program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x28000)
ioctl$SG_IO(r4, 0x2285, &(0x7f0000000740)={0x53, 0xffffffffffffffff, 0x6, 0x1, @scatter={0x30, 0x0, 0x0}, &(0x7f00000005c0)="5fb02e37c336", 0x0, 0x4, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000001800)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e0500001e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c71e68558b677156e22e13d8e509274ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba0", @ANYRES16, @ANYRES32, @ANYBLOB="45fb70780aaa464a9197101b4fa69a4ecf588c41c7a263b661be09f9c99eaa7c422378d6726506a9b3f6cf9b196d711df66df81964928308ce6ce7a56c95268bf31a3279ba0cd16ecc5592b0679c19a21de4e1421f2834a67584e8d07242fcbfd5c296ce12b1ab352f099cc270d5c2345d86d5e0778113a9387fec874e9d3e4ea20a364952c5b91bb0bbe0a208647587a4af60594fa66b1651ec23ec71d1837af9475acc46cb1c0ca0073f64a9ee72f21fa8d64fc6464c4548a5440e10c012738fc4b0a8ea601f2ff5fd08b726a74665ddb32c49ee18a8fd8d5f7546942a1a7083d450b861cbda4d53df4a10", @ANYRESDEC, @ANYRES8], 0x1, 0x11ef, &(0x7f0000003980)="$eJzs3M+LG2UYB/Cna7tbd90faq22IL7gRS9DswdB9BJkC9KA0jZCexCm7kRDxiRkwkI8WD159e/w7E2Q3vSyF/8Gb3vx2IM4QqK2KakQC6Ysn88lDzzvN3lfAgPvMO+cvPvt571OlXXycaydORNrw4h0P0WKtfjbV/HmOz/9/OqNW7evNVutg+spXW3ebLyVUtp57cdzEXFvvPXR9zs/bMTx3scnv+3/enzx+NLJHzc/61apW6X+YJzydGcwGOd3yiIddqteltKHZZFXRer2q2I01++Ug+FwkvL+4fbmcFRUVcr7k9QrJmk8SOPRJOWf5t1+yrIsbW8GT6L93f26riPq+lysR13X9bOxGVvxXGzHTuzGXjwfL8SLcSFeiovxcrwSl6ajVj1vAAAAAAAAAAAAAAAAAAAAOF2c/wcAAAAAAAAAAAAAAAAAAIDVu3Hr9rVmq3VwPaXzEeU3R+2j9uxz1m92ohtlFHElduP3mJ7+n5nVV99vHVxJU3vxdXn3r/zdo/Yz8/nG9HUCC/ONWT7N5zdi8+H8fuzGhcX5/YX58/HG6w/ls9iNXz6JQZRxGBH34kH+y0ZK733QeiR/eToOAAAAToMs/WPh/j3LHtef5Ze4P/DI/vpsXD672rUTUU2+6OVlWYz+S7E2F9+IiAWD1+NJfkJxGor1p2MaiiWKVV+Z+D88+NNXPRMAAAAAAAAAAACWscSDgW9HxGNaW//6PateIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCf7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvgoAAP//4kjMlQ==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r5, &(0x7f0000000140)='2', 0x1, 0x8000c61)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000200), 0xfea7)
mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2012024, 0x0)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r7, @ANYBLOB="010000000000fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x5, &(0x7f0000000140)=0x8, 0x4)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r8, &(0x7f0000000000)="2e000000010002", 0x7)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x4, 0x0, 0x4, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r9}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=@framed={{}, [@jmp={0x5, 0x0, 0xe, 0x0, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

[   81.321424][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[   81.324294][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[   81.327984][ T5294] Bluetooth: hci0: command tx timeout
[   81.509596][ T5311] sr 2:0:0:0: [sr0] tag#4 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[   81.514030][ T5311] sr 2:0:0:0: [sr0] tag#4 CDB: Persistent reserve out, sa=0x10 5f b0 2e 37 c3 36
[   81.560642][ T5311] loop0: detected capacity change from 0 to 8192
[   81.989853][ T5311] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   81.995349][ T5311] netlink: 16 bytes leftover after parsing attributes in process `syz.0.0'.
[   81.999181][ T5311] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   82.002875][ T5311] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'.
[   82.022498][ T5311] Bluetooth: MGMT ver 1.23
[   83.960289][ T5294] Bluetooth: hci0: command tx timeout
[   84.059049][ T5311] ==================================================================
[   84.059073][ T5311] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x396/0x430
[   84.059224][ T5311] Write of size 4064 at addr ffffc9000d6d5020 by task syz.0.0/5311
[   84.059233][ T5311] 
[   84.059241][ T5311] CPU: 0 UID: 0 PID: 5311 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[   84.059254][ T5311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.059262][ T5311] Call Trace:
[   84.059266][ T5311]  <TASK>
[   84.059271][ T5311]  dump_stack_lvl+0x189/0x250
[   84.059289][ T5311]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.059303][ T5311]  ? __pfx__printk+0x10/0x10
[   84.059314][ T5311]  ? __pfx__printk+0x10/0x10
[   84.059324][ T5311]  ? __virt_addr_valid+0xc3/0x540
[   84.059338][ T5311]  print_report+0xb4/0x290
[   84.059349][ T5311]  ? vrealloc_noprof+0x396/0x430
[   84.059360][ T5311]  kasan_report+0x118/0x150
[   84.059374][ T5311]  ? vrealloc_noprof+0x396/0x430
[   84.059387][ T5311]  kasan_check_range+0x29a/0x2b0
[   84.059400][ T5311]  __asan_memset+0x22/0x50
[   84.059411][ T5311]  vrealloc_noprof+0x396/0x430
[   84.059425][ T5311]  push_insn_history+0x184/0x650
[   84.059440][ T5311]  do_check+0x597/0xd630
[   84.059465][ T5311]  ? __pfx_do_check+0x10/0x10
[   84.059476][ T5311]  ? __asan_memset+0x22/0x50
[   84.059485][ T5311]  ? init_func_state+0x1ddf/0x2d20
[   84.059499][ T5311]  do_check_common+0x168d/0x20b0
[   84.059517][ T5311]  bpf_check+0x13679/0x19a70
[   84.059530][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.059546][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.059564][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.059578][ T5311]  ? do_raw_spin_lock+0x121/0x290
[   84.059593][ T5311]  ? __pfx_bpf_check+0x10/0x10
[   84.059604][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.059618][ T5311]  ? cgroup_rstat_updated+0x144/0xb50
[   84.059635][ T5311]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[   84.059648][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.059663][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.059677][ T5311]  ? ktime_get_with_offset+0x8c/0x2a0
[   84.059690][ T5311]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[   84.059701][ T5311]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.059750][ T5311]  ? ktime_get_with_offset+0x8c/0x2a0
[   84.059760][ T5311]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[   84.059769][ T5311]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   84.059782][ T5311]  ? bpf_obj_name_cpy+0x194/0x1e0
[   84.059796][ T5311]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[   84.059809][ T5311]  ? security_bpf_prog_load+0x7f/0x310
[   84.059820][ T5311]  bpf_prog_load+0x1318/0x1930
[   84.059834][ T5311]  ? __pfx_bpf_prog_load+0x10/0x10
[   84.059851][ T5311]  ? bpf_lsm_bpf+0x9/0x20
[   84.059863][ T5311]  ? security_bpf+0x7e/0x300
[   84.059871][ T5311]  __sys_bpf+0x5f1/0x860
[   84.059882][ T5311]  ? __pfx___sys_bpf+0x10/0x10
[   84.059892][ T5311]  ? rcu_is_watching+0x15/0xb0
[   84.059910][ T5311]  ? rcu_is_watching+0x15/0xb0
[   84.059932][ T5311]  __x64_sys_bpf+0x7c/0x90
[   84.059942][ T5311]  do_syscall_64+0xf6/0x210
[   84.059954][ T5311]  ? clear_bhb_loop+0x45/0xa0
[   84.059966][ T5311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.059977][ T5311] RIP: 0033:0x7f4af378e969
[   84.059989][ T5311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.059997][ T5311] RSP: 002b:00007f4af4613038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   84.060009][ T5311] RAX: ffffffffffffffda RBX: 00007f4af39b6080 RCX: 00007f4af378e969
[   84.060017][ T5311] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[   84.060024][ T5311] RBP: 00007f4af3810ab1 R08: 0000000000000000 R09: 0000000000000000
[   84.060030][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.060036][ T5311] R13: 0000000000000000 R14: 00007f4af39b6080 R15: 00007fff0b31a588
[   84.060046][ T5311]  </TASK>
[   84.060050][ T5311] 
[   84.060058][ T5311] The buggy address belongs to the virtual mapping at
[   84.060058][ T5311]  [ffffc9000d655000, ffffc9000d6d7000) created by:
[   84.060058][ T5311]  kvrealloc_noprof+0x82/0xe0
[   84.060076][ T5311] 
[   84.060079][ T5311] The buggy address belongs to the physical page:
[   84.060084][ T5311] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x604 pfn:0x44823
[   84.060094][ T5311] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   84.060109][ T5311] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   84.060117][ T5311] raw: 0000000000000604 0000000000000000 00000001ffffffff 0000000000000000
[   84.060123][ T5311] page dumped because: kasan: bad access detected
[   84.060129][ T5311] page_owner tracks the page as allocated
[   84.060133][ T5311] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 5311, tgid 5309 (syz.0.0), ts 84058719520, free_ts 83358948428
[   84.060169][ T5311]  post_alloc_hook+0x1d8/0x230
[   84.060182][ T5311]  get_page_from_freelist+0x21ce/0x22b0
[   84.060197][ T5311]  __alloc_pages_slowpath+0x2fe/0xcc0
[   84.060210][ T5311]  __alloc_frozen_pages_noprof+0x319/0x370
[   84.060224][ T5311]  alloc_pages_mpol+0x232/0x4a0
[   84.060236][ T5311]  alloc_pages_noprof+0xa9/0x190
[   84.060247][ T5311]  __vmalloc_node_range_noprof+0x8fe/0x12c0
[   84.060260][ T5311]  __kvmalloc_node_noprof+0x3a0/0x5e0
[   84.060271][ T5311]  kvrealloc_noprof+0x82/0xe0
[   84.060282][ T5311]  push_insn_history+0x184/0x650
[   84.060294][ T5311]  do_check+0x597/0xd630
[   84.060304][ T5311]  do_check_common+0x168d/0x20b0
[   84.060315][ T5311]  bpf_check+0x13679/0x19a70
[   84.060324][ T5311]  bpf_prog_load+0x1318/0x1930
[   84.060336][ T5311]  __sys_bpf+0x5f1/0x860
[   84.060346][ T5311]  __x64_sys_bpf+0x7c/0x90
[   84.060352][ T5311] page last free pid 5311 tgid 5309 stack trace:
[   84.060356][ T5311]  free_unref_folios+0xb81/0x14a0
[   84.060363][ T5311]  shrink_folio_list+0x3053/0x4e90
[   84.060370][ T5311]  evict_folios+0x417b/0x5110
[   84.060380][ T5311]  try_to_shrink_lruvec+0x705/0x990
[   84.060388][ T5311]  shrink_one+0x21b/0x7c0
[   84.060394][ T5311]  shrink_node+0x3139/0x3750
[   84.060406][ T5311]  do_try_to_free_pages+0x668/0x1960
[   84.060417][ T5311]  try_to_free_pages+0x8a2/0xdd0
[   84.060427][ T5311]  __alloc_pages_direct_reclaim+0x144/0x300
[   84.060438][ T5311]  __alloc_pages_slowpath+0x5d6/0xcc0
[   84.060452][ T5311]  __alloc_frozen_pages_noprof+0x319/0x370
[   84.060464][ T5311]  alloc_pages_mpol+0x232/0x4a0
[   84.060475][ T5311]  allocate_slab+0xe2/0x3b0
[   84.060484][ T5311]  ___slab_alloc+0xbfc/0x1480
[   84.060495][ T5311]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[   84.060506][ T5311]  krealloc_noprof+0x122/0x330
[   84.060517][ T5311] 
[   84.060520][ T5311] Memory state around the buggy address:
[   84.060526][ T5311]  ffffc9000d6d4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   84.060532][ T5311]  ffffc9000d6d4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   84.060540][ T5311] >ffffc9000d6d5000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   84.060545][ T5311]                                ^
[   84.060551][ T5311]  ffffc9000d6d5080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   84.060558][ T5311]  ffffc9000d6d5100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   84.060563][ T5311] ==================================================================
[   84.073490][ T5311] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   84.073507][ T5311] CPU: 0 UID: 0 PID: 5311 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00052-g4f79eaa2ceac #0 PREEMPT(full) 
[   84.073551][ T5311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.073561][ T5311] Call Trace:
[   84.073566][ T5311]  <TASK>
[   84.073572][ T5311]  dump_stack_lvl+0x99/0x250
[   84.073593][ T5311]  ? __asan_memcpy+0x40/0x70
[   84.073604][ T5311]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.073617][ T5311]  ? __pfx__printk+0x10/0x10
[   84.073630][ T5311]  panic+0x2db/0x790
[   84.073646][ T5311]  ? __pfx_panic+0x10/0x10
[   84.073659][ T5311]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   84.073671][ T5311]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   84.073681][ T5311]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   84.073690][ T5311]  ? print_memory_metadata+0x314/0x400
[   84.073703][ T5311]  ? vrealloc_noprof+0x396/0x430
[   84.073717][ T5311]  check_panic_on_warn+0x89/0xb0
[   84.073731][ T5311]  ? vrealloc_noprof+0x396/0x430
[   84.073744][ T5311]  end_report+0x78/0x160
[   84.073756][ T5311]  kasan_report+0x129/0x150
[   84.073769][ T5311]  ? vrealloc_noprof+0x396/0x430
[   84.073784][ T5311]  kasan_check_range+0x29a/0x2b0
[   84.073796][ T5311]  __asan_memset+0x22/0x50
[   84.073805][ T5311]  vrealloc_noprof+0x396/0x430
[   84.073819][ T5311]  push_insn_history+0x184/0x650
[   84.073834][ T5311]  do_check+0x597/0xd630
[   84.073861][ T5311]  ? __pfx_do_check+0x10/0x10
[   84.073872][ T5311]  ? __asan_memset+0x22/0x50
[   84.073881][ T5311]  ? init_func_state+0x1ddf/0x2d20
[   84.073896][ T5311]  do_check_common+0x168d/0x20b0
[   84.073911][ T5311]  bpf_check+0x13679/0x19a70
[   84.073934][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.073950][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.073966][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.073981][ T5311]  ? do_raw_spin_lock+0x121/0x290
[   84.073996][ T5311]  ? __pfx_bpf_check+0x10/0x10
[   84.074007][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.074021][ T5311]  ? cgroup_rstat_updated+0x144/0xb50
[   84.074037][ T5311]  ? __pfx_cgroup_rstat_updated+0x10/0x10
[   84.074050][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.074066][ T5311]  ? __lock_acquire+0xaac/0xd20
[   84.074080][ T5311]  ? ktime_get_with_offset+0x8c/0x2a0
[   84.074095][ T5311]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[   84.074106][ T5311]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.074118][ T5311]  ? ktime_get_with_offset+0x8c/0x2a0
[   84.074128][ T5311]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[   84.074139][ T5311]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   84.074153][ T5311]  ? bpf_obj_name_cpy+0x194/0x1e0
[   84.074167][ T5311]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[   84.074183][ T5311]  ? security_bpf_prog_load+0x7f/0x310
[   84.074194][ T5311]  bpf_prog_load+0x1318/0x1930
[   84.074209][ T5311]  ? __pfx_bpf_prog_load+0x10/0x10
[   84.074226][ T5311]  ? bpf_lsm_bpf+0x9/0x20
[   84.074238][ T5311]  ? security_bpf+0x7e/0x300
[   84.074248][ T5311]  __sys_bpf+0x5f1/0x860
[   84.074260][ T5311]  ? __pfx___sys_bpf+0x10/0x10
[   84.074271][ T5311]  ? rcu_is_watching+0x15/0xb0
[   84.074287][ T5311]  ? rcu_is_watching+0x15/0xb0
[   84.074304][ T5311]  __x64_sys_bpf+0x7c/0x90
[   84.074316][ T5311]  do_syscall_64+0xf6/0x210
[   84.074330][ T5311]  ? clear_bhb_loop+0x45/0xa0
[   84.074344][ T5311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.074354][ T5311] RIP: 0033:0x7f4af378e969
[   84.074366][ T5311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.074375][ T5311] RSP: 002b:00007f4af4613038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   84.074388][ T5311] RAX: ffffffffffffffda RBX: 00007f4af39b6080 RCX: 00007f4af378e969
[   84.074395][ T5311] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[   84.074402][ T5311] RBP: 00007f4af3810ab1 R08: 0000000000000000 R09: 0000000000000000
[   84.074409][ T5311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.074416][ T5311] R13: 0000000000000000 R14: 00007f4af39b6080 R15: 00007fff0b31a588
[   84.074427][ T5311]  </TASK>
[   84.074758][ T5311] Kernel Offset: disabled