program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x24, &(0x7f0000000200)=0x7, 0x4)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000020c0), 0xf}, 0x0, 0x0, 0x40000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000005640)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002100)={0x15, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000140000850000000c000000b700000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="614bcd00000000d57513af39", @ANYRES32=0x0, @ANYRES64=0x0], 0x20)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f00000003c0)={0x2, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x6]}})
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00')
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r4})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640ab321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd9030a46c190e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b20"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x2000d00, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000}, 0x28)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r7)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000021c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000000000000000000060000002800078073797374656d5f753a6f626a6563745f723a756465765f7661725f72756e5e743a73300004f70c1e5126f50a0ff335d936ffccf8cb375876286078f2568de1909b315dd1b085e7ce781614500c4a8e94a50b9b97d873d3f1c434b2f322b3735707b75da5cb"], 0x3c}}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000440)='fdinfo/4\x00')
read$FUSE(r9, &(0x7f0000006140)={0x2020}, 0x2020)
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000002100)=ANY=[], 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x101)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r11 = socket$unix(0x1, 0x1, 0x0)
r12 = dup2(r11, r10)
close_range(r12, 0xffffffffffffffff, 0x0)
listen(r0, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x563, &(0x7f0000000640)="$eJzs3U9sFFUYAPBvZmmBUmkxxgAXm3CAxLhQagQ9Ad6MMf49mtCULWlYKGlrQpse4O7BAwevJl68ekE9NdF48ODBE3jybEJMo9TEmNTM7my7trtt07RM6fx+yey+N2/hvW8nH/Pe7r4QQGkNZQ9pxImIuJpEDLS1HYi8caj5uqXF+bG/F+fHklhe/uCPJJKIeLI4P9Z6fZI/H8krhyLilysRz1fW9zs9O3djtF6vTeX1szM3b5+dnp17ZeLm6PXa9dqtkeHzr786MjJy4eKOxfrR+yffqX781qOvJl/79/57R39K4lL0523tceyUoRhaeU/aZe/rhZ3urCCVPJ5OcbL3ta5fT0S8GANRybM+MxATnxY6OGBXLVciloGSSuQ/lFRrHpCtf1tHsTOSp+vx5eYCKIt7KT+aLQean43EocbaqO/PpG1l1FzvDu5A/1kfd05f+T47Ypc+h9jI3XsRcbzT9U8aYxtsfIqTxZ/+L/40Is7lz9n589vsf2hN/VmK/1Jb/Fe22X/R8QNQTguXmzfy9fe/dGX+Ex3mP/0d7l3bUfT9rzX/W1o3/1uNv9Jl/vfuFvv49ccHP3dra5//ZUfWf2su+DQ8vhdxsmP8yUr8SYf4s3nP1S328fU3pw52ays6/uUvIk5H5/hbko2/nzw7PlGvnWs+duzjt+NvPujWf9HxZ9e/r0v8G13/7NztLfZxse/M593aNo8//b03+bBR6s3P3BmdmZkajuhN3l5/fpOFSOs1rb8ji//MqY3zv1P8h7O1wxbjfzL53T/bj393ZfFf2+b1/2yLfXz75Q8Pu7UVHT8AAAAAAADsJ2njtxxJWl0pp2m12tzD+0L0pfXJ6ZmXxyc/uXWt+ZuPwehJW990DzTrSVYfzn8P26qfX1MfiYhjEXG/crhRr45N1q8VHTwAAAAAAAAAAAAAAAAAAADsEUfW7P//q9Lc/w+UxIGiBwAURv5Decl/KC/5D+Ul/6G85D+Ul/yH8pL/UF7yH8pL/kN5yX8AAAAA2JeOvbTwKImIu28cbhyZ3rytp9CRAbstLXoAQGEqRQ8AKIyv/qG8rPGBZJP2Q90aFjb7kwAAAAAAAAAAAADATjl9wv5/KCv7/6G87P+H8rL/H8rLGh+w/x8AAAAAAAAAAAAA9r7+xpGk1XwvcH+kabUa8VxEDEZPMj5Rr52LiKMR8bDSczCrDxc9aAAAAAAAAAAAAAAAAAAAANhnpmfnbozW67UpBQUFhZVC0f8yAQAAAAAAAAAAAAAAAABA+axu+i16JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQnNX//3/3CkXHCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8m/4LAAD//2EREuQ=")

[   59.262951][ T4679] Bluetooth: hci0: command tx timeout
[   59.491361][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   59.632362][    T9] usb 5-1: device descriptor read/64, error -71
[   59.881225][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   60.014074][    T9] usb 5-1: device descriptor read/64, error -71
[   60.125426][    T9] usb usb5-port1: attempt power cycle
[   60.180149][ T5329] ==================================================================
[   60.182924][ T5329] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x340/0x3a0
[   60.185618][ T5329] Write of size 4064 at addr ffffc9000d461020 by task syz.0.0/5329
[   60.188278][ T5329] 
[   60.189137][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[   60.192455][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.196359][ T5329] Call Trace:
[   60.197828][ T5329]  <TASK>
[   60.198921][ T5329]  dump_stack_lvl+0x241/0x360
[   60.200754][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.202724][ T5329]  ? __pfx__printk+0x10/0x10
[   60.204525][ T5329]  ? _printk+0xd5/0x120
[   60.206081][ T5329]  print_report+0x169/0x550
[   60.207744][ T5329]  ? __virt_addr_valid+0xbd/0x530
[   60.209613][ T5329]  ? vrealloc_noprof+0x340/0x3a0
[   60.211406][ T5329]  kasan_report+0x143/0x180
[   60.213114][ T5329]  ? vrealloc_noprof+0x340/0x3a0
[   60.214903][ T5329]  kasan_check_range+0x282/0x290
[   60.216657][ T5329]  __asan_memset+0x23/0x50
[   60.218242][ T5329]  vrealloc_noprof+0x340/0x3a0
[   60.220055][ T5329]  push_insn_history+0x16c/0x6a0
[   60.221898][ T5329]  do_check+0x692f/0xfcd0
[   60.224433][ T5329]  ? __pfx_do_check+0x10/0x10
[   60.226197][ T5329]  ? mark_reg_not_init+0xd4/0x4b0
[   60.228011][ T5329]  ? __asan_memcpy+0x40/0x70
[   60.229773][ T5329]  ? mark_reg_not_init+0xd4/0x4b0
[   60.231680][ T5329]  do_check_common+0x1564/0x2010
[   60.233496][ T5329]  bpf_check+0x19380/0x1f1b0
[   60.235202][ T5329]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   60.237391][ T5329]  ? validate_chain+0x11e/0x5920
[   60.239205][ T5329]  ? page_ext_get+0x20/0x2a0
[   60.240824][ T5329]  ? post_alloc_hook+0x206/0x230
[   60.242885][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.244803][ T5329]  ? validate_chain+0x11e/0x5920
[   60.246607][ T5329]  ? validate_chain+0x11e/0x5920
[   60.248441][ T5329]  ? mark_lock+0x9a/0x360
[   60.250040][ T5329]  ? __pfx___might_resched+0x10/0x10
[   60.251999][ T5329]  ? validate_chain+0x11e/0x5920
[   60.253857][ T5329]  ? validate_chain+0x11e/0x5920
[   60.255725][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.257674][ T5329]  ? validate_chain+0x11e/0x5920
[   60.259530][ T5329]  ? validate_chain+0x11e/0x5920
[   60.261323][ T5329]  ? validate_chain+0x11e/0x5920
[   60.263156][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.265064][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.267096][ T5329]  ? __pfx_bpf_check+0x10/0x10
[   60.268897][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.270838][ T5329]  ? mark_lock+0x9a/0x360
[   60.272441][ T5329]  ? mark_lock+0x9a/0x360
[   60.274044][ T5329]  ? __lock_acquire+0x1397/0x2100
[   60.275992][ T5329]  ? mark_lock+0x9a/0x360
[   60.277684][ T5329]  ? __lock_acquire+0x1397/0x2100
[   60.279581][ T5329]  ? __pfx_lock_acquire+0x10/0x10
[   60.281460][ T5329]  ? ktime_get_with_offset+0x8c/0x290
[   60.283410][ T5329]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.285646][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.287938][ T5329]  ? ktime_get_with_offset+0x8c/0x290
[   60.289858][ T5329]  ? seqcount_lockdep_reader_access+0x157/0x220
[   60.292176][ T5329]  ? lockdep_hardirqs_on+0x99/0x150
[   60.294083][ T5329]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   60.296316][ T5329]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   60.298738][ T5329]  ? _raw_spin_unlock+0x28/0x50
[   60.300557][ T5329]  ? __asan_memset+0x23/0x50
[   60.302262][ T5329]  ? bpf_obj_name_cpy+0x18a/0x1d0
[   60.304321][ T5329]  bpf_prog_load+0x1667/0x20f0
[   60.306407][ T5329]  ? __pfx_bpf_prog_load+0x10/0x10
[   60.308792][ T5329]  ? __pfx___might_resched+0x10/0x10
[   60.311126][ T5329]  ? __might_fault+0xc6/0x120
[   60.313110][ T5329]  __sys_bpf+0x4ee/0x810
[   60.314775][ T5329]  ? __pfx___sys_bpf+0x10/0x10
[   60.316518][ T5329]  ? __rseq_handle_notify_resume+0x34d/0x14d0
[   60.318714][ T5329]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.320893][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.323102][ T5329]  ? do_syscall_64+0x100/0x230
[   60.324836][ T5329]  __x64_sys_bpf+0x7c/0x90
[   60.326475][ T5329]  do_syscall_64+0xf3/0x230
[   60.328152][ T5329]  ? clear_bhb_loop+0x35/0x90
[   60.329818][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.332011][ T5329] RIP: 0033:0x7f3c81b7e819
[   60.333658][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.340443][ T5329] RSP: 002b:00007f3c829cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   60.343864][ T5329] RAX: ffffffffffffffda RBX: 00007f3c81d35fa0 RCX: 00007f3c81b7e819
[   60.346797][ T5329] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005
[   60.349699][ T5329] RBP: 00007f3c81bf175e R08: 0000000000000000 R09: 0000000000000000
[   60.352538][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.355475][ T5329] R13: 0000000000000000 R14: 00007f3c81d35fa0 R15: 00007ffe617a88d8
[   60.358246][ T5329]  </TASK>
[   60.359369][ T5329] 
[   60.360613][ T5329] The buggy address belongs to the virtual mapping at
[   60.360613][ T5329]  [ffffc9000d441000, ffffc9000d463000) created by:
[   60.360613][ T5329]  kvrealloc_noprof+0xc7/0x120
[   60.366923][ T5329] 
[   60.367898][ T5329] The buggy address belongs to the physical page:
[   60.370235][ T5329] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888042ecde88 pfn:0x42ecd
[   60.373877][ T5329] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   60.376407][ T5329] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   60.379480][ T5329] raw: ffff888042ecde88 0000000000000000 00000001ffffffff 0000000000000000
[   60.382584][ T5329] page dumped because: kasan: bad access detected
[   60.384869][ T5329] page_owner tracks the page as allocated
[   60.386895][ T5329] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5329, tgid 5328 (syz.0.0), ts 60180026165, free_ts 59436212295
[   60.392868][ T5329]  post_alloc_hook+0x1f3/0x230
[   60.394661][ T5329]  get_page_from_freelist+0x3649/0x3790
[   60.396730][ T5329]  __alloc_pages_slowpath+0x414/0x1020
[   60.398784][ T5329]  __alloc_pages_noprof+0x493/0x710
[   60.400678][ T5329]  alloc_pages_mpol_noprof+0x3e8/0x680
[   60.402704][ T5329]  __vmalloc_node_range_noprof+0x9c9/0x1380
[   60.404813][ T5329]  __kvmalloc_node_noprof+0x142/0x190
[   60.406736][ T5329]  kvrealloc_noprof+0xc7/0x120
[   60.408366][ T5329]  push_insn_history+0x16c/0x6a0
[   60.410208][ T5329]  do_check+0x692f/0xfcd0
[   60.411622][ T5329]  do_check_common+0x1564/0x2010
[   60.413440][ T5329]  bpf_check+0x19380/0x1f1b0
[   60.415137][ T5329]  bpf_prog_load+0x1667/0x20f0
[   60.416734][ T5329]  __sys_bpf+0x4ee/0x810
[   60.418214][ T5329]  __x64_sys_bpf+0x7c/0x90
[   60.419840][ T5329]  do_syscall_64+0xf3/0x230
[   60.421458][ T5329] page last free pid 9 tgid 9 stack trace:
[   60.423624][ T5329]  free_unref_page+0xdf9/0x1140
[   60.425413][ T5329]  __slab_free+0x31b/0x3d0
[   60.427039][ T5329]  qlist_free_all+0x9a/0x140
[   60.428667][ T5329]  kasan_quarantine_reduce+0x14f/0x170
[   60.430792][ T5329]  __kasan_slab_alloc+0x23/0x80
[   60.432624][ T5329]  __kmalloc_cache_noprof+0x132/0x2c0
[   60.434639][ T5329]  usb_control_msg+0xbb/0x4c0
[   60.436472][ T5329]  hub_ext_port_status+0x11a/0x840
[   60.438361][ T5329]  hub_port_reset+0x905/0x1b30
[   60.440193][ T5329]  hub_port_init+0x2a9/0x2670
[   60.442003][ T5329]  hub_event+0x2962/0x5150
[   60.443640][ T5329]  process_scheduled_works+0xa63/0x1850
[   60.445657][ T5329]  worker_thread+0x870/0xd30
[   60.447372][ T5329]  kthread+0x2f0/0x390
[   60.448843][ T5329]  ret_from_fork+0x4b/0x80
[   60.450465][ T5329]  ret_from_fork_asm+0x1a/0x30
[   60.452269][ T5329] 
[   60.453136][ T5329] Memory state around the buggy address:
[   60.455317][ T5329]  ffffc9000d460f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.458163][ T5329]  ffffc9000d460f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.461411][ T5329] >ffffc9000d461000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   60.464389][ T5329]                                ^
[   60.466264][ T5329]  ffffc9000d461080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   60.469208][ T5329]  ffffc9000d461100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   60.472176][ T5329] ==================================================================
[   60.636954][ T5329] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.639643][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[   60.643255][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   60.647246][ T5329] Call Trace:
[   60.648533][ T5329]  <TASK>
[   60.649802][ T5329]  dump_stack_lvl+0x241/0x360
[   60.652033][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.654332][ T5329]  ? __pfx__printk+0x10/0x10
[   60.656404][ T5329]  ? preempt_schedule+0xe1/0xf0
[   60.658490][ T5329]  ? vscnprintf+0x5d/0x90
[   60.660443][ T5329]  panic+0x349/0x880
[   60.662141][ T5329]  ? check_panic_on_warn+0x21/0xb0
[   60.664089][ T5329]  ? __pfx_panic+0x10/0x10
[   60.665797][ T5329]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   60.668044][ T5329]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   60.670442][ T5329]  ? print_report+0x502/0x550
[   60.672135][ T5329]  check_panic_on_warn+0x86/0xb0
[   60.673986][ T5329]  ? vrealloc_noprof+0x340/0x3a0
[   60.675873][ T5329]  end_report+0x77/0x160
[   60.677436][ T5329]  kasan_report+0x154/0x180
[   60.679192][ T5329]  ? vrealloc_noprof+0x340/0x3a0
[   60.681032][ T5329]  kasan_check_range+0x282/0x290
[   60.682864][ T5329]  __asan_memset+0x23/0x50
[   60.684512][ T5329]  vrealloc_noprof+0x340/0x3a0
[   60.686310][ T5329]  push_insn_history+0x16c/0x6a0
[   60.688161][ T5329]  do_check+0x692f/0xfcd0
[   60.689756][ T5329]  ? __pfx_do_check+0x10/0x10
[   60.691556][ T5329]  ? mark_reg_not_init+0xd4/0x4b0
[   60.693322][ T5329]  ? __asan_memcpy+0x40/0x70
[   60.695097][ T5329]  ? mark_reg_not_init+0xd4/0x4b0
[   60.696961][ T5329]  do_check_common+0x1564/0x2010
[   60.698807][ T5329]  bpf_check+0x19380/0x1f1b0
[   60.700548][ T5329]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   60.702694][ T5329]  ? validate_chain+0x11e/0x5920
[   60.704655][ T5329]  ? page_ext_get+0x20/0x2a0
[   60.706285][ T5329]  ? post_alloc_hook+0x206/0x230
[   60.708131][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.710046][ T5329]  ? validate_chain+0x11e/0x5920
[   60.711912][ T5329]  ? validate_chain+0x11e/0x5920
[   60.713755][ T5329]  ? mark_lock+0x9a/0x360
[   60.715324][ T5329]  ? __pfx___might_resched+0x10/0x10
[   60.717301][ T5329]  ? validate_chain+0x11e/0x5920
[   60.719095][ T5329]  ? validate_chain+0x11e/0x5920
[   60.720896][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.722894][ T5329]  ? validate_chain+0x11e/0x5920
[   60.724680][ T5329]  ? validate_chain+0x11e/0x5920
[   60.726411][ T5329]  ? validate_chain+0x11e/0x5920
[   60.728166][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.729929][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.731747][ T5329]  ? __pfx_bpf_check+0x10/0x10
[   60.733433][ T5329]  ? __pfx_validate_chain+0x10/0x10
[   60.735246][ T5329]  ? mark_lock+0x9a/0x360
[   60.736797][ T5329]  ? mark_lock+0x9a/0x360
[   60.738261][ T5329]  ? __lock_acquire+0x1397/0x2100
[   60.740114][ T5329]  ? mark_lock+0x9a/0x360
[   60.741691][ T5329]  ? __lock_acquire+0x1397/0x2100
[   60.743603][ T5329]  ? __pfx_lock_acquire+0x10/0x10
[   60.745514][ T5329]  ? ktime_get_with_offset+0x8c/0x290
[   60.747497][ T5329]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.749656][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.752256][ T5329]  ? ktime_get_with_offset+0x8c/0x290
[   60.754266][ T5329]  ? seqcount_lockdep_reader_access+0x157/0x220
[   60.756586][ T5329]  ? lockdep_hardirqs_on+0x99/0x150
[   60.758571][ T5329]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[   60.760903][ T5329]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   60.763416][ T5329]  ? _raw_spin_unlock+0x28/0x50
[   60.765184][ T5329]  ? __asan_memset+0x23/0x50
[   60.766907][ T5329]  ? bpf_obj_name_cpy+0x18a/0x1d0
[   60.768814][ T5329]  bpf_prog_load+0x1667/0x20f0
[   60.770555][ T5329]  ? __pfx_bpf_prog_load+0x10/0x10
[   60.772369][ T5329]  ? __pfx___might_resched+0x10/0x10
[   60.774245][ T5329]  ? __might_fault+0xc6/0x120
[   60.775891][ T5329]  __sys_bpf+0x4ee/0x810
[   60.777347][ T5329]  ? __pfx___sys_bpf+0x10/0x10
[   60.778926][ T5329]  ? __rseq_handle_notify_resume+0x34d/0x14d0
[   60.780854][ T5329]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   60.782924][ T5329]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   60.785153][ T5329]  ? do_syscall_64+0x100/0x230
[   60.786863][ T5329]  __x64_sys_bpf+0x7c/0x90
[   60.788489][ T5329]  do_syscall_64+0xf3/0x230
[   60.790127][ T5329]  ? clear_bhb_loop+0x35/0x90
[   60.791939][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.794167][ T5329] RIP: 0033:0x7f3c81b7e819
[   60.795837][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.803025][ T5329] RSP: 002b:00007f3c829cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   60.806055][ T5329] RAX: ffffffffffffffda RBX: 00007f3c81d35fa0 RCX: 00007f3c81b7e819
[   60.808617][ T5329] RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005
[   60.811564][ T5329] RBP: 00007f3c81bf175e R08: 0000000000000000 R09: 0000000000000000
[   60.814493][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.817320][ T5329] R13: 0000000000000000 R14: 00007f3c81d35fa0 R15: 00007ffe617a88d8
[   60.820249][ T5329]  </TASK>
[   60.821670][ T5329] Kernel Offset: disabled
[   60.823292][ T5329] Rebooting in 86400 seconds..