program:
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3})
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004000)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x0, 0x0, 0x0, 0xfffffffd}, 0x4}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8512}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x200}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x9}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
syz_usb_connect(0x0, 0x5d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009b6cec20ca08602058c6010203010902"], 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000300), &(0x7f0000000340)=0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x30, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x100}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x30}}, 0x0)
ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000002b00))
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r4, 0x0, 0x4)
getdents64(r4, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000001c80)=[{{&(0x7f0000000380)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000400)=""/13, 0xd}], 0x1, &(0x7f0000000480)=""/9, 0x9}, 0x45aa2922}, {{&(0x7f00000004c0)=@nfc_llcp, 0x80, &(0x7f0000001b00)=[{&(0x7f0000000540)=""/125, 0x7d}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/121, 0x79}, {&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/133, 0x85}, {&(0x7f00000017c0)=""/242, 0xf2}, {&(0x7f00000018c0)=""/68, 0x44}, {&(0x7f0000001940)=""/150, 0x96}, {&(0x7f0000001a00)=""/207, 0xcf}], 0x9, &(0x7f0000001bc0)=""/152, 0x98}, 0x1}], 0x2, 0x0, &(0x7f0000001d00)={0x77359400})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
ioctl$IOMMU_GET_HW_INFO(r3, 0x3b8a, &(0x7f0000000240)={0x28, 0x0, r5, 0x42, &(0x7f0000000180)=""/66})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000005500010029bd7000fddbdf2507000000", @ANYRES32=0x0, @ANYBLOB="20000500", @ANYRES32=0x0, @ANYBLOB="01000300ac14143a00000000000000000000000086dd0000"], 0x38}, 0x1, 0x0, 0x0, 0x2040804}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x842b01)
fcntl$setownex(r6, 0xf, &(0x7f0000001d40)={0x1, 0xffffffffffffffff})
write$char_usb(r6, &(0x7f0000000040)="e2", 0x2250)
socket$inet6_sctp(0xa, 0x1, 0x84)

[   58.778748][    T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   58.879424][ T4661] Bluetooth: hci0: command tx timeout
[   58.928626][    T8] usb 5-1: Using ep0 maxpacket: 32
[   58.934279][    T8] usb 5-1: config 0 has no interfaces?
[   58.940751][    T8] usb 5-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[   58.944314][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.947426][    T8] usb 5-1: Product: syz
[   58.949527][    T8] usb 5-1: Manufacturer: syz
[   58.951400][    T8] usb 5-1: SerialNumber: syz
[   58.956888][    T8] usb 5-1: config 0 descriptor??
[   60.202441][ T5314] ==================================================================
[   60.205571][ T5314] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x341/0x3d0
[   60.208630][ T5314] Write of size 4064 at addr ffffc9000d3a1020 by task syz.0.0/5314
[   60.211602][ T5314] 
[   60.212566][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0
[   60.216449][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.220553][ T5314] Call Trace:
[   60.221812][ T5314]  <TASK>
[   60.222921][ T5314]  dump_stack_lvl+0x241/0x360
[   60.224714][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.226715][ T5314]  ? __pfx__printk+0x10/0x10
[   60.228463][ T5314]  ? _printk+0xd5/0x120
[   60.230061][ T5314]  print_report+0x169/0x550
[   60.231782][ T5314]  ? __virt_addr_valid+0xbd/0x530
[   60.233713][ T5314]  ? vrealloc_noprof+0x341/0x3d0
[   60.235641][ T5314]  kasan_report+0x143/0x180
[   60.237363][ T5314]  ? vrealloc_noprof+0x341/0x3d0
[   60.239106][ T5314]  kasan_check_range+0x282/0x290
[   60.240819][ T5314]  __asan_memset+0x23/0x50
[   60.242355][ T5314]  vrealloc_noprof+0x341/0x3d0
[   60.244155][ T5314]  push_insn_history+0x16c/0x6a0
[   60.247100][ T5314]  do_check+0x692f/0xfcd0
[   60.248910][ T5314]  ? __pfx_do_check+0x10/0x10
[   60.250665][ T5314]  ? mark_reg_not_init+0xd4/0x4b0
[   60.252607][ T5314]  ? __asan_memcpy+0x40/0x70
[   60.254344][ T5314]  ? mark_reg_not_init+0xd4/0x4b0
[   60.256214][ T5314]  do_check_common+0x1564/0x2010
[   60.258186][ T5314]  bpf_check+0x804e/0x1fc90
[   60.259876][ T5314]  ? validate_chain+0x11e/0x5920
[   60.261724][ T5314]  ? __lock_acquire+0x1397/0x2100
[   60.263620][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.265580][ T5314]  ? mark_lock+0x9a/0x360
[   60.267324][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.269538][ T5314]  ? validate_chain+0x11e/0x5920
[   60.271383][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.273418][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.275432][ T5314]  ? validate_chain+0x11e/0x5920
[   60.277375][ T5314]  ? validate_chain+0x11e/0x5920
[   60.279386][ T5314]  ? mark_lock+0x9a/0x360
[   60.281062][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.283058][ T5314]  ? validate_chain+0x11e/0x5920
[   60.284969][ T5314]  ? validate_chain+0x11e/0x5920
[   60.287109][ T5314]  ? validate_chain+0x11e/0x5920
[   60.289064][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.291066][ T5314]  ? validate_chain+0x11e/0x5920
[   60.292974][ T5314]  ? validate_chain+0x11e/0x5920
[   60.294831][ T5314]  ? validate_chain+0x11e/0x5920
[   60.296725][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.298664][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.300622][ T5314]  ? __pfx_bpf_check+0x10/0x10
[   60.302436][ T5314]  ? mark_lock+0x9a/0x360
[   60.304071][ T5314]  ? __lock_acquire+0x1397/0x2100
[   60.306072][ T5314]  ? mark_lock+0x9a/0x360
[   60.307683][ T5314]  ? __lock_acquire+0x1397/0x2100
[   60.309680][ T5314]  ? __pfx_lock_acquire+0x10/0x10
[   60.311500][ T5314]  ? ktime_get_with_offset+0x8c/0x290
[   60.313608][ T5314]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.315980][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.318446][ T5314]  ? ktime_get_with_offset+0x8c/0x290
[   60.320578][ T5314]  ? seqcount_lockdep_reader_access+0x157/0x220
[   60.322846][ T5314]  ? lockdep_hardirqs_on+0x99/0x150
[   60.324863][ T5314]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   60.327070][ T5314]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   60.329736][ T5314]  ? bpf_obj_name_cpy+0x18a/0x1d0
[   60.331754][ T5314]  bpf_prog_load+0x1667/0x20f0
[   60.333635][ T5314]  ? __pfx_bpf_prog_load+0x10/0x10
[   60.335533][ T5314]  ? __pfx___might_resched+0x10/0x10
[   60.337851][ T5314]  ? __might_fault+0xc6/0x120
[   60.339958][ T5314]  __sys_bpf+0x4ee/0x810
[   60.341738][ T5314]  ? __pfx___sys_bpf+0x10/0x10
[   60.343629][ T5314]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[   60.346110][ T5314]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.348495][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.350899][ T5314]  ? do_syscall_64+0x100/0x230
[   60.352816][ T5314]  __x64_sys_bpf+0x7c/0x90
[   60.354559][ T5314]  do_syscall_64+0xf3/0x230
[   60.356398][ T5314]  ? clear_bhb_loop+0x35/0x90
[   60.358170][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.360466][ T5314] RIP: 0033:0x7fa7b3385d29
[   60.362559][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.370739][ T5314] RSP: 002b:00007fa7b4132038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   60.373969][ T5314] RAX: ffffffffffffffda RBX: 00007fa7b3575fa0 RCX: 00007fa7b3385d29
[   60.377069][ T5314] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005
[   60.380163][ T5314] RBP: 00007fa7b3401b08 R08: 0000000000000000 R09: 0000000000000000
[   60.383323][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.386289][ T5314] R13: 0000000000000000 R14: 00007fa7b3575fa0 R15: 00007ffdae16b0c8
[   60.389305][ T5314]  </TASK>
[   60.390497][ T5314] 
[   60.391621][ T5314] The buggy address belongs to the virtual mapping at
[   60.391621][ T5314]  [ffffc9000d381000, ffffc9000d3a3000) created by:
[   60.391621][ T5314]  kvrealloc_noprof+0xc7/0x120
[   60.398221][ T5314] 
[   60.399183][ T5314] The buggy address belongs to the physical page:
[   60.401563][ T5314] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888044811b00 pfn:0x44810
[   60.406277][ T5314] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   60.410400][ T5314] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   60.414392][ T5314] raw: ffff888044811b00 0000000000000000 00000001ffffffff 0000000000000000
[   60.419217][ T5314] page dumped because: kasan: bad access detected
[   60.421821][ T5314] page_owner tracks the page as allocated
[   60.423918][ T5314] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5314, tgid 5313 (syz.0.0), ts 60202325182, free_ts 59713439690
[   60.430158][ T5314]  post_alloc_hook+0x1f3/0x230
[   60.431922][ T5314]  get_page_from_freelist+0x365c/0x37a0
[   60.433853][ T5314]  __alloc_pages_slowpath+0x414/0x1020
[   60.435697][ T5314]  __alloc_pages_noprof+0x49b/0x710
[   60.437762][ T5314]  alloc_pages_mpol_noprof+0x3e8/0x680
[   60.439797][ T5314]  __vmalloc_node_range_noprof+0x9c9/0x1380
[   60.442077][ T5314]  __kvmalloc_node_noprof+0x142/0x190
[   60.444129][ T5314]  kvrealloc_noprof+0xc7/0x120
[   60.445875][ T5314]  push_insn_history+0x16c/0x6a0
[   60.447877][ T5314]  do_check+0x692f/0xfcd0
[   60.449805][ T5314]  do_check_common+0x1564/0x2010
[   60.451668][ T5314]  bpf_check+0x804e/0x1fc90
[   60.453632][ T5314]  bpf_prog_load+0x1667/0x20f0
[   60.455428][ T5314]  __sys_bpf+0x4ee/0x810
[   60.457017][ T5314]  __x64_sys_bpf+0x7c/0x90
[   60.458795][ T5314]  do_syscall_64+0xf3/0x230
[   60.460498][ T5314] page last free pid 5312 tgid 5312 stack trace:
[   60.462652][ T5314]  free_unref_page+0xd3f/0x1010
[   60.464510][ T5314]  __put_partials+0x160/0x1c0
[   60.466219][ T5314]  put_cpu_partial+0x17c/0x250
[   60.468026][ T5314]  __slab_free+0x290/0x380
[   60.469794][ T5314]  qlist_free_all+0x9a/0x140
[   60.471599][ T5314]  kasan_quarantine_reduce+0x14f/0x170
[   60.473719][ T5314]  __kasan_slab_alloc+0x23/0x80
[   60.475667][ T5314]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   60.478011][ T5314]  __alloc_skb+0x1c3/0x440
[   60.479689][ T5314]  alloc_skb_with_frags+0xc3/0x820
[   60.481648][ T5314]  sock_alloc_send_pskb+0x91a/0xa60
[   60.483611][ T5314]  mld_newpack+0x1c3/0xaf0
[   60.485449][ T5314]  add_grec+0x1492/0x19a0
[   60.487111][ T5314]  mld_send_initial_cr+0x228/0x4b0
[   60.489091][ T5314]  mld_dad_work+0x44/0x500
[   60.490827][ T5314]  process_scheduled_works+0xa66/0x1840
[   60.493205][ T5314] 
[   60.494154][ T5314] Memory state around the buggy address:
[   60.496357][ T5314]  ffffc9000d3a0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.499677][ T5314]  ffffc9000d3a0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.502776][ T5314] >ffffc9000d3a1000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   60.505813][ T5314]                                ^
[   60.507794][ T5314]  ffffc9000d3a1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   60.510771][ T5314]  ffffc9000d3a1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   60.513688][ T5314] ==================================================================
[   60.699707][ T5314] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.702463][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0
[   60.706371][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.710594][ T5314] Call Trace:
[   60.711942][ T5314]  <TASK>
[   60.713165][ T5314]  dump_stack_lvl+0x241/0x360
[   60.715438][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.717879][ T5314]  ? __pfx__printk+0x10/0x10
[   60.720169][ T5314]  ? preempt_schedule+0xe1/0xf0
[   60.722364][ T5314]  ? vscnprintf+0x5d/0x90
[   60.724355][ T5314]  panic+0x349/0x880
[   60.726057][ T5314]  ? check_panic_on_warn+0x21/0xb0
[   60.727957][ T5314]  ? __pfx_panic+0x10/0x10
[   60.729616][ T5314]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   60.731895][ T5314]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   60.734380][ T5314]  ? print_report+0x502/0x550
[   60.736195][ T5314]  check_panic_on_warn+0x86/0xb0
[   60.738155][ T5314]  ? vrealloc_noprof+0x341/0x3d0
[   60.740139][ T5314]  end_report+0x77/0x160
[   60.741874][ T5314]  kasan_report+0x154/0x180
[   60.743644][ T5314]  ? vrealloc_noprof+0x341/0x3d0
[   60.745568][ T5314]  kasan_check_range+0x282/0x290
[   60.747540][ T5314]  __asan_memset+0x23/0x50
[   60.749243][ T5314]  vrealloc_noprof+0x341/0x3d0
[   60.750911][ T5314]  push_insn_history+0x16c/0x6a0
[   60.752724][ T5314]  do_check+0x692f/0xfcd0
[   60.754624][ T5314]  ? __pfx_do_check+0x10/0x10
[   60.756568][ T5314]  ? mark_reg_not_init+0xd4/0x4b0
[   60.758884][ T5314]  ? __asan_memcpy+0x40/0x70
[   60.761009][ T5314]  ? mark_reg_not_init+0xd4/0x4b0
[   60.763362][ T5314]  do_check_common+0x1564/0x2010
[   60.765696][ T5314]  bpf_check+0x804e/0x1fc90
[   60.768071][ T5314]  ? validate_chain+0x11e/0x5920
[   60.770201][ T5314]  ? __lock_acquire+0x1397/0x2100
[   60.772560][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.774880][ T5314]  ? mark_lock+0x9a/0x360
[   60.777096][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.779401][ T5314]  ? validate_chain+0x11e/0x5920
[   60.781585][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.783984][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.786291][ T5314]  ? validate_chain+0x11e/0x5920
[   60.788477][ T5314]  ? validate_chain+0x11e/0x5920
[   60.790527][ T5314]  ? mark_lock+0x9a/0x360
[   60.792447][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.794548][ T5314]  ? validate_chain+0x11e/0x5920
[   60.796637][ T5314]  ? validate_chain+0x11e/0x5920
[   60.798932][ T5314]  ? validate_chain+0x11e/0x5920
[   60.801079][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.803322][ T5314]  ? validate_chain+0x11e/0x5920
[   60.805615][ T5314]  ? validate_chain+0x11e/0x5920
[   60.807702][ T5314]  ? validate_chain+0x11e/0x5920
[   60.809804][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.812084][ T5314]  ? __pfx_validate_chain+0x10/0x10
[   60.814285][ T5314]  ? __pfx_bpf_check+0x10/0x10
[   60.816348][ T5314]  ? mark_lock+0x9a/0x360
[   60.818291][ T5314]  ? __lock_acquire+0x1397/0x2100
[   60.820534][ T5314]  ? mark_lock+0x9a/0x360
[   60.822711][ T5314]  ? __lock_acquire+0x1397/0x2100
[   60.825062][ T5314]  ? __pfx_lock_acquire+0x10/0x10
[   60.827334][ T5314]  ? ktime_get_with_offset+0x8c/0x290
[   60.829667][ T5314]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.832325][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.834939][ T5314]  ? ktime_get_with_offset+0x8c/0x290
[   60.837219][ T5314]  ? seqcount_lockdep_reader_access+0x157/0x220
[   60.839641][ T5314]  ? lockdep_hardirqs_on+0x99/0x150
[   60.841604][ T5314]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   60.844094][ T5314]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   60.847052][ T5314]  ? bpf_obj_name_cpy+0x18a/0x1d0
[   60.849171][ T5314]  bpf_prog_load+0x1667/0x20f0
[   60.851063][ T5314]  ? __pfx_bpf_prog_load+0x10/0x10
[   60.853038][ T5314]  ? __pfx___might_resched+0x10/0x10
[   60.854965][ T5314]  ? __might_fault+0xc6/0x120
[   60.856789][ T5314]  __sys_bpf+0x4ee/0x810
[   60.858353][ T5314]  ? __pfx___sys_bpf+0x10/0x10
[   60.860168][ T5314]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[   60.862436][ T5314]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.864606][ T5314]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.867069][ T5314]  ? do_syscall_64+0x100/0x230
[   60.868965][ T5314]  __x64_sys_bpf+0x7c/0x90
[   60.870506][ T5314]  do_syscall_64+0xf3/0x230
[   60.872223][ T5314]  ? clear_bhb_loop+0x35/0x90
[   60.874001][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.876151][ T5314] RIP: 0033:0x7fa7b3385d29
[   60.877902][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.884983][ T5314] RSP: 002b:00007fa7b4132038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   60.888087][ T5314] RAX: ffffffffffffffda RBX: 00007fa7b3575fa0 RCX: 00007fa7b3385d29
[   60.891130][ T5314] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005
[   60.894141][ T5314] RBP: 00007fa7b3401b08 R08: 0000000000000000 R09: 0000000000000000
[   60.897171][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.900284][ T5314] R13: 0000000000000000 R14: 00007fa7b3575fa0 R15: 00007ffdae16b0c8
[   60.903508][ T5314]  </TASK>
[   60.904967][ T5314] Kernel Offset: disabled
[   60.906624][ T5314] Rebooting in 86400 seconds..