927744][   T10] usb 2-1: USB disconnect, device number 2
[  155.967286][   T10] em28xx 2-1:246.0: Disconnecting em28xx #7
[  155.983080][   T10] em28xx 2-1:246.0: Disconnecting em28xx
[  156.001635][   T10] ==================================================================
[  156.010035][   T10] BUG: KASAN: slab-out-of-bounds in __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.014581][ T6769] usb 8-1: USB disconnect, device number 2
[  156.019181][   T10] Read of size 8 at addr ffff88811eb00250 by task kworker/0:1/10
[  156.019204][   T10] 
[  156.019235][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[  156.019259][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  156.019278][   T10] Workqueue: usb_hub_wq hub_event
[  156.019325][   T10] Call Trace:
[  156.019334][   T10]  <TASK>
[  156.019347][   T10]  dump_stack_lvl+0x100/0x190
[  156.019380][   T10]  print_report+0x13d/0x4b0
[  156.019415][   T10]  ? __virt_addr_valid+0x239/0x430
[  156.019443][   T10]  ? __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.019470][   T10]  kasan_report+0xdf/0x1d0
[  156.019501][   T10]  ? __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.019537][   T10]  __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.019563][   T10]  em28xx_close_extension+0x10b/0x2b0
[  156.019596][   T10]  em28xx_usb_disconnect.cold+0x13d/0x253
[  156.019630][   T10]  usb_unbind_interface+0x1dd/0x9e0
[  156.019666][   T10]  ? __pfx_usb_unbind_interface+0x10/0x10
[  156.019699][   T10]  device_remove+0x12a/0x180
[  156.019729][   T10]  device_release_driver_internal+0x44e/0x620
[  156.019765][   T10]  bus_remove_device+0x2bc/0x560
[  156.019794][   T10]  ? __pfx_bus_remove_device+0x10/0x10
[  156.019820][   T10]  ? __pfx_device_remove_attrs+0x10/0x10
[  156.019852][   T10]  device_del+0x376/0x9b0
[  156.019882][   T10]  ? __pfx_device_del+0x10/0x10
[  156.019910][   T10]  ? kobject_put+0xb9/0x640
[  156.019937][   T10]  usb_disable_device+0x367/0x810
[  156.019969][   T10]  usb_disconnect+0x2e2/0x9a0
[  156.020000][   T10]  hub_event+0x1d0c/0x4af0
[  156.020039][   T10]  ? __lock_acquire+0x4a5/0x2630
[  156.020074][   T10]  ? do_raw_spin_unlock+0x145/0x1e0
[  156.020100][   T10]  ? __pfx_hub_event+0x10/0x10
[  156.020127][   T10]  ? assoc_array_insert+0x22e0/0x32c0
[  156.020156][   T10]  ? rcu_is_watching+0x12/0xc0
[  156.020186][   T10]  process_one_work+0xa0e/0x1980
[  156.020218][   T10]  ? __pfx_process_one_work+0x10/0x10
[  156.020246][   T10]  ? __pfx_hub_event+0x10/0x10
[  156.020274][   T10]  worker_thread+0x5ef/0xe50
[  156.020302][   T10]  ? __pfx_worker_thread+0x10/0x10
[  156.020328][   T10]  ? kthread+0x13a/0x450
[  156.020349][   T10]  ? __pfx_worker_thread+0x10/0x10
[  156.020373][   T10]  kthread+0x370/0x450
[  156.020393][   T10]  ? __pfx_kthread+0x10/0x10
[  156.020416][   T10]  ret_from_fork+0x69a/0xc80
[  156.020447][   T10]  ? __pfx_ret_from_fork+0x10/0x10
[  156.020475][   T10]  ? __switch_to+0x7f6/0x1100
[  156.020515][   T10]  ? __switch_to_asm+0x39/0x70
[  156.020546][   T10]  ? __pfx_kthread+0x10/0x10
[  156.020569][   T10]  ret_from_fork_asm+0x1a/0x30
[  156.020606][   T10]  </TASK>
[  156.020615][   T10] 
[  156.052587][ T6769] em28xx 8-1:246.0: Disconnecting em28xx #8
[  156.054398][   T10] Allocated by task 6788:
[  156.054422][   T10]  kasan_save_stack+0x30/0x50
[  156.054451][   T10]  kasan_save_track+0x14/0x30
[  156.054471][   T10]  __kasan_kmalloc+0x8f/0xa0
[  156.054489][   T10]  __kmalloc_node_track_caller_noprof+0x306/0x800
[  156.064001][ T6769] em28xx 8-1:246.0: Disconnecting em28xx
[  156.065825][   T10]  kmalloc_reserve+0xe8/0x350
[  156.204071][   T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  156.205982][   T10]  __alloc_skb+0x185/0x710
[  156.206011][   T10]  alloc_skb_with_frags+0xdd/0x760
[  156.211098][ T1122] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  156.216503][   T10]  sock_alloc_send_pskb+0x801/0x980
[  156.216538][   T10]  unix_dgram_sendmsg+0x3c7/0x1810
[  156.216560][   T10]  sock_write_iter+0x524/0x5a0
[  156.216585][   T10]  vfs_write+0x6ac/0x1070
[  156.216756][   T10]  ksys_write+0x1f8/0x250
[  156.364053][ T1122] usb 7-1: Using ep0 maxpacket: 16
[  156.364583][   T10]  do_syscall_64+0x10b/0x7f0
[  156.369112][   T23] usb 1-1: Using ep0 maxpacket: 16
[  156.373423][   T10]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.380836][   T23] usb 1-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  156.380992][ T1122] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  156.383201][   T10] 
[  156.383209][   T10] Freed by task 2854:
[  156.383221][   T10]  kasan_save_stack+0x30/0x50
[  156.394328][   T10]  kasan_save_track+0x14/0x30
[  156.394358][   T10]  kasan_save_free_info+0x3b/0x70
[  156.394387][   T10]  __kasan_slab_free+0x43/0x70
[  156.394409][   T10]  kfree+0x204/0x650
[  156.394433][   T10]  skb_free_head+0xb9/0x160
[  156.407109][ T1122] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024
[  156.417852][   T10]  skb_release_data+0x6c5/0x8e0
[  156.417880][   T10]  consume_skb+0xc4/0x110
[  156.417900][   T10]  __unix_dgram_recvmsg+0x754/0xc30
[  156.417922][   T10]  unix_dgram_recvmsg+0xcd/0x100
[  156.417944][   T10]  sock_recvmsg+0x1a4/0x1f0
[  156.417967][   T10]  ____sys_recvmsg+0x218/0x640
[  156.417988][   T10]  ___sys_recvmsg+0x16a/0x1a0
[  156.421999][   T23] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024
[  156.424368][   T10]  __sys_recvmsg+0x16d/0x220
[  156.424396][   T10]  do_syscall_64+0x10b/0x7f0
[  156.424426][   T10]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.424447][   T10] 
[  156.424454][   T10] The buggy address belongs to the object at ffff88811eb00000
[  156.424454][   T10]  which belongs to the cache kmalloc-cg-512 of size 512
[  156.432247][   T23] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1
[  156.433866][   T10] The buggy address is located 80 bytes to the right of
[  156.433866][   T10]  allocated 512-byte region [ffff88811eb00000, ffff88811eb00200)
[  156.433893][   T10] 
[  156.433899][   T10] The buggy address belongs to the physical page:
[  156.439742][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.443672][   T10] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11eb00
[  156.443700][   T10] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  156.443717][   T10] memcg:ffff88811eb00211
[  156.443725][   T10] flags: 0x200000000000040(head|node=0|zone=2)
[  156.443752][   T10] page_type: f5(slab)
[  156.443771][   T10] raw: 0200000000000040 ffff88810005d140 dead000000000100 dead000000000122
[  156.443794][   T10] raw: 0000000000000000 0000040000100010 00000000f5000000 ffff88811eb00211
[  156.449118][   T23] usb 1-1: Product: syz
[  156.452203][   T10] head: 0200000000000040 ffff88810005d140 dead000000000100 dead000000000122
[  156.452225][   T10] head: 0000000000000000 0000040000100010 00000000f5000000 ffff88811eb00211
[  156.452244][   T10] head: 0200000000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
[  156.452262][   T10] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[  156.452273][   T10] page dumped because: kasan: bad access detected
[  156.452301][   T10] page_owner tracks the page as allocated
[  156.464160][ T1122] usb 7-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1
[  156.468393][   T10] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2843, tgid 2843 (klogd), ts 155858789591, free_ts 155852403879
[  156.476628][   T29] audit: type=1400 audit(1777171225.208:110): avc:  denied  { read } for  pid=2836 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  156.477974][   T10]  post_alloc_hook+0x153/0x170
[  156.484125][ T1122] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.487530][   T10]  get_page_from_freelist+0xf34/0x3a90
[  156.487572][   T10]  __alloc_frozen_pages_noprof+0x273/0x28a0
[  156.487599][   T10]  new_slab+0xa6/0x6b0
[  156.487621][   T10]  refill_objects+0x277/0x420
[  156.492775][   T29] audit: type=1400 audit(1777171225.208:111): avc:  denied  { search } for  pid=2836 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  156.497234][   T10]  __pcs_replace_empty_main+0x375/0x650
[  156.497268][   T10]  __kmalloc_node_track_caller_noprof+0x651/0x800
[  156.497297][   T10]  kmalloc_reserve+0xe8/0x350
[  156.509648][ T1122] usb 7-1: Product: syz
[  156.513177][   T10]  __alloc_skb+0x185/0x710
[  156.513202][   T10]  alloc_skb_with_frags+0xdd/0x760
[  156.518839][   T23] usb 1-1: Manufacturer: syz
[  156.523760][   T10]  sock_alloc_send_pskb+0x801/0x980
[  156.526679][ T1122] usb 7-1: Manufacturer: syz
[  156.540755][   T10]  unix_dgram_sendmsg+0x3c7/0x1810
[  156.540790][   T10]  __sys_sendto+0x468/0x4b0
[  156.540818][   T10]  __x64_sys_sendto+0xe0/0x1c0
[  156.540845][   T10]  do_syscall_64+0x10b/0x7f0
[  156.540874][   T10]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.540896][   T10] page last free pid 23 tgid 23 stack trace:
[  156.551065][   T23] usb 1-1: SerialNumber: syz
[  156.564660][   T10]  __free_frozen_pages+0x692/0xf10
[  156.564696][   T10]  kref_put.constprop.0.isra.0+0x4d/0x6d
[  156.564728][   T10]  em28xx_usb_disconnect.cold+0x1b4/0x253
[  156.564755][   T10]  usb_unbind_interface+0x1dd/0x9e0
[  156.564783][   T10]  device_remove+0x12a/0x180
[  156.564806][   T10]  device_release_driver_internal+0x44e/0x620
[  156.567413][   T29] audit: type=1400 audit(1777171225.208:112): avc:  denied  { search } for  pid=2836 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  156.573700][   T10]  bus_remove_device+0x2bc/0x560
[  156.582829][   T29] audit: type=1400 audit(1777171225.208:113): avc:  denied  { add_name } for  pid=2836 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  156.590687][   T10]  device_del+0x376/0x9b0
[  156.590727][   T10]  usb_disable_device+0x367/0x810
[  156.590751][   T10]  usb_disconnect+0x2e2/0x9a0
[  156.590774][   T10]  hub_event+0x1d0c/0x4af0
[  156.590795][   T10]  process_one_work+0xa0e/0x1980
[  156.601791][ T1122] usb 7-1: SerialNumber: syz
[  156.603556][   T10]  worker_thread+0x5ef/0xe50
[  156.612868][   T29] audit: type=1400 audit(1777171225.208:114): avc:  denied  { create } for  pid=2836 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  156.613692][   T10]  kthread+0x370/0x450
[  156.623081][   T29] audit: type=1400 audit(1777171225.208:115): avc:  denied  { append open } for  pid=2836 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  156.630918][   T10]  ret_from_fork+0x69a/0xc80
[  156.630951][   T10]  ret_from_fork_asm+0x1a/0x30
[  156.630980][   T10] 
[  156.630985][   T10] Memory state around the buggy address:
[  156.630998][   T10]  ffff88811eb00100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.636314][   T29] audit: type=1400 audit(1777171225.208:116): avc:  denied  { getattr } for  pid=2836 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  156.643822][   T10]  ffff88811eb00180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.643844][   T10] >ffff88811eb00200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  156.643855][   T10]                                                  ^
[  156.669089][ T1122] em28xx 7-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0)
[  156.670014][   T10]  ffff88811eb00280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  156.685927][   T23] em28xx 1-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0)
[  156.691516][   T10]  ffff88811eb00300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  156.691531][   T10] ==================================================================
[  156.762996][   T10] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  156.763022][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) 
[  156.763050][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  156.763066][   T10] Workqueue: usb_hub_wq hub_event
[  156.763103][   T10] Call Trace:
[  156.763111][   T10]  <TASK>
[  156.763121][   T10]  dump_stack_lvl+0x100/0x190
[  156.763167][   T10]  vpanic+0x552/0x970
[  156.763194][   T10]  ? __pfx_vpanic+0x10/0x10
[  156.763223][   T10]  ? __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.763249][   T10]  panic+0xd1/0xe0
[  156.763273][   T10]  ? __pfx_panic+0x10/0x10
[  156.763299][   T10]  ? __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.763330][   T10]  ? preempt_schedule_common+0x42/0xc0
[  156.763359][   T10]  ? check_panic_on_warn+0x1f/0x90
[  156.763385][   T10]  check_panic_on_warn.cold+0x19/0x34
[  156.763413][   T10]  end_report.part.0+0x3a/0x90
[  156.763445][   T10]  kasan_report.cold+0xe/0x18
[  156.763476][   T10]  ? __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.763505][   T10]  __list_del_entry_valid_or_report+0x1b1/0x1d0
[  156.763530][   T10]  em28xx_close_extension+0x10b/0x2b0
[  156.763562][   T10]  em28xx_usb_disconnect.cold+0x13d/0x253
[  156.763594][   T10]  usb_unbind_interface+0x1dd/0x9e0
[  156.763629][   T10]  ? __pfx_usb_unbind_interface+0x10/0x10
[  156.763660][   T10]  device_remove+0x12a/0x180
[  156.763686][   T10]  device_release_driver_internal+0x44e/0x620
[  156.763718][   T10]  bus_remove_device+0x2bc/0x560
[  156.763752][   T10]  ? __pfx_bus_remove_device+0x10/0x10
[  156.763777][   T10]  ? __pfx_device_remove_attrs+0x10/0x10
[  156.763810][   T10]  device_del+0x376/0x9b0
[  156.763840][   T10]  ? __pfx_device_del+0x10/0x10
[  156.763867][   T10]  ? kobject_put+0xb9/0x640
[  156.763894][   T10]  usb_disable_device+0x367/0x810
[  157.326280][   T10]  usb_disconnect+0x2e2/0x9a0
[  157.331095][   T10]  hub_event+0x1d0c/0x4af0
[  157.335561][   T10]  ? __lock_acquire+0x4a5/0x2630
[  157.340721][   T10]  ? do_raw_spin_unlock+0x145/0x1e0
[  157.346237][   T10]  ? __pfx_hub_event+0x10/0x10
[  157.351046][   T10]  ? assoc_array_insert+0x22e0/0x32c0
[  157.356662][   T10]  ? rcu_is_watching+0x12/0xc0
[  157.361556][   T10]  process_one_work+0xa0e/0x1980
[  157.366529][   T10]  ? __pfx_process_one_work+0x10/0x10
[  157.371925][   T10]  ? __pfx_hub_event+0x10/0x10
[  157.376733][   T10]  worker_thread+0x5ef/0xe50
[  157.381416][   T10]  ? __pfx_worker_thread+0x10/0x10
[  157.386653][   T10]  ? kthread+0x13a/0x450
[  157.390944][   T10]  ? __pfx_worker_thread+0x10/0x10
[  157.396106][   T10]  kthread+0x370/0x450
[  157.400247][   T10]  ? __pfx_kthread+0x10/0x10
[  157.404962][   T10]  ret_from_fork+0x69a/0xc80
[  157.409587][   T10]  ? __pfx_ret_from_fork+0x10/0x10
[  157.414721][   T10]  ? __switch_to+0x7f6/0x1100
[  157.419430][   T10]  ? __switch_to_asm+0x39/0x70
[  157.424229][   T10]  ? __pfx_kthread+0x10/0x10
[  157.429144][   T10]  ret_from_fork_asm+0x1a/0x30
[  157.433950][   T10]  </TASK>
[  157.437642][   T10] Kernel Offset: disabled
[  157.442060][   T10] Rebooting in 86400 seconds..