syzbot

IPVS: ftp: loaded support on port[0] = 21
Bluetooth: hci0: command 0x0409 tx timeout
Bluetooth: hci0: command 0x041b tx timeout
Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
==================================================================
BUG: KASAN: global-out-of-bounds in detach_capi_ctr+0xaf/0x120 drivers/isdn/capi/kcapi.c:568
Read of size 8 at addr ffffffff8dd14538 by task kcmtpd_ctr_0/8130

CPU: 0 PID: 8130 Comm: kcmtpd_ctr_0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_address_description.cold+0x5/0x219 mm/kasan/report.c:256
 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354
 kasan_report mm/kasan/report.c:412 [inline]
 __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433
 detach_capi_ctr+0xaf/0x120 drivers/isdn/capi/kcapi.c:568
 cmtp_session+0x162e/0x19e0 net/bluetooth/cmtp/core.c:316
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

The buggy address belongs to the variable:
 capi_applications+0x798/0x7a0

Memory state around the buggy address:
 ffffffff8dd14400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff8dd14480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff8dd14500: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
                                        ^
 ffffffff8dd14580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff8dd14600: 00 00 00 00 00 00 00 00 fa fa fa fa 00 fa fa fa
==================================================================