last executing test programs:

110.065373ms ago: executing program 0 (id=1):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x11, r0)
ptrace(0x4207, r0)
ptrace$PTRACE_SETSIGMASK(0x420b, r0, 0x8, &(0x7f00000000c0)={[0xa]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00042dbd7000fd"], 0x14}, 0x1, 0x0, 0x0, 0x2010}, 0x4001)
ioctl$KVM_GET_MSR_FEATURE_INDEX_LIST(r1, 0xc004ae0a, &(0x7f0000000340)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_usb_connect$printer(0x2, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x211, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0xb0, 0xf, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x7, 0x1, 0x1, 0x92, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x53, 0x4, 0xb4}}, [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x80, 0x72, 0x5}}]}}}]}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x39, &(0x7f0000000300)=@string={0x39, 0x3, "91557e7e0c76850aab6318560c2fac2e08af7f382bb5df39adf3f44a85fd2a6a0171036a1317fc96a9dca0277cacb4ea13f6573563b6cc"}}, {0x16, &(0x7f0000000100)=ANY=[@ANYBLOB="eebae372e4c784c91fe367d4a7a2f7c62196c07f8723a57828bc58d961dd"]}, {0x0, 0x0}]})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x38, 0x1001, 0x0, 0x180, 0x4, 0x14, 0xf5, 0x0, 0x7fffffffffffe, 0x5, 0x4007, 0x8, 0x9, 0x45, 0x1, 0xbdb], 0xdddd0000, 0x1c4213})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGSKNS(r5, 0x894c, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r8 = ioctl$KVM_GET_STATS_FD_vm(r7, 0xaece)
read$usbmon(r8, 0x0, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
writev(r9, &(0x7f00000003c0)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff0100000001000000560000002500000019001c000400000007fd17e5ffff8800040000000000000000", 0x39}], 0x1)
r10 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x2a)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
ioctl$KVM_GET_MP_STATE(r8, 0x8004ae98, &(0x7f0000000000))
ioctl$KVM_X86_SETUP_MCE(r11, 0x4008ae9c, &(0x7f00000000c0)={0x1, 0x5, 0x8d})
socket$vsock_stream(0x28, 0x1, 0x0)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/fs/binfmt_misc/syz2\x00', 0x2, 0x0)

49.133586ms ago: executing program 2 (id=3):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text16={0x10, &(0x7f0000000080)="0f20c06635000000400f22c065673e67f20f35660f001f640fae8e030036640f78080fd3609c0f5bd7660fc77500baf80c66b8a4812d8766efbafc0cb048eeb829000f00d8", 0x45}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES8], 0x0)

26.185607ms ago: executing program 3 (id=4):
setresgid(0xee01, 0xffffffffffffffff, 0xffffffffffffffff)
fstat(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x400, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22,aname=,dont_measure,euid<', @ANYRESDEC=r0, @ANYBLOB="2c73796e632c6f626a5f747970653d2c00059be0a7f237cee8de3e0143ab5466"])
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x14, 0x8, 0x2}, 0x8, 0x7, 0x200, 0x0, 0x0, 0x40, 0x0})
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815"], 0x65) (async)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r2, 0x6, 0x15, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000280), 0x0, 0x0)

0s ago: executing program 1 (id=2):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xb0090199)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./bus\x00', 0x40)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000057c0)='./file0\x00', 0x11)
lsetxattr$system_posix_acl(&(0x7f0000005b80)='./file0\x00', &(0x7f0000005bc0)='system.posix_acl_access\x00', &(0x7f0000005c80)=ANY=[@ANYBLOB="02000000010001000000000002000800", @ANYRES32=0x0, @ANYBLOB="040000000000000010000000000000002000060000000000"], 0x2c, 0x3)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000880)=ANY=[@ANYBLOB="12010000090024206d041cc140000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
umount2(&(0x7f0000000140)='./file1\x00', 0xc)
chmod(&(0x7f0000005e80)='./file0\x00', 0x40)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
getpid()
unshare(0x60400)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000380)={<r1=>0x0})
llistxattr(&(0x7f0000000100)='./bus\x00', &(0x7f0000000bc0)=""/4096, 0x1000)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000240)={r1, 0x1, r0, 0x6})
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x8, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0/file1'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}, {@index_on}]})

kernel console output (not intermixed with test programs):

[   14.407345][   T36] audit: type=1400 audit(1769132699.320:62): avc:  denied  { rlimitinh } for  pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.410443][   T36] audit: type=1400 audit(1769132699.320:63): avc:  denied  { siginh } for  pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.229' (ED25519) to the list of known hosts.
[   21.998763][   T36] audit: type=1400 audit(1769132706.920:64): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   22.002439][  T282] cgroup: Unknown subsys name 'net'
[   22.021916][   T36] audit: type=1400 audit(1769132706.920:65): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.049165][   T36] audit: type=1400 audit(1769132706.950:66): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.050730][  T282] cgroup: Unknown subsys name 'devices'
[   22.211487][  T282] cgroup: Unknown subsys name 'hugetlb'
[   22.217126][  T282] cgroup: Unknown subsys name 'rlimit'
[   22.312402][   T36] audit: type=1400 audit(1769132707.230:67): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.335706][   T36] audit: type=1400 audit(1769132707.230:68): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   22.360552][   T36] audit: type=1400 audit(1769132707.230:69): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.384715][  T284] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   22.393546][   T36] audit: type=1400 audit(1769132707.310:70): avc:  denied  { relabelto } for  pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.419522][   T36] audit: type=1400 audit(1769132707.310:71): avc:  denied  { write } for  pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.449769][   T36] audit: type=1400 audit(1769132707.370:72): avc:  denied  { read } for  pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.475392][   T36] audit: type=1400 audit(1769132707.370:73): avc:  denied  { open } for  pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.476030][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   23.791192][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.798288][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.805442][  T289] bridge_slave_0: entered allmulticast mode
[   23.811938][  T289] bridge_slave_0: entered promiscuous mode
[   23.819877][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.826934][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.834073][  T289] bridge_slave_1: entered allmulticast mode
[   23.840399][  T289] bridge_slave_1: entered promiscuous mode
[   23.899145][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.906229][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.913423][  T290] bridge_slave_0: entered allmulticast mode
[   23.919952][  T290] bridge_slave_0: entered promiscuous mode
[   23.929251][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.936330][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.943536][  T290] bridge_slave_1: entered allmulticast mode
[   23.949956][  T290] bridge_slave_1: entered promiscuous mode
[   23.973400][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.980529][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.987717][  T291] bridge_slave_0: entered allmulticast mode
[   23.994181][  T291] bridge_slave_0: entered promiscuous mode
[   24.011929][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.019018][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.026108][  T291] bridge_slave_1: entered allmulticast mode
[   24.032600][  T291] bridge_slave_1: entered promiscuous mode
[   24.067733][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.074914][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.082159][  T292] bridge_slave_0: entered allmulticast mode
[   24.088568][  T292] bridge_slave_0: entered promiscuous mode
[   24.111114][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.118306][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.125569][  T292] bridge_slave_1: entered allmulticast mode
[   24.131945][  T292] bridge_slave_1: entered promiscuous mode
[   24.223961][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.231088][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.238438][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.245578][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.284489][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.291585][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.298939][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.306108][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.341797][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.348894][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.356182][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.363363][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.377773][   T44] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.385713][   T44] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.393788][   T44] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.401301][   T44] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.409352][   T44] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.416692][   T44] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.430956][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.438041][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.460112][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.467253][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.481368][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.488566][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.498987][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.506064][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.539774][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.546859][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.567658][  T289] veth0_vlan: entered promiscuous mode
[   24.575437][   T44] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.582508][   T44] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.600727][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.607777][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.615358][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.622440][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.655334][  T289] veth1_macvtap: entered promiscuous mode
[   24.672984][  T291] veth0_vlan: entered promiscuous mode
[   24.685561][  T290] veth0_vlan: entered promiscuous mode
[   24.701606][  T291] veth1_macvtap: entered promiscuous mode
[   24.726526][  T292] veth0_vlan: entered promiscuous mode
[   24.733070][  T290] veth1_macvtap: entered promiscuous mode
[   24.742318][  T289] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   24.767896][  T292] veth1_macvtap: entered promiscuous mode
[   24.800149][  T333] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   24.888975][  T341] ------------[ cut here ]------------
[   24.894524][  T341] WARNING: CPU: 1 PID: 341 at mm/page_alloc.c:5234 __alloc_pages_noprof+0x109/0x7e0
[   24.904054][  T341] Modules linked in:
[   24.908029][  T341] CPU: 1 UID: 0 PID: 341 Comm: syz.3.4 Not tainted syzkaller #0 ad62f380a7f2f1545e15d1dbb2af73c398067985
[   24.919384][  T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   24.929569][  T341] RIP: 0010:__alloc_pages_noprof+0x109/0x7e0
[   24.935608][  T341] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d ea a8 0b 06 00 0f 85 c2 00 00 00 c6 05 dd a8 0b 06 01 <0f> 0b 31 c0 e9 b4 00 00 00 83 fb 0a 0f 87 a9 00 00 00 44 8b 64 24
[   24.939868][  T346] futex_wake_op: syz.1.2 tries to shift op by 144; fix this program
[   24.955517][  T341] RSP: 0018:ffffc9000b947520 EFLAGS: 00010246
[   24.970066][  T341] RAX: 0000000000000000 RBX: 0000000000000015 RCX: 0000000000000000
[   24.978428][  T341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000b9475d8
[   24.986444][  T341] RBP: ffffc9000b947660 R08: ffffc9000b9475d7 R09: 0000000000000000
[   24.994519][  T341] R10: ffffc9000b9475c0 R11: fffff52001728ebb R12: ffffc9000b947560
[   25.002607][  T341] R13: dffffc0000000000 R14: 1ffff92001728ea8 R15: 0000000000000000
[   25.010690][  T341] FS:  00007fef297356c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   25.019724][  T341] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.026348][  T341] CR2: 00007fef29714d58 CR3: 000000010e7f0000 CR4: 00000000003526b0
[   25.034465][  T341] Call Trace:
[   25.037779][  T341]  <TASK>
[   25.040837][  T341]  ? vfs_write+0x3c8/0xf90
[   25.045334][  T341]  ? ksys_write+0x145/0x260
[   25.049930][  T341]  ? x64_sys_call+0x271c/0x2ee0
[   25.054824][  T341]  ? __cfi___alloc_pages_noprof+0x10/0x10
[   25.060652][  T341]  ? hashtab_init+0xdb/0x1f0
[   25.065299][  T341]  ___kmalloc_large_node+0x81/0x210
[   25.070621][  T341]  ? hashtab_init+0xdb/0x1f0
[   25.075275][  T341]  __kmalloc_large_node_noprof+0x1e/0xd0
[   25.081104][  T341]  ? hashtab_init+0xdb/0x1f0
[   25.085835][  T341]  __kmalloc_noprof+0x326/0x500
[   25.090907][  T341]  ? kasan_save_alloc_info+0x40/0x50
[   25.096284][  T341]  hashtab_init+0xdb/0x1f0
[   25.100877][  T341]  ? class_read+0x17f/0x8c0
[   25.105424][  T341]  symtab_init+0x44/0x70
[   25.109839][  T341]  class_read+0x20e/0x8c0
[   25.114218][  T341]  ? __kasan_kmalloc+0x96/0xb0
[   25.119110][  T341]  ? hashtab_init+0xdb/0x1f0
[   25.123753][  T341]  ? __cfi_class_read+0x10/0x10
[   25.128751][  T341]  ? hashtab_init+0x105/0x1f0
[   25.133484][  T341]  policydb_read+0xab8/0x28b0
[   25.138254][  T341]  ? __kasan_kmalloc+0x96/0xb0
[   25.143147][  T341]  ? __cfi_policydb_read+0x10/0x10
[   25.148292][  T341]  ? security_load_policy+0x130/0x12d0
[   25.153884][  T341]  security_load_policy+0x16a/0x12d0
[   25.159287][  T341]  ? avc_has_perm_noaudit+0x220/0x360
[   25.164705][  T341]  ? _raw_spin_unlock+0x45/0x60
[   25.169671][  T341]  ? __check_object_size+0x527/0x830
[   25.175080][  T341]  ? __cfi_security_load_policy+0x10/0x10
[   25.180872][  T341]  ? __kasan_check_write+0x18/0x20
[   25.186048][  T341]  sel_write_load+0x2a7/0x5f0
[   25.190902][  T341]  ? __cfi_sel_write_load+0x10/0x10
[   25.196229][  T341]  ? bpf_lsm_file_permission+0xd/0x20
[   25.201704][  T341]  ? __cfi_sel_write_load+0x10/0x10
[   25.206937][  T341]  vfs_write+0x3c8/0xf90
[   25.211458][  T341]  ? __cfi_vfs_write+0x10/0x10
[   25.216278][  T341]  ? __kasan_check_write+0x18/0x20
[   25.218037][    T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   25.221622][  T341]  ? mutex_lock+0x97/0x1d0
[   25.233390][  T341]  ? __cfi_mutex_lock+0x10/0x10
[   25.238416][  T341]  ? __fget_files+0x2c5/0x340
[   25.243142][  T341]  ksys_write+0x145/0x260
[   25.247510][  T341]  ? xfd_validate_state+0x68/0x140
[   25.249076][  T336] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   25.252956][  T341]  ? __cfi_ksys_write+0x10/0x10
[   25.265065][  T341]  ? __kasan_check_write+0x18/0x20
[   25.270322][  T341]  ? fpregs_restore_userregs+0x11c/0x260
[   25.276007][  T341]  __x64_sys_write+0x7f/0x90
[   25.280774][  T341]  x64_sys_call+0x271c/0x2ee0
[   25.285477][  T341]  do_syscall_64+0x57/0xf0
[   25.289980][  T341]  ? clear_bhb_loop+0x50/0xa0
[   25.294686][  T341]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   25.300645][  T341] RIP: 0033:0x7fef2879acb9
[   25.305095][  T341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   25.325343][  T341] RSP: 002b:00007fef29735028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   25.333847][  T341] RAX: ffffffffffffffda RBX: 00007fef28a15fa0 RCX: 00007fef2879acb9
[   25.341917][  T341] RDX: 0000000000000065 RSI: 0000200000000280 RDI: 0000000000000003
[   25.350072][  T341] RBP: 00007fef28808bf7 R08: 0000000000000000 R09: 0000000000000000
[   25.358087][  T341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   25.366144][  T341] R13: 00007fef28a16038 R14: 00007fef28a15fa0 R15: 00007ffdeb240e28
[   25.374206][  T341]  </TASK>
[   25.377249][  T341] ---[ end trace 0000000000000000 ]---
[   25.383211][  T341] SELinux: failed to load policy
[   25.408703][  T331] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   25.417980][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[   25.426490][    T9] usb 1-1: not running at top speed; connect to a high speed hub
[   25.435569][  T336] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[   25.446834][  T336] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[   25.456792][  T336] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   25.466567][    T9] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x82 has invalid maxpacket 512, setting to 64
[   25.477503][  T336] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   25.485579][    T9] usb 1-1: config 1 interface 0 has no altsetting 0
[   25.498282][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   25.507480][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   25.516139][    T9] usb 1-1: SerialNumber: syz
[   25.525954][  T333] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   25.568391][  T331] usb 2-1: Using ep0 maxpacket: 32
[   25.574621][  T331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   25.585678][  T331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   25.595609][  T331] usb 2-1: New USB device found, idVendor=046d, idProduct=c11c, bcdDevice= 0.40
[   25.605446][  T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   25.614365][  T331] usb 2-1: config 0 descriptor??
[   25.620615][  T331] hub 2-1:0.0: USB hub found
[   25.695563][  T336] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[   25.704180][  T336] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input4
[   25.717364][  T336] usb 3-1: USB disconnect, device number 2
[   25.740775][  T333] netlink: 'syz.0.1': attribute type 28 has an invalid length.
[   25.759675][    T9] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[   25.775028][    T9] usb 1-1: USB disconnect, device number 2
[   25.782208][    T9] usblp0: removed
[   25.923855][  T347] overlayfs: failed to resolve './file0/file1': -2
[   27.934263][   T36] kauditd_printk_skb: 35 callbacks suppressed
[   27.934281][   T36] audit: type=1326 audit(1769132712.850:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=345 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b73d9acb9 code=0x7fc00000
[   27.966880][  T331] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[   27.988760][  T331] usb 2-1: USB disconnect, device number 2