program:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
fstat(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setresuid(r3, r3, r3)
kcmp(r1, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r4 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000040)='source', &(0x7f0000000f80)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9bMQ9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
r5 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x67, 0x2, 0x0, 0x0, 0x0, 0x8135, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000003, 0x1, @perf_config_ext={0xfffffffffffffffc, 0x3}, 0x10460, 0x1, 0xfffffffd, 0x6, 0x2, 0xfffffffd, 0x25a, 0x0, 0x0, 0x0, 0x409}, 0x0, 0x0, 0xffffffffffffffff, 0xb)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r5, 0x2405, r5)
syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)

[  100.319874][ T5302] Bluetooth: hci0: command tx timeout
[  100.686153][ T5325] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  100.983156][ T5324] CIFS: VFS: Malformed UNC in devname
[  101.696946][ T5011] ==================================================================
[  101.702243][ T5011] BUG: KASAN: slab-use-after-free in bpf_trace_run2+0x2c4/0x840
[  101.707843][ T5011] Read of size 8 at addr ffff888037845b80 by task dhcpcd/5011
[  101.712437][ T5011] 
[  101.714009][ T5011] CPU: 0 UID: 101 PID: 5011 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) 
[  101.714036][ T5011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  101.714046][ T5011] Call Trace:
[  101.714064][ T5011]  <TASK>
[  101.714074][ T5011]  dump_stack_lvl+0xe8/0x150
[  101.714104][ T5011]  print_report+0xba/0x230
[  101.714127][ T5011]  ? bpf_trace_run2+0x2c4/0x840
[  101.714146][ T5011]  kasan_report+0x117/0x150
[  101.714162][ T5011]  ? bpf_trace_run2+0x2c4/0x840
[  101.714179][ T5011]  bpf_trace_run2+0x2c4/0x840
[  101.714209][ T5011]  ? __queue_work+0x1a1/0x1020
[  101.714229][ T5011]  ? bpf_trace_run2+0x1c9/0x840
[  101.714241][ T5011]  ? __pfx_bpf_trace_run2+0x10/0x10
[  101.714259][ T5011]  ? seccomp_filter_release+0x22b/0x2d0
[  101.714278][ T5011]  ? seccomp_filter_release+0x22b/0x2d0
[  101.714287][ T5011]  ? seccomp_filter_release+0x22b/0x2d0
[  101.714299][ T5011]  kfree+0x5b2/0x630
[  101.714316][ T5011]  ? queue_work_on+0x159/0x1d0
[  101.714330][ T5011]  seccomp_filter_release+0x22b/0x2d0
[  101.714343][ T5011]  do_exit+0x3b0/0x23c0
[  101.714358][ T5011]  ? __pfx_do_exit+0x10/0x10
[  101.714368][ T5011]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.714384][ T5011]  do_group_exit+0x21b/0x2d0
[  101.714394][ T5011]  ? _raw_spin_unlock_irq+0x23/0x50
[  101.714513][ T5011]  get_signal+0x1284/0x1330
[  101.714535][ T5011]  arch_do_signal_or_restart+0xbc/0x830
[  101.714554][ T5011]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  101.714572][ T5011]  exit_to_user_mode_loop+0x86/0x480
[  101.714586][ T5011]  ? rcu_is_watching+0x15/0xb0
[  101.714607][ T5011]  do_syscall_64+0x32d/0xf80
[  101.714620][ T5011]  ? trace_irq_disable+0x3b/0x150
[  101.714637][ T5011]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.714651][ T5011]  ? clear_bhb_loop+0x40/0x90
[  101.714663][ T5011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.714675][ T5011] RIP: 0033:0x7f7e0a2b76c7
[  101.714691][ T5011] Code: 4d 85 ed 74 e0 4d 85 e4 74 0b 48 89 ef 41 ff d4 4c 89 ee eb da 48 89 f7 e8 e6 1c f3 ff eb f1 0f 1f 40 00 b8 0c 00 00 00 0f 05 <48> 8b 15 6a a7 0d 00 48 89 02 48 39 f8 72 0a 31 c0 c3 0f 1f 80 00
[  101.714702][ T5011] RSP: 002b:00007ffd6bf6bc58 EFLAGS: 00000206 ORIG_RAX: 000000000000000c
[  101.714720][ T5011] RAX: 000055dc24b61000 RBX: fffffffffffdf000 RCX: 00007f7e0a2b76c7
[  101.714729][ T5011] RDX: fffffffffffff000 RSI: 0000000000000120 RDI: 000055dc24b61000
[  101.714736][ T5011] RBP: 000055dc24b82000 R08: 000000000000fe90 R09: 0000000000000000
[  101.714741][ T5011] R10: 0000000000000120 R11: 0000000000000206 R12: 00007f7e0a399e50
[  101.714748][ T5011] R13: 0000000000000009 R14: 0000000000001081 R15: 00007f7e0a392ac0
[  101.714758][ T5011]  </TASK>
[  101.714762][ T5011] 
[  102.049364][ T5011] Allocated by task 5324:
[  102.051545][ T5011]  kasan_save_track+0x3e/0x80
[  102.067390][ T5011]  __kasan_kmalloc+0x93/0xb0
[  102.078162][ T5011]  __kmalloc_cache_noprof+0x31c/0x660
[  102.086673][ T5011]  bpf_raw_tp_link_attach+0x278/0x700
[  102.094974][ T5011]  bpf_raw_tracepoint_open+0x1b2/0x220
[  102.100865][ T5011]  __sys_bpf+0x846/0x950
[  102.109393][ T5011]  __x64_sys_bpf+0x7c/0x90
[  102.113037][ T5011]  do_syscall_64+0x14d/0xf80
[  102.123423][ T5011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.127864][ T5011] 
[  102.133173][ T5011] Freed by task 5297:
[  102.136263][ T5011]  kasan_save_track+0x3e/0x80
[  102.146495][ T5011]  kasan_save_free_info+0x46/0x50
[  102.152197][ T5011]  __kasan_slab_free+0x5c/0x80
[  102.160409][ T5011]  kfree+0x1c1/0x630
[  102.170799][ T5011]  rcu_core+0x7cd/0x1070
[  102.176119][ T5011]  handle_softirqs+0x22a/0x870
[  102.178654][ T5011]  __irq_exit_rcu+0x5f/0x150
[  102.191497][ T5011]  irq_exit_rcu+0x9/0x30
[  102.198319][ T5011]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  102.207296][ T5011]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  102.211439][ T5011] 
[  102.212714][ T5011] Last potentially related work creation:
[  102.215583][ T5011]  kasan_save_stack+0x3e/0x60
[  102.217989][ T5011]  kasan_record_aux_stack+0xbd/0xd0
[  102.234737][ T5011]  call_rcu+0xee/0x890
[  102.242054][ T5011]  bpf_link_release+0x6b/0x80
[  102.249243][ T5011]  __fput+0x44f/0xa70
[  102.254684][ T5011]  task_work_run+0x1d9/0x270
[  102.257339][ T5011]  exit_to_user_mode_loop+0xed/0x480
[  102.270716][ T5011]  do_syscall_64+0x32d/0xf80
[  102.273651][ T5011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.282604][ T5011] 
[  102.284352][ T5011] The buggy address belongs to the object at ffff888037845b00
[  102.284352][ T5011]  which belongs to the cache kmalloc-192 of size 192
[  102.298672][ T5011] The buggy address is located 128 bytes inside of
[  102.298672][ T5011]  freed 192-byte region [ffff888037845b00, ffff888037845bc0)
[  102.309773][ T5011] 
[  102.314557][ T5011] The buggy address belongs to the physical page:
[  102.320629][ T5011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x37845
[  102.328553][ T5011] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  102.333451][ T5011] page_type: f5(slab)
[  102.335258][ T5011] raw: 04fff00000000000 ffff88801ac413c0 dead000000000100 dead000000000122
[  102.338691][ T5011] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[  102.345926][ T5011] page dumped because: kasan: bad access detected
[  102.358848][ T5011] page_owner tracks the page as allocated
[  102.362236][ T5011] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17583435555, free_ts 17571943879
[  102.385407][ T5011]  post_alloc_hook+0x231/0x280
[  102.388089][ T5011]  get_page_from_freelist+0x24dc/0x2580
[  102.400455][ T5011]  __alloc_frozen_pages_noprof+0x18d/0x380
[  102.404122][ T5011]  allocate_slab+0x77/0x660
[  102.415149][ T5011]  refill_objects+0x331/0x3c0
[  102.417962][ T5011]  __pcs_replace_empty_main+0x2e6/0x730
[  102.426290][ T5011]  __kmalloc_cache_noprof+0x392/0x660
[  102.429214][ T5011]  call_usermodehelper_setup+0x8e/0x270
[  102.435708][ T5011]  kobject_uevent_env+0x658/0x9e0
[  102.447064][ T5011]  driver_register+0x2d4/0x320
[  102.452943][ T5011]  usb_register_driver+0x1e4/0x390
[  102.455441][ T5011]  do_one_initcall+0x250/0x8d0
[  102.457700][ T5011]  do_initcall_level+0x104/0x190
[  102.459797][ T5011]  do_initcalls+0x59/0xa0
[  102.461467][ T5011]  kernel_init_freeable+0x2a6/0x3e0
[  102.463804][ T5011]  kernel_init+0x1d/0x1d0
[  102.466252][ T5011] page last free pid 70 tgid 70 stack trace:
[  102.469424][ T5011]  __free_frozen_pages+0xc2b/0xdb0
[  102.471777][ T5011]  __kasan_populate_vmalloc+0x137/0x1d0
[  102.473966][ T5011]  alloc_vmap_area+0xd73/0x14b0
[  102.476174][ T5011]  __get_vm_area_node+0x1f8/0x300
[  102.479099][ T5011]  __vmalloc_node_range_noprof+0x372/0x1730
[  102.483017][ T5011]  __vmalloc_node_noprof+0xc2/0x100
[  102.485811][ T5011]  dup_task_struct+0x275/0x9a0
[  102.488574][ T5011]  copy_process+0x508/0x3cd0
[  102.491538][ T5011]  kernel_clone+0x248/0x8e0
[  102.494472][ T5011]  user_mode_thread+0x110/0x180
[  102.499086][ T5011]  call_usermodehelper_exec_work+0x5c/0x230
[  102.503821][ T5011]  process_scheduled_works+0xb6e/0x18c0
[  102.507674][ T5011]  worker_thread+0xa53/0xfc0
[  102.520313][ T5011]  kthread+0x388/0x470
[  102.522382][ T5011]  ret_from_fork+0x51e/0xb90
[  102.524447][ T5011]  ret_from_fork_asm+0x1a/0x30
[  102.526495][ T5011] 
[  102.527616][ T5011] Memory state around the buggy address:
[  102.543563][ T5011]  ffff888037845a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  102.552221][ T5011]  ffff888037845b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.555817][ T5011] >ffff888037845b80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  102.568999][ T5011]                    ^
[  102.574420][ T5011]  ffff888037845c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.588959][ T5011]  ffff888037845c80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.593648][ T5011] ==================================================================
[  102.676389][ T5302] Bluetooth: hci0: command tx timeout
[  102.701230][ T5011] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.714021][ T5011] CPU: 0 UID: 101 PID: 5011 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) 
[  102.732650][ T5011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.739246][ T5011] Call Trace:
[  102.744124][ T5011]  <TASK>
[  102.750072][ T5011]  vpanic+0x56c/0xa60
[  102.753246][ T5011]  ? __pfx_vpanic+0x10/0x10
[  102.756045][ T5011]  panic+0xc5/0xd0
[  102.758227][ T5011]  ? __pfx_panic+0x10/0x10
[  102.770856][ T5011]  ? preempt_schedule_thunk+0x16/0x30
[  102.773262][ T5011]  ? bpf_trace_run2+0x2c4/0x840
[  102.785185][ T5011]  ? preempt_schedule_thunk+0x16/0x30
[  102.791235][ T5011]  ? bpf_trace_run2+0x2c4/0x840
[  102.793614][ T5011]  check_panic_on_warn+0x89/0xb0
[  102.806085][ T5011]  ? bpf_trace_run2+0x2c4/0x840
[  102.808246][ T5011]  end_report+0x73/0x180
[  102.816325][ T5011]  ? bpf_trace_run2+0x2c4/0x840
[  102.818579][ T5011]  kasan_report+0x128/0x150
[  102.827041][ T5011]  ? bpf_trace_run2+0x2c4/0x840
[  102.829456][ T5011]  bpf_trace_run2+0x2c4/0x840
[  102.831595][ T5011]  ? __queue_work+0x1a1/0x1020
[  102.834052][ T5011]  ? bpf_trace_run2+0x1c9/0x840
[  102.838969][ T5011]  ? __pfx_bpf_trace_run2+0x10/0x10
[  102.841384][ T5011]  ? seccomp_filter_release+0x22b/0x2d0
[  102.843920][ T5011]  ? seccomp_filter_release+0x22b/0x2d0
[  102.848535][ T5011]  ? seccomp_filter_release+0x22b/0x2d0
[  102.865079][ T5011]  kfree+0x5b2/0x630
[  102.867294][ T5011]  ? queue_work_on+0x159/0x1d0
[  102.870170][ T5011]  seccomp_filter_release+0x22b/0x2d0
[  102.872647][ T5011]  do_exit+0x3b0/0x23c0
[  102.884749][ T5011]  ? __pfx_do_exit+0x10/0x10
[  102.886713][ T5011]  ? do_raw_spin_lock+0x12b/0x2f0
[  102.888735][ T5011]  do_group_exit+0x21b/0x2d0
[  102.896798][ T5011]  ? _raw_spin_unlock_irq+0x23/0x50
[  102.899135][ T5011]  get_signal+0x1284/0x1330
[  102.903543][ T5011]  arch_do_signal_or_restart+0xbc/0x830
[  102.906370][ T5011]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  102.908953][ T5011]  exit_to_user_mode_loop+0x86/0x480
[  102.919508][ T5011]  ? rcu_is_watching+0x15/0xb0
[  102.921487][ T5011]  do_syscall_64+0x32d/0xf80
[  102.930076][ T5011]  ? trace_irq_disable+0x3b/0x150
[  102.932399][ T5011]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.951212][ T5011]  ? clear_bhb_loop+0x40/0x90
[  102.955975][ T5011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.958661][ T5011] RIP: 0033:0x7f7e0a2b76c7
[  102.961890][ T5011] Code: 4d 85 ed 74 e0 4d 85 e4 74 0b 48 89 ef 41 ff d4 4c 89 ee eb da 48 89 f7 e8 e6 1c f3 ff eb f1 0f 1f 40 00 b8 0c 00 00 00 0f 05 <48> 8b 15 6a a7 0d 00 48 89 02 48 39 f8 72 0a 31 c0 c3 0f 1f 80 00
[  102.971760][ T5011] RSP: 002b:00007ffd6bf6bc58 EFLAGS: 00000206 ORIG_RAX: 000000000000000c
[  102.976911][ T5011] RAX: 000055dc24b61000 RBX: fffffffffffdf000 RCX: 00007f7e0a2b76c7
[  102.985230][ T5011] RDX: fffffffffffff000 RSI: 0000000000000120 RDI: 000055dc24b61000
[  102.988810][ T5011] RBP: 000055dc24b82000 R08: 000000000000fe90 R09: 0000000000000000
[  103.003233][ T5011] R10: 0000000000000120 R11: 0000000000000206 R12: 00007f7e0a399e50
[  103.012138][ T5011] R13: 0000000000000009 R14: 0000000000001081 R15: 00007f7e0a392ac0
[  103.016897][ T5011]  </TASK>
[  103.019867][ T5011] Kernel Offset: disabled
[  103.023946][ T5011] Rebooting in 86400 seconds..