program:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000740), 0x1, 0x2000)
r1 = memfd_create(&(0x7f0000000000)='\xff\x00l\x1e\xa0</\x00\x8e._\x14zC\x9a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-\xe2\xc7\xd3\xe6M^\x98\x85x\x14\t\xe9Q1\x1dK\x9a\x045\xd3\x17\xb22\x00D(\xd2\xdd\xa0\xff\x1f\x00\x00\n\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xe36g\xfd\xd2\xd4\xe3\x1f\xa6\xc6\xe2\xa6!\x9aE<2`]<\xf2R?8\xb8\xa3\xbf\xc3\x18s\xf7!~0\xc7y\xe2\xb2VP\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yxm\x96\xbfS\x97\x9c/\x1f5i\xc6\x861\x8a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd26<Z|U6\r\xd7\x18\xad\x1d`\x06\xcfN\a\xf9\xd7 \x1a\xd8\xef\xb6\x9e8Z\t:#r\xa2\xb1h\xc0\xc0a\xa9\xc46A\x01\xac\xe6\xbf !5I\xc9<\x19{)\xa4\xad\v\x923\b\x9d\xbd>,\xc1\x8d\\Rxt\'\xb6\xbf\xc8*\n\xaf\x1b\xec\xfd\xbbY\x99\xb3\x06c\xd6\xf6\xb0\xcd=\xf3\x03`\x93\xff\x05e\xaa$\x00\xeaw\xd9\x10\x0f\x1d\x888\x8cS\x12?R\x99\xda7\xce)\x8f\xcc\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd32J\xd7\x9f\xea:=\xcc\x17(|L\xda\xc3\x1ca\xe8s\xb6\xebw\xc7\xabS\xd7pJ\xd2\xa1\xcf\xae\x1f2\x9f\x98\xa80\r\x85\xb4\x86\xbc\xd0\xea\xbf\xb1Z\xb7e$\xcf<\ra\x9b\xa5\xdc\v\x1e\xfd\xc7\x91\xf22\xcf\x96\x99\xc1\xbb\xa1j\xe5\xa8\x7f\a\xa9\xa7G\xad\xa3\x8b\xf1\xdb\\]R\x8cf\xac1\xd7V\xaf\xb5\x8e\x10\x95\x9f=2\xd0-\xe1K:\xc3b\x89\x15OS\xa5\x98Ky\x12\xe7Qt#\xeb\x99\a\x10\x1c\xb3N\x85\xeb\x80\x05\x82_\x15\xdc\xbc\xf93\xdd\xf5g\x98\xd4\x8az\xe4`\xa5\x00\x00\x00\x00\xcd\x13\xfc+\xac\xe5\x8bI\f\xd6\x89\xc7HY\xcf\x00O\x88\xe6\x8b\x8bF/\x82u\xffCnG\x02\x82\xfc\xe9Od\x92\x06\xdeg@y\xa6=4\xb1}\xa8Yr\xad9\xb9b)\xec}\x87=\x91:IV\xab\xdf\xa2\xba+6D\x1fuf\xdeJYw$L\xa1\x83NH\xe3\xf2\x91\x8cW\xb7\b\x04\x12\x8b\x8bV\x19\xf1\r\xcb\x94\xa3\xf4\xe4\x97$\x99c\rG\xd7#\xe2\xfd\x80\xadR\x83\xdc\xb8d\x15|\xac\xb8g$\x0f@\xca3\x9f\xb1\xea\xc6vQ\x1b\xdb#\xa3\"\x9f\x9e\xd8\xba\x13d\x9bx\x9a\xbf\xee\xf2kQ\xe0\xc4/~7\xcd\xd1\x06\xe5\x17\x9b\bW|\xbc\x86D\x05\xaf<\xdfy,I2f\xa7G\xe3Qp<\'6 x\n\x94f\xf8\xa2\xea\xf4\xa5\x9eY\xf80C\x91\x7f\x16u\x8c(Xl\x90\xd2\x9f\xa9\xb9kJy[\x93\xfe{\xe5\x1a\xe9\xb7T\x19;\xb9\t\xe7\x0ei\xfaZ\xfbS:\x9b\xc1r\xcbM.\xf8\xb8wR\xb3p~b\xcb\v1-\a-\x8a#\xaa1\xa9\x9a\x88\a\xc5\xb9*\xd3?\xac\n\x9c\xcd\xe2\xc9\xbd\xeb\xb3\xf65\xbdaP\t\xd6\x06\x1c\xeeNg\x92>\x92>\xaf\b3\x05\xfdM\xd2F\v\xbd\xeb\x83 \x9d\x90S\x11w\xefg\\\xca\xe2\xfc~w\xbe\xefh#\x96\xa5h\xec\xbfr\xc8Bi\x90\"(\xf2\xc6\xcc\xfbX\x14{\x9e5\x87\x91\xe2\x9b\xd4\xc6\xc2whk+\x0f\x82\xca\xc1@\xcb~P\xe4\x18\xf9E\'\xab\xc7z\xd7\x05V{\xa1X\xa3\x10\x13.]tlz\x12\xde\xf2\xa43\xee#\x92J~\xda \x9b\xc4\xc0V\xb3\x9dCO\x1fu\x1c4\x1d\v}\x1b\xe5>w\xfbsm\xa3\fI|\x96-p\x86\xd3O\xfa\x9a\x8f\xb2\x8e\x88qGEG', 0x6)
fcntl$addseals(r1, 0x409, 0xe)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x4d091, r1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r5, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4}}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='i2c_read\x00', r3, 0x0, 0x1}, 0x18)
r6 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYRES32=r4], 0x0)
syz_usb_ep_write$ath9k_ep2(r6, 0x83, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="bcea"])
r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSFF(r7, 0x40304580, &(0x7f0000000280)={0x51, 0x7, 0x0, {0x0, 0x2}, {}, @period={0x59, 0x0, 0xfffc, 0x3, 0x0, {0x0, 0x7, 0x0, 0x7fff}, 0x0, 0x0}})
r8 = userfaultfd(0x801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
r9 = syz_open_dev$tty20(0xc, 0x4, 0x0)
getsockname$tipc(0xffffffffffffffff, &(0x7f0000000c40)=@name, &(0x7f0000000c80)=0x10)
close_range(r9, r2, 0x0)

[   70.999063][ T5304] Bluetooth: hci0: command tx timeout
[   71.371681][    T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   71.502132][    T8] usb 5-1: device descriptor read/64, error -71
[   71.741460][    T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   71.881614][    T8] usb 5-1: device descriptor read/64, error -71
[   71.993614][    T8] usb usb5-port1: attempt power cycle
[   72.331447][    T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   72.357984][    T8] usb 5-1: device descriptor read/8, error -71
[   72.568950][ T5317] ==================================================================
[   72.572938][ T5317] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x340/0x3a0
[   72.576371][ T5317] Write of size 4064 at addr ffffc9000d309020 by task syz.0.0/5317
[   72.579337][ T5317] 
[   72.580241][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[   72.583157][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.586173][ T5317] Call Trace:
[   72.587290][ T5317]  <TASK>
[   72.588297][ T5317]  dump_stack_lvl+0x241/0x360
[   72.590155][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.592188][ T5317]  ? __pfx__printk+0x10/0x10
[   72.593963][ T5317]  ? _printk+0xd5/0x120
[   72.595562][ T5317]  print_report+0x169/0x550
[   72.597709][ T5317]  ? __virt_addr_valid+0xbd/0x530
[   72.599682][ T5317]  ? vrealloc_noprof+0x340/0x3a0
[   72.601804][ T5317]  kasan_report+0x143/0x180
[   72.603913][ T5317]  ? vrealloc_noprof+0x340/0x3a0
[   72.605943][ T5317]  kasan_check_range+0x282/0x290
[   72.607782][ T5317]  __asan_memset+0x23/0x50
[   72.609531][ T5317]  vrealloc_noprof+0x340/0x3a0
[   72.611389][ T5317]  push_insn_history+0x16c/0x6a0
[   72.613075][ T5317]  do_check+0x692f/0xfcd0
[   72.614667][ T5317]  ? __pfx_do_check+0x10/0x10
[   72.616392][ T5317]  ? mark_reg_not_init+0xd4/0x4b0
[   72.618194][ T5317]  ? __asan_memcpy+0x40/0x70
[   72.619953][ T5317]  ? mark_reg_not_init+0xd4/0x4b0
[   72.621946][ T5317]  do_check_common+0x1564/0x2010
[   72.623769][ T5317]  bpf_check+0x19380/0x1f1b0
[   72.625322][ T5317]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   72.627637][ T5317]  ? validate_chain+0x11e/0x5920
[   72.629205][ T5317]  ? page_ext_get+0x20/0x2a0
[   72.630949][ T5317]  ? post_alloc_hook+0x206/0x230
[   72.632897][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   72.634961][ T5317]  ? validate_chain+0x11e/0x5920
[   72.636503][ T5317]  ? validate_chain+0x11e/0x5920
[   72.638820][ T5317]  ? mark_lock+0x9a/0x360
[   72.640624][ T5317]  ? __pfx___might_resched+0x10/0x10
[   72.642303][ T5317]  ? validate_chain+0x11e/0x5920
[   72.644236][ T5317]  ? validate_chain+0x11e/0x5920
[   72.645724][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   72.647757][ T5317]  ? validate_chain+0x11e/0x5920
[   72.649562][ T5317]  ? validate_chain+0x11e/0x5920
[   72.651139][ T5317]  ? validate_chain+0x11e/0x5920
[   72.652829][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   72.654531][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   72.656255][ T5317]  ? __pfx_bpf_check+0x10/0x10
[   72.657813][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   72.659584][ T5317]  ? mark_lock+0x9a/0x360
[   72.661205][ T5317]  ? mark_lock+0x9a/0x360
[   72.662700][ T5317]  ? __lock_acquire+0x1397/0x2100
[   72.664477][ T5317]  ? mark_lock+0x9a/0x360
[   72.666078][ T5317]  ? __lock_acquire+0x1397/0x2100
[   72.667987][ T5317]  ? __pfx_lock_acquire+0x10/0x10
[   72.669752][ T5317]  ? ktime_get_with_offset+0x8c/0x290
[   72.671602][ T5317]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.673730][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.675970][ T5317]  ? ktime_get_with_offset+0x8c/0x290
[   72.678074][ T5317]  ? seqcount_lockdep_reader_access+0x157/0x220
[   72.680476][ T5317]  ? lockdep_hardirqs_on+0x99/0x150
[   72.682428][ T5317]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   72.684790][ T5317]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   72.687155][ T5317]  ? _raw_spin_unlock+0x28/0x50
[   72.688911][ T5317]  ? __asan_memset+0x23/0x50
[   72.690738][ T5317]  ? bpf_obj_name_cpy+0x18a/0x1d0
[   72.692717][ T5317]  bpf_prog_load+0x1667/0x20f0
[   72.694565][ T5317]  ? __pfx_bpf_prog_load+0x10/0x10
[   72.696469][ T5317]  ? __pfx___might_resched+0x10/0x10
[   72.698502][ T5317]  ? __might_fault+0xc6/0x120
[   72.700341][ T5317]  __sys_bpf+0x4ee/0x810
[   72.702000][ T5317]  ? __pfx___sys_bpf+0x10/0x10
[   72.703826][ T5317]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[   72.706138][ T5317]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   72.708132][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   72.710502][ T5317]  ? do_syscall_64+0x100/0x230
[   72.712256][ T5317]  __x64_sys_bpf+0x7c/0x90
[   72.713835][ T5317]  do_syscall_64+0xf3/0x230
[   72.715492][ T5317]  ? clear_bhb_loop+0x35/0x90
[   72.717080][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.719239][ T5317] RIP: 0033:0x7f4af737ff19
[   72.720947][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.728203][ T5317] RSP: 002b:00007f4af81de058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   72.731014][ T5317] RAX: ffffffffffffffda RBX: 00007f4af7545fa0 RCX: 00007f4af737ff19
[   72.733428][ T5317] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005
[   72.736540][ T5317] RBP: 00007f4af73f3986 R08: 0000000000000000 R09: 0000000000000000
[   72.739599][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   72.742194][ T5317] R13: 0000000000000000 R14: 00007f4af7545fa0 R15: 00007ffcf78fbac8
[   72.744789][ T5317]  </TASK>
[   72.745947][ T5317] 
[   72.746837][ T5317] The buggy address belongs to the virtual mapping at
[   72.746837][ T5317]  [ffffc9000d2e9000, ffffc9000d30b000) created by:
[   72.746837][ T5317]  kvrealloc_noprof+0xc7/0x120
[   72.753328][ T5317] 
[   72.754279][ T5317] The buggy address belongs to the physical page:
[   72.756710][ T5317] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x52297
[   72.759968][ T5317] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   72.762510][ T5317] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   72.765702][ T5317] raw: 0000000000000002 0000000000000000 00000001ffffffff 0000000000000000
[   72.768916][ T5317] page dumped because: kasan: bad access detected
[   72.771237][ T5317] page_owner tracks the page as allocated
[   72.773305][ T5317] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5317, tgid 5316 (syz.0.0), ts 72568794714, free_ts 72187778515
[   72.779273][ T5317]  post_alloc_hook+0x1f3/0x230
[   72.781136][ T5317]  get_page_from_freelist+0x365c/0x37a0
[   72.783332][ T5317]  __alloc_pages_slowpath+0x414/0x1020
[   72.785068][ T5317]  __alloc_pages_noprof+0x49b/0x710
[   72.786990][ T5317]  alloc_pages_mpol_noprof+0x3e8/0x680
[   72.789051][ T5317]  __vmalloc_node_range_noprof+0x9c9/0x1380
[   72.791280][ T5317]  __kvmalloc_node_noprof+0x142/0x190
[   72.793213][ T5317]  kvrealloc_noprof+0xc7/0x120
[   72.795039][ T5317]  push_insn_history+0x16c/0x6a0
[   72.796842][ T5317]  do_check+0x692f/0xfcd0
[   72.798403][ T5317]  do_check_common+0x1564/0x2010
[   72.800189][ T5317]  bpf_check+0x19380/0x1f1b0
[   72.801622][ T5317]  bpf_prog_load+0x1667/0x20f0
[   72.803168][ T5317]  __sys_bpf+0x4ee/0x810
[   72.804779][ T5317]  __x64_sys_bpf+0x7c/0x90
[   72.806455][ T5317]  do_syscall_64+0xf3/0x230
[   72.808186][ T5317] page last free pid 5320 tgid 5320 stack trace:
[   72.810534][ T5317]  free_unref_page+0xdef/0x1130
[   72.812284][ T5317]  __put_partials+0xeb/0x130
[   72.813913][ T5317]  put_cpu_partial+0x17c/0x250
[   72.815521][ T5317]  __slab_free+0x2ea/0x3d0
[   72.817019][ T5317]  qlist_free_all+0x9a/0x140
[   72.818719][ T5317]  kasan_quarantine_reduce+0x14f/0x170
[   72.820639][ T5317]  __kasan_slab_alloc+0x23/0x80
[   72.822502][ T5317]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   72.824614][ T5317]  __alloc_skb+0x1c3/0x440
[   72.826303][ T5317]  alloc_skb_with_frags+0xc3/0x820
[   72.828173][ T5317]  sock_alloc_send_pskb+0x91a/0xa60
[   72.830059][ T5317]  mld_newpack+0x1c3/0xaf0
[   72.831678][ T5317]  add_grec+0x1492/0x19a0
[   72.833291][ T5317]  mld_send_initial_cr+0x228/0x4b0
[   72.835282][ T5317]  mld_dad_work+0x44/0x500
[   72.836973][ T5317]  process_scheduled_works+0xa66/0x1840
[   72.838947][ T5317] 
[   72.839835][ T5317] Memory state around the buggy address:
[   72.841820][ T5317]  ffffc9000d308f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.844772][ T5317]  ffffc9000d308f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.847382][ T5317] >ffffc9000d309000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   72.850414][ T5317]                                ^
[   72.852305][ T5317]  ffffc9000d309080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   72.855244][ T5317]  ffffc9000d309100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   72.858244][ T5317] ==================================================================
[   72.988854][    T8] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   73.001715][ T5317] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   73.004476][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[   73.008179][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.012305][ T5317] Call Trace:
[   73.013643][ T5317]  <TASK>
[   73.014752][ T5317]  dump_stack_lvl+0x241/0x360
[   73.016572][ T5317]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.018515][ T5317]  ? __pfx__printk+0x10/0x10
[   73.020253][ T5317]  ? preempt_schedule+0xe1/0xf0
[   73.022056][ T5317]  ? vscnprintf+0x5d/0x90
[   73.023709][ T5317]  panic+0x349/0x880
[   73.025289][ T5317]  ? check_panic_on_warn+0x21/0xb0
[   73.027151][ T5317]  ? __pfx_panic+0x10/0x10
[   73.028880][ T5317]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   73.031146][ T5317]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   73.033557][ T5317]  ? print_report+0x502/0x550
[   73.035313][ T5317]  check_panic_on_warn+0x86/0xb0
[   73.036964][ T5317]  ? vrealloc_noprof+0x340/0x3a0
[   73.038760][ T5317]  end_report+0x77/0x160
[   73.040383][ T5317]  kasan_report+0x154/0x180
[   73.042132][ T5317]  ? vrealloc_noprof+0x340/0x3a0
[   73.043970][ T5317]  kasan_check_range+0x282/0x290
[   73.045809][ T5317]  __asan_memset+0x23/0x50
[   73.047469][ T5317]  vrealloc_noprof+0x340/0x3a0
[   73.049200][ T5317]  push_insn_history+0x16c/0x6a0
[   73.050914][ T5317]  do_check+0x692f/0xfcd0
[   73.052481][ T5317]  ? __pfx_do_check+0x10/0x10
[   73.054298][ T5317]  ? mark_reg_not_init+0xd4/0x4b0
[   73.056170][ T5317]  ? __asan_memcpy+0x40/0x70
[   73.057931][ T5317]  ? mark_reg_not_init+0xd4/0x4b0
[   73.059773][ T5317]  do_check_common+0x1564/0x2010
[   73.061739][ T5317]  bpf_check+0x19380/0x1f1b0
[   73.063468][ T5317]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   73.065711][ T5317]  ? validate_chain+0x11e/0x5920
[   73.067503][ T5317]  ? page_ext_get+0x20/0x2a0
[   73.069071][ T5317]  ? post_alloc_hook+0x206/0x230
[   73.070947][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   73.072751][ T5317]  ? validate_chain+0x11e/0x5920
[   73.074602][ T5317]  ? validate_chain+0x11e/0x5920
[   73.076446][ T5317]  ? mark_lock+0x9a/0x360
[   73.078071][ T5317]  ? __pfx___might_resched+0x10/0x10
[   73.080110][ T5317]  ? validate_chain+0x11e/0x5920
[   73.081868][ T5317]  ? validate_chain+0x11e/0x5920
[   73.083701][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   73.085602][ T5317]  ? validate_chain+0x11e/0x5920
[   73.087507][ T5317]  ? validate_chain+0x11e/0x5920
[   73.089348][ T5317]  ? validate_chain+0x11e/0x5920
[   73.091165][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   73.093086][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   73.095077][ T5317]  ? __pfx_bpf_check+0x10/0x10
[   73.096900][ T5317]  ? __pfx_validate_chain+0x10/0x10
[   73.098855][ T5317]  ? mark_lock+0x9a/0x360
[   73.100575][ T5317]  ? mark_lock+0x9a/0x360
[   73.102227][ T5317]  ? __lock_acquire+0x1397/0x2100
[   73.104145][ T5317]  ? mark_lock+0x9a/0x360
[   73.105781][ T5317]  ? __lock_acquire+0x1397/0x2100
[   73.107674][ T5317]  ? __pfx_lock_acquire+0x10/0x10
[   73.109545][ T5317]  ? ktime_get_with_offset+0x8c/0x290
[   73.111691][ T5317]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   73.113882][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   73.116216][ T5317]  ? ktime_get_with_offset+0x8c/0x290
[   73.118231][ T5317]  ? seqcount_lockdep_reader_access+0x157/0x220
[   73.120703][ T5317]  ? lockdep_hardirqs_on+0x99/0x150
[   73.122709][ T5317]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   73.124984][ T5317]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   73.127487][ T5317]  ? _raw_spin_unlock+0x28/0x50
[   73.129398][ T5317]  ? __asan_memset+0x23/0x50
[   73.131151][ T5317]  ? bpf_obj_name_cpy+0x18a/0x1d0
[   73.132961][ T5317]  bpf_prog_load+0x1667/0x20f0
[   73.134795][ T5317]  ? __pfx_bpf_prog_load+0x10/0x10
[   73.136707][ T5317]  ? __pfx___might_resched+0x10/0x10
[   73.138686][ T5317]  ? __might_fault+0xc6/0x120
[   73.140517][ T5317]  __sys_bpf+0x4ee/0x810
[   73.142197][ T5317]  ? __pfx___sys_bpf+0x10/0x10
[   73.144017][ T5317]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[   73.146333][ T5317]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   73.148576][ T5317]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   73.150974][ T5317]  ? do_syscall_64+0x100/0x230
[   73.152732][ T5317]  __x64_sys_bpf+0x7c/0x90
[   73.154372][ T5317]  do_syscall_64+0xf3/0x230
[   73.155940][ T5317]  ? clear_bhb_loop+0x35/0x90
[   73.157626][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.159821][ T5317] RIP: 0033:0x7f4af737ff19
[   73.161500][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.168476][ T5317] RSP: 002b:00007f4af81de058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   73.171615][ T5317] RAX: ffffffffffffffda RBX: 00007f4af7545fa0 RCX: 00007f4af737ff19
[   73.174533][ T5317] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005
[   73.177588][ T5317] RBP: 00007f4af73f3986 R08: 0000000000000000 R09: 0000000000000000
[   73.180666][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.183603][ T5317] R13: 0000000000000000 R14: 00007f4af7545fa0 R15: 00007ffcf78fbac8
[   73.186547][ T5317]  </TASK>
[   73.187942][ T5317] Kernel Offset: disabled
[   73.189538][ T5317] Rebooting in 86400 seconds..