program:
r0 = syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x800800, &(0x7f00000000c0)=ANY=[], 0x1, 0x1ca, &(0x7f00000024c0)="$eJzKKC4sZmdgYPj7sSaZQYCBgYGFgYGRgYfhAgMjiMmgzsgAAUwQaj2U/wJKz4RKs0HpZqj4fyiouKW9bg0zw5mTnrpay2SZGVo9teXBYqf8wGJyy3uM3CQXszMwM4Qe5WdgqKzKTszJST3BsJChgpOBgeH0CQaW6+xQw+U5HJI0HXSYjvh4ZM1oLOGcJKUpxsaWqXD2zAf5dWwaRxgerWDeWOeZ11hXmDo1Ly0vqSqrKmseA9PGmY2djY0rJ9ZFpfmtYmxJcdnU1MnI5LBFTWAzs6H6JBvtCe/aVz1McmDt8fBrPmWs9DqV+ZLxwiKpUyuqZk74ojSb0fA7wx2eshUSGhpOElckLBpMGI7U2Ta4MlTcYmVgYEhTCGNMUmMTa9tyZk4IMz/bf6hzj3IsnSlhcUCo6uRPS823DoluM7Y9dWA7w3P4OM+agj5Bo+MSDE4LBZmhqhnKNNYyLbVd8KVI46+E12pjpwwGd3umZbAAZWkAkSuhPFmGilvJCQnJKzx0NDWNUpITGjYpJCS5FRgqM2zdw7laoIEBEW0gJzJsh2qERec1GGMUjIJRMApGwSgYBaNgFIyCUTAKRsGIAIAAAAD//5Z8j6Q=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="050000000000000071119000000000008510000002000000850000000000000095000000000000009500a50500000000cf8476c752cb1eb36d98a4c08bc316a0b9751f1e530dbcbd29c6b4b4e24213d6c50bd3db7dfd8b539f1cb1e2cb88816b98477f09d941c39f871360d3e9a9e1fd36f0c9aab4fc170c051e01f6764b20cee1771265a24695c1165f5fd44aee1b5223755a9a91db6d7faf18411907e761400171935c3dbad2afd60893678e692d2e782c283fb290f6fa73770a5c60cc6f30c84a534dbc000009a4"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './bus', [], 0xa, "31dc30da18d856c2085fc6737f068b05979e9bcbd483342e64e507c700000000000000009d0cc1a146f45647c96b9c221700570cd6da6f67bdcff3f70ecccf478ff4d8502d49aebcfe2a853d3d6ae79cadd4df04add701ae0b5ed480c3fc2fae10f3095fbc69d2c0e1edecad0dbad0c9781d1ece222c9bea"}, 0x81)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x9, [@struct={0x8, 0x0, 0x0, 0xf, 0x0, 0xfffffffe}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x2d, 0x0, 0x6}, 0x20)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x4, 0x1, 0x301, 0x0, 0x0, {0x5, 0x0, 0x3}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4008080}, 0x4044)
close(r0)
ioctl$SNDCTL_SEQ_RESET(r1, 0x5100)

[   79.212027][ T4534] Bluetooth: hci0: command tx timeout
[   80.319024][ T5114] loop0: detected capacity change from 0 to 8
[   80.342237][ T5114] squashfs image failed sanity check
[   80.381867][ T5114] ==================================================================
[   80.384754][ T5114] BUG: KASAN: slab-out-of-bounds in btf_datasec_check_meta+0x2c9/0x9a0
[   80.387253][ T5114] Read of size 1 at addr ffff88803c9f79ad by task syz.0.0/5114
[   80.389512][ T5114] 
[   80.390356][ T5114] CPU: 0 UID: 0 PID: 5114 Comm: syz.0.0 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[   80.393910][ T5114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.397310][ T5114] Call Trace:
[   80.398457][ T5114]  <TASK>
[   80.399387][ T5114]  dump_stack_lvl+0x241/0x360
[   80.401179][ T5114]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.403128][ T5114]  ? __pfx__printk+0x10/0x10
[   80.404647][ T5114]  ? _printk+0xd5/0x120
[   80.405983][ T5114]  ? __virt_addr_valid+0x183/0x530
[   80.407777][ T5114]  ? __virt_addr_valid+0x183/0x530
[   80.409637][ T5114]  print_report+0x169/0x550
[   80.411216][ T5114]  ? __virt_addr_valid+0x183/0x530
[   80.412932][ T5114]  ? __virt_addr_valid+0x183/0x530
[   80.414597][ T5114]  ? __virt_addr_valid+0x45f/0x530
[   80.416372][ T5114]  ? __phys_addr+0xba/0x170
[   80.418072][ T5114]  ? btf_datasec_check_meta+0x2c9/0x9a0
[   80.420042][ T5114]  kasan_report+0x143/0x180
[   80.421684][ T5114]  ? btf_datasec_check_meta+0x2c9/0x9a0
[   80.423543][ T5114]  btf_datasec_check_meta+0x2c9/0x9a0
[   80.425334][ T5114]  btf_parse_type_sec+0x4d5/0x2620
[   80.427008][ T5114]  ? bpf_verifier_vlog+0x1c9/0x860
[   80.428850][ T5114]  ? btf_check_sec_info+0x379/0x4f0
[   80.430658][ T5114]  ? __pfx_btf_parse_type_sec+0x10/0x10
[   80.432604][ T5114]  ? btf_parse_str_sec+0x21f/0x2b0
[   80.434446][ T5114]  btf_new_fd+0x43f/0xd30
[   80.435959][ T5114]  ? __pfx_btf_new_fd+0x10/0x10
[   80.437598][ T5114]  ? bpf_btf_load+0xcf/0x1a0
[   80.439264][ T5114]  __sys_bpf+0x6ef/0x810
[   80.440899][ T5114]  ? __pfx___sys_bpf+0x10/0x10
[   80.442817][ T5114]  ? __rseq_handle_notify_resume+0x353/0x14e0
[   80.445169][ T5114]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   80.447426][ T5114]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   80.449672][ T5114]  ? do_syscall_64+0x100/0x230
[   80.451304][ T5114]  __x64_sys_bpf+0x7c/0x90
[   80.452968][ T5114]  do_syscall_64+0xf3/0x230
[   80.454547][ T5114]  ? clear_bhb_loop+0x35/0x90
[   80.456160][ T5114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.458192][ T5114] RIP: 0033:0x7f84f3f79eb9
[   80.459695][ T5114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.466252][ T5114] RSP: 002b:00007f84f4e31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   80.469165][ T5114] RAX: ffffffffffffffda RBX: 00007f84f4115f80 RCX: 00007f84f3f79eb9
[   80.471948][ T5114] RDX: 0000000000000020 RSI: 0000000020000400 RDI: 0000000000000012
[   80.474584][ T5114] RBP: 00007f84f3fe793e R08: 0000000000000000 R09: 0000000000000000
[   80.477320][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   80.480126][ T5114] R13: 0000000000000000 R14: 00007f84f4115f80 R15: 00007ffc6a1e4b28
[   80.483003][ T5114]  </TASK>
[   80.484132][ T5114] 
[   80.485067][ T5114] Allocated by task 5114:
[   80.486621][ T5114]  kasan_save_track+0x3f/0x80
[   80.488329][ T5114]  __kasan_kmalloc+0x98/0xb0
[   80.490002][ T5114]  __kmalloc_node_noprof+0x22a/0x440
[   80.491894][ T5114]  __kvmalloc_node_noprof+0x72/0x190
[   80.493784][ T5114]  btf_new_fd+0x265/0xd30
[   80.495381][ T5114]  __sys_bpf+0x6ef/0x810
[   80.496955][ T5114]  __x64_sys_bpf+0x7c/0x90
[   80.498499][ T5114]  do_syscall_64+0xf3/0x230
[   80.499960][ T5114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.502139][ T5114] 
[   80.503046][ T5114] The buggy address belongs to the object at ffff88803c9f7980
[   80.503046][ T5114]  which belongs to the cache kmalloc-64 of size 64
[   80.507925][ T5114] The buggy address is located 0 bytes to the right of
[   80.507925][ T5114]  allocated 45-byte region [ffff88803c9f7980, ffff88803c9f79ad)
[   80.512949][ T5114] 
[   80.513820][ T5114] The buggy address belongs to the physical page:
[   80.516004][ T5114] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3c9f7
[   80.519127][ T5114] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   80.521829][ T5114] page_type: 0xfdffffff(slab)
[   80.523536][ T5114] raw: 04fff00000000000 ffff88801ac418c0 ffffea0000eedbc0 0000000000000002
[   80.526608][ T5114] raw: 0000000000000000 0000000080200020 00000001fdffffff 0000000000000000
[   80.529392][ T5114] page dumped because: kasan: bad access detected
[   80.531759][ T5114] page_owner tracks the page as allocated
[   80.533828][ T5114] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5098, tgid 5098 (syz-executor), ts 76190154777, free_ts 76182302489
[   80.541048][ T5114]  post_alloc_hook+0x1f3/0x230
[   80.542869][ T5114]  get_page_from_freelist+0x2e4c/0x2f10
[   80.544883][ T5114]  __alloc_pages_noprof+0x256/0x6c0
[   80.546838][ T5114]  alloc_slab_page+0x5f/0x120
[   80.548616][ T5114]  allocate_slab+0x5a/0x2f0
[   80.550375][ T5114]  ___slab_alloc+0xcd1/0x14b0
[   80.552159][ T5114]  __slab_alloc+0x58/0xa0
[   80.553809][ T5114]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   80.555841][ T5114]  ipv6_add_dev+0x510/0x1220
[   80.557502][ T5114]  addrconf_notify+0x6a7/0x1020
[   80.559222][ T5114]  notifier_call_chain+0x19f/0x3e0
[   80.561032][ T5114]  register_netdevice+0x167f/0x1b00
[   80.562839][ T5114]  ipcaif_newlink+0x1f0/0x4d0
[   80.564527][ T5114]  rtnl_newlink+0x1591/0x20a0
[   80.566178][ T5114]  rtnetlink_rcv_msg+0x73f/0xcf0
[   80.567923][ T5114]  netlink_rcv_skb+0x1e3/0x430
[   80.569597][ T5114] page last free pid 5103 tgid 5103 stack trace:
[   80.571872][ T5114]  free_unref_folios+0x103a/0x1b00
[   80.573518][ T5114]  folios_put_refs+0x76e/0x860
[   80.575218][ T5114]  free_pages_and_swap_cache+0x2ea/0x690
[   80.577194][ T5114]  tlb_flush_mmu+0x3a3/0x680
[   80.578819][ T5114]  tlb_finish_mmu+0xd4/0x200
[   80.580457][ T5114]  exit_mmap+0x44f/0xc80
[   80.581932][ T5114]  __mmput+0x115/0x390
[   80.583377][ T5114]  exit_mm+0x220/0x310
[   80.584838][ T5114]  do_exit+0x9b2/0x27f0
[   80.586323][ T5114]  do_group_exit+0x207/0x2c0
[   80.587943][ T5114]  __x64_sys_exit_group+0x3f/0x40
[   80.589748][ T5114]  x64_sys_call+0x2634/0x2640
[   80.591626][ T5114]  do_syscall_64+0xf3/0x230
[   80.593441][ T5114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.595784][ T5114] 
[   80.596768][ T5114] Memory state around the buggy address:
[   80.599024][ T5114]  ffff88803c9f7880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   80.602150][ T5114]  ffff88803c9f7900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   80.605231][ T5114] >ffff88803c9f7980: 00 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc
[   80.608321][ T5114]                                   ^
[   80.610375][ T5114]  ffff88803c9f7a00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   80.613383][ T5114]  ffff88803c9f7a80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   80.616182][ T5114] ==================================================================
[   80.885531][ T5114] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   80.888475][ T5114] CPU: 0 UID: 0 PID: 5114 Comm: syz.0.0 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[   80.892503][ T5114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.896614][ T5114] Call Trace:
[   80.897913][ T5114]  <TASK>
[   80.899026][ T5114]  dump_stack_lvl+0x241/0x360
[   80.900863][ T5114]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.902858][ T5114]  ? __pfx__printk+0x10/0x10
[   80.904766][ T5114]  ? preempt_schedule+0xe1/0xf0
[   80.906525][ T5114]  ? vscnprintf+0x5d/0x90
[   80.908256][ T5114]  panic+0x349/0x860
[   80.909797][ T5114]  ? check_panic_on_warn+0x21/0xb0
[   80.911742][ T5114]  ? __pfx_panic+0x10/0x10
[   80.913629][ T5114]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   80.916009][ T5114]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   80.918425][ T5114]  ? print_report+0x502/0x550
[   80.920231][ T5114]  check_panic_on_warn+0x86/0xb0
[   80.922072][ T5114]  ? btf_datasec_check_meta+0x2c9/0x9a0
[   80.924102][ T5114]  end_report+0x77/0x160
[   80.925655][ T5114]  kasan_report+0x154/0x180
[   80.927379][ T5114]  ? btf_datasec_check_meta+0x2c9/0x9a0
[   80.929609][ T5114]  btf_datasec_check_meta+0x2c9/0x9a0
[   80.931604][ T5114]  btf_parse_type_sec+0x4d5/0x2620
[   80.933527][ T5114]  ? bpf_verifier_vlog+0x1c9/0x860
[   80.935544][ T5114]  ? btf_check_sec_info+0x379/0x4f0
[   80.937435][ T5114]  ? __pfx_btf_parse_type_sec+0x10/0x10
[   80.939474][ T5114]  ? btf_parse_str_sec+0x21f/0x2b0
[   80.941521][ T5114]  btf_new_fd+0x43f/0xd30
[   80.943205][ T5114]  ? __pfx_btf_new_fd+0x10/0x10
[   80.945042][ T5114]  ? bpf_btf_load+0xcf/0x1a0
[   80.946877][ T5114]  __sys_bpf+0x6ef/0x810
[   80.948420][ T5114]  ? __pfx___sys_bpf+0x10/0x10
[   80.950074][ T5114]  ? __rseq_handle_notify_resume+0x353/0x14e0
[   80.952764][ T5114]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   80.955307][ T5114]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   80.957895][ T5114]  ? do_syscall_64+0x100/0x230
[   80.959978][ T5114]  __x64_sys_bpf+0x7c/0x90
[   80.961932][ T5114]  do_syscall_64+0xf3/0x230
[   80.963926][ T5114]  ? clear_bhb_loop+0x35/0x90
[   80.965876][ T5114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.968091][ T5114] RIP: 0033:0x7f84f3f79eb9
[   80.969669][ T5114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.976947][ T5114] RSP: 002b:00007f84f4e31038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   80.980395][ T5114] RAX: ffffffffffffffda RBX: 00007f84f4115f80 RCX: 00007f84f3f79eb9
[   80.983632][ T5114] RDX: 0000000000000020 RSI: 0000000020000400 RDI: 0000000000000012
[   80.986618][ T5114] RBP: 00007f84f3fe793e R08: 0000000000000000 R09: 0000000000000000
[   80.989829][ T5114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   80.992965][ T5114] R13: 0000000000000000 R14: 00007f84f4115f80 R15: 00007ffc6a1e4b28
[   80.996199][ T5114]  </TASK>
[   80.998000][ T5114] Kernel Offset: disabled
[   80.999829][ T5114] Rebooting in 86400 seconds..