program:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000002c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffd34}}]}}, 0x0)

[  100.707146][ T4669] Bluetooth: hci0: command tx timeout
[  100.988463][ T5168] ==================================================================
[  100.992113][ T5168] BUG: KASAN: vmalloc-out-of-bounds in bpf_trace_run2+0x28c/0x840
[  100.995627][ T5168] Read of size 8 at addr ffffc900014df040 by task dhcpcd/5168
[  100.998981][ T5168] 
[  101.000145][ T5168] CPU: 0 UID: 101 PID: 5168 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) 
[  101.000165][ T5168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.000172][ T5168] Call Trace:
[  101.000182][ T5168]  <TASK>
[  101.000188][ T5168]  dump_stack_lvl+0xe8/0x150
[  101.000209][ T5168]  print_report+0xba/0x230
[  101.000223][ T5168]  ? bpf_trace_run2+0x28c/0x840
[  101.000240][ T5168]  kasan_report+0x117/0x150
[  101.000252][ T5168]  ? bpf_trace_run2+0x28c/0x840
[  101.000267][ T5168]  bpf_trace_run2+0x28c/0x840
[  101.000282][ T5168]  ? __queue_work+0x1a1/0x1020
[  101.000297][ T5168]  ? bpf_trace_run2+0x1c9/0x840
[  101.000310][ T5168]  ? __pfx_bpf_trace_run2+0x10/0x10
[  101.000324][ T5168]  ? seccomp_filter_release+0x22b/0x2d0
[  101.000336][ T5168]  ? seccomp_filter_release+0x22b/0x2d0
[  101.000346][ T5168]  ? seccomp_filter_release+0x22b/0x2d0
[  101.000357][ T5168]  kfree+0x5b2/0x630
[  101.000370][ T5168]  ? queue_work_on+0x159/0x1d0
[  101.000442][ T5168]  seccomp_filter_release+0x22b/0x2d0
[  101.000457][ T5168]  do_exit+0x3b0/0x23c0
[  101.000472][ T5168]  ? __pfx_do_exit+0x10/0x10
[  101.000480][ T5168]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.000492][ T5168]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.000507][ T5168]  do_group_exit+0x21b/0x2d0
[  101.000517][ T5168]  ? _raw_spin_unlock_irq+0x23/0x50
[  101.000597][ T5168]  get_signal+0x1284/0x1330
[  101.000617][ T5168]  arch_do_signal_or_restart+0xbc/0x830
[  101.000631][ T5168]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  101.000645][ T5168]  exit_to_user_mode_loop+0x86/0x480
[  101.000657][ T5168]  ? rcu_is_watching+0x15/0xb0
[  101.000674][ T5168]  do_syscall_64+0x32d/0xf80
[  101.000690][ T5168]  ? trace_irq_disable+0x3b/0x150
[  101.000750][ T5168]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.000766][ T5168]  ? clear_bhb_loop+0x40/0x90
[  101.000776][ T5168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.000784][ T5168] RIP: 0033:0x7fc3b2a3d407
[  101.000822][ T5168] Code: Unable to access opcode bytes at 0x7fc3b2a3d3dd.
[  101.000826][ T5168] RSP: 002b:00007fffd7cf13a0 EFLAGS: 00000202 ORIG_RAX: 000000000000010f
[  101.000836][ T5168] RAX: 0000000000000001 RBX: 00007fc3b29b3780 RCX: 00007fc3b2a3d407
[  101.000841][ T5168] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000056429d0e8380
[  101.000845][ T5168] RBP: 00007fffd7cf16e0 R08: 0000000000000008 R09: 0000000000000000
[  101.000850][ T5168] R10: 00007fffd7cf16e0 R11: 0000000000000202 R12: 00005642965755e0
[  101.000854][ T5168] R13: 000056429d0dbd40 R14: 0000000000000000 R15: 00007fffd7cf1490
[  101.000870][ T5168]  </TASK>
[  101.000874][ T5168] 
[  101.119863][ T5168] The buggy address belongs to a vmalloc virtual mapping
[  101.123021][ T5168] Memory state around the buggy address:
[  101.125592][ T5168]  ffffc900014def00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  101.129456][ T5168]  ffffc900014def80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  101.133695][ T5168] >ffffc900014df000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  101.137860][ T5168]                                            ^
[  101.140988][ T5168]  ffffc900014df080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  101.144473][ T5168]  ffffc900014df100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  101.147957][ T5168] ==================================================================
[  101.202108][ T5168] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.206343][ T5168] CPU: 0 UID: 101 PID: 5168 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) 
[  101.211282][ T5168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.216177][ T5168] Call Trace:
[  101.217690][ T5168]  <TASK>
[  101.219084][ T5168]  vpanic+0x56c/0xa60
[  101.221195][ T5168]  ? __pfx_vpanic+0x10/0x10
[  101.223950][ T5168]  panic+0xc5/0xd0
[  101.226503][ T5168]  ? __pfx_panic+0x10/0x10
[  101.228957][ T5168]  ? preempt_schedule_thunk+0x16/0x30
[  101.231306][ T5168]  ? bpf_trace_run2+0x28c/0x840
[  101.233710][ T5168]  ? preempt_schedule_thunk+0x16/0x30
[  101.236202][ T5168]  ? bpf_trace_run2+0x28c/0x840
[  101.238620][ T5168]  check_panic_on_warn+0x89/0xb0
[  101.240895][ T5168]  ? bpf_trace_run2+0x28c/0x840
[  101.243718][ T5168]  end_report+0x73/0x180
[  101.246878][ T5168]  ? bpf_trace_run2+0x28c/0x840
[  101.249591][ T5168]  kasan_report+0x128/0x150
[  101.251990][ T5168]  ? bpf_trace_run2+0x28c/0x840
[  101.254426][ T5168]  bpf_trace_run2+0x28c/0x840
[  101.256500][ T5168]  ? __queue_work+0x1a1/0x1020
[  101.258898][ T5168]  ? bpf_trace_run2+0x1c9/0x840
[  101.261569][ T5168]  ? __pfx_bpf_trace_run2+0x10/0x10
[  101.264656][ T5168]  ? seccomp_filter_release+0x22b/0x2d0
[  101.267979][ T5168]  ? seccomp_filter_release+0x22b/0x2d0
[  101.270625][ T5168]  ? seccomp_filter_release+0x22b/0x2d0
[  101.273619][ T5168]  kfree+0x5b2/0x630
[  101.275567][ T5168]  ? queue_work_on+0x159/0x1d0
[  101.277913][ T5168]  seccomp_filter_release+0x22b/0x2d0
[  101.280112][ T5168]  do_exit+0x3b0/0x23c0
[  101.281714][ T5168]  ? __pfx_do_exit+0x10/0x10
[  101.283610][ T5168]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.286177][ T5168]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.289419][ T5168]  do_group_exit+0x21b/0x2d0
[  101.291830][ T5168]  ? _raw_spin_unlock_irq+0x23/0x50
[  101.294310][ T5168]  get_signal+0x1284/0x1330
[  101.296368][ T5168]  arch_do_signal_or_restart+0xbc/0x830
[  101.298796][ T5168]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  101.301795][ T5168]  exit_to_user_mode_loop+0x86/0x480
[  101.304322][ T5168]  ? rcu_is_watching+0x15/0xb0
[  101.307011][ T5168]  do_syscall_64+0x32d/0xf80
[  101.309514][ T5168]  ? trace_irq_disable+0x3b/0x150
[  101.311850][ T5168]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.314633][ T5168]  ? clear_bhb_loop+0x40/0x90
[  101.316843][ T5168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.319774][ T5168] RIP: 0033:0x7fc3b2a3d407
[  101.321978][ T5168] Code: Unable to access opcode bytes at 0x7fc3b2a3d3dd.
[  101.325858][ T5168] RSP: 002b:00007fffd7cf13a0 EFLAGS: 00000202 ORIG_RAX: 000000000000010f
[  101.329757][ T5168] RAX: 0000000000000001 RBX: 00007fc3b29b3780 RCX: 00007fc3b2a3d407
[  101.333514][ T5168] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000056429d0e8380
[  101.337346][ T5168] RBP: 00007fffd7cf16e0 R08: 0000000000000008 R09: 0000000000000000
[  101.342133][ T5168] R10: 00007fffd7cf16e0 R11: 0000000000000202 R12: 00005642965755e0
[  101.346095][ T5168] R13: 000056429d0dbd40 R14: 0000000000000000 R15: 00007fffd7cf1490
[  101.349756][ T5168]  </TASK>
[  101.351580][ T5168] Kernel Offset: disabled
[  101.353675][ T5168] Rebooting in 86400 seconds..