program: read$snapshot(0xffffffffffffffff, &(0x7f0000000000)=""/183, 0xb7) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000100)={0x2020}, 0x2020) r1 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000002140)={'filter\x00', 0x0, [0x3000, 0x0, 0x7fff, 0x80, 0xf]}, &(0x7f00000021c0)=0x54) ioctl$sock_inet_SIOCGIFPFLAGS(r1, 0x8935, &(0x7f0000002200)={'pim6reg0\x00'}) r2 = syz_open_dev$audion(&(0x7f0000002240), 0x3, 0x111100) ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0xcd) ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000002280)) r3 = open$dir(&(0x7f00000022c0)='./file0\x00', 0x4000, 0x0) name_to_handle_at(r3, &(0x7f0000002300)='./file0\x00', &(0x7f0000002340)=@fuse_with_parent={0x18, 0x82, {{0x3ff, 0x5, 0x5}, {0x7, 0x5, 0x2}}}, &(0x7f0000002380), 0x200) write$P9_RLERRORu(r2, &(0x7f00000023c0)={0x19, 0x7, 0x1, {{0xc, '/dev/audio#\x00'}, 0x3}}, 0x19) sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f00000024c0)={&(0x7f0000002400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000002480)={&(0x7f0000002440)={0x34, 0x4, 0xa, 0x300, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x24008804}, 0x40000) getsockname$l2tp(r1, &(0x7f0000002500)={0x2, 0x0, @empty}, &(0x7f0000002540)=0x10) syz_emit_vhci(&(0x7f0000002580)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1e}, @l2cap_cid_le_signaling={{0x1a}, @l2cap_ecred_conn_req={{0x17, 0x4f, 0x16}, {0xfff9, 0x7, 0x4, 0x80, [0x40, 0x5, 0x4, 0x19dd, 0x7, 0xff, 0x6]}}}}, 0x23) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f00000025c0)={0x7fffffff, "d7be52393d0d7e86f0f0de15fe4df2967344561f7b4b162120d6a5d293c0807e", 0x2, 0x800, 0xb, 0x4, 0x1, 0x2, 0x4, 0xb656}) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000002640)={r2, 0x2, 0x6, "787a755f9e5521f15caa6fd695362b56d50108656ec548f5ceafabf37830ff15c098d893e758655535c694229f77267595a27ceaa428591db50f7cc320e257ab159fa55a9cc772d389ff2e2148d8ce5c42ab7b69f333ed1eca204cde0e5cc72935f886daecb6931a816eddd9db7bc3bba48f4bfe54910b11ac66a648981ff223"}) ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000002700)) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000002740), &(0x7f0000002780)=0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002840)={{r2, 0xffffffffffffffff}, &(0x7f00000027c0), &(0x7f0000002800)=r2}, 0x20) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000002a80)={'syztnl2\x00', &(0x7f0000002a00)={'syztnl0\x00', 0x0, 0x8, 0x8, 0x401, 0x2, {{0xc, 0x4, 0x0, 0x1, 0x30, 0x68, 0x0, 0x9, 0x4, 0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @lsrr={0x83, 0xb, 0x4f, [@empty, @multicast2]}, @ra={0x94, 0x4}, @end, @end, @noop, @rr={0x7, 0x7, 0x4c, [@empty]}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f0000002b80)={0x5, 0x9, &(0x7f0000002880)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xd}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x1}]}, &(0x7f0000002900)='GPL\x00', 0x3, 0xb3, &(0x7f0000002940)=""/179, 0x40f00, 0x83, '\x00', r5, @fallback=0x38, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r3, 0x7, &(0x7f0000002ac0)=[r0, r2, r2, 0xffffffffffffffff, r2], &(0x7f0000002b00)=[{0x5, 0x5, 0xf}, {0x0, 0x2, 0xd, 0x8}, {0x4, 0x5, 0x7, 0x1}, {0x2, 0x4, 0x5}, {0x2, 0x1, 0x7, 0xb}, {0x4, 0x3, 0xa, 0x9}, {0x3, 0x2, 0x0, 0x12}], 0x10, 0xfff}, 0x94) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000002c40)={0x0, @in6={{0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}}, 0xd, 0x2, 0x8, 0x1000, 0x41, 0x9, 0xfe}, &(0x7f0000002d00)=0x9c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000002d40)={r6, 0x4}, 0x8) munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r2, 0xc018937a, &(0x7f0000002d80)={{0x1, 0x1, 0x18, r4, {0xa}}, './file0\x00'}) close_range(r7, r0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000003080)={&(0x7f0000002dc0)={0x10, 0x0, 0x0, 0x24000000}, 0xc, &(0x7f0000003040)={&(0x7f0000002ec0)={0x180, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x20008050}, 0xc0) [ 101.927236][ T4664] Bluetooth: hci0: command tx timeout [ 102.050902][ T4664] ================================================================== [ 102.054982][ T4664] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90 [ 102.058805][ T4664] Read of size 22 at addr ffffc9000f597500 by task kworker/u5:1/4664 [ 102.062769][ T4664] [ 102.064083][ T4664] CPU: 0 UID: 0 PID: 4664 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 102.064105][ T4664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 102.064117][ T4664] Workqueue: hci0 hci_rx_work [ 102.064143][ T4664] Call Trace: [ 102.064153][ T4664] [ 102.064159][ T4664] dump_stack_lvl+0xe8/0x150 [ 102.064180][ T4664] print_report+0xba/0x230 [ 102.064226][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.064242][ T4664] kasan_report+0x117/0x150 [ 102.064252][ T4664] ? trace_kmem_cache_alloc+0x29/0xf0 [ 102.064268][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.064282][ T4664] kasan_check_range+0x264/0x2c0 [ 102.064291][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.064306][ T4664] __asan_memcpy+0x29/0x70 [ 102.064320][ T4664] l2cap_send_cmd+0x2a3/0xb90 [ 102.064338][ T4664] l2cap_recv_frame+0xc032/0x10240 [ 102.064351][ T4664] ? lock_release+0x4b/0x3d0 [ 102.064365][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.064381][ T4664] ? unwind_next_frame+0xa5/0x23c0 [ 102.064395][ T4664] ? rcu_is_watching+0x15/0xb0 [ 102.064408][ T4664] ? lock_release+0x4b/0x3d0 [ 102.064420][ T4664] ? unwind_next_frame+0x1aaf/0x23c0 [ 102.064436][ T4664] ? unwind_next_frame+0xa5/0x23c0 [ 102.064449][ T4664] ? unwind_next_frame+0x1aaf/0x23c0 [ 102.064464][ T4664] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 102.064475][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.064490][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.064504][ T4664] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 102.064516][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.064530][ T4664] ? stack_trace_save+0xa9/0x100 [ 102.064541][ T4664] ? __pfx_stack_trace_save+0x10/0x10 [ 102.064552][ T4664] ? check_path+0x21/0x40 [ 102.064567][ T4664] ? check_noncircular+0xda/0x150 [ 102.064580][ T4664] ? add_lock_to_list+0xc7/0x100 [ 102.064595][ T4664] ? lockdep_unlock+0x5d/0xd0 [ 102.064605][ T4664] ? __lock_acquire+0x146e/0x2cf0 [ 102.064621][ T4664] ? __mutex_trylock_common+0x158/0x260 [ 102.064638][ T4664] ? __pfx___mutex_trylock_common+0x10/0x10 [ 102.064653][ T4664] ? rcu_is_watching+0x15/0xb0 [ 102.064666][ T4664] ? trace_contention_end+0x3d/0x150 [ 102.064682][ T4664] ? __mutex_lock+0x319/0x1300 [ 102.064699][ T4664] ? l2cap_recv_acldata+0x2e3/0x13e0 [ 102.064710][ T4664] ? l2cap_recv_acldata+0x30b/0x13e0 [ 102.064720][ T4664] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 102.064733][ T4664] ? __pfx___mutex_lock+0x10/0x10 [ 102.064747][ T4664] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 102.064762][ T4664] ? l2cap_conn_hold_unless_zero+0x179/0x2b0 [ 102.064772][ T4664] ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10 [ 102.064784][ T4664] ? l2cap_recv_acldata+0x41/0x13e0 [ 102.064796][ T4664] l2cap_recv_acldata+0x7e9/0x13e0 [ 102.064808][ T4664] hci_rx_work+0x4f9/0x1030 [ 102.064825][ T4664] ? process_scheduled_works+0xa25/0x1830 [ 102.064839][ T4664] process_scheduled_works+0xb02/0x1830 [ 102.064854][ T4664] ? __pfx_process_scheduled_works+0x10/0x10 [ 102.064863][ T4664] ? assign_work+0x3d5/0x5e0 [ 102.064871][ T4664] worker_thread+0xa50/0xfc0 [ 102.064883][ T4664] kthread+0x388/0x470 [ 102.064891][ T4664] ? __pfx_worker_thread+0x10/0x10 [ 102.064899][ T4664] ? __pfx_kthread+0x10/0x10 [ 102.064905][ T4664] ret_from_fork+0x51e/0xb90 [ 102.064916][ T4664] ? __pfx_ret_from_fork+0x10/0x10 [ 102.064925][ T4664] ? __switch_to+0xc7d/0x1450 [ 102.064937][ T4664] ? __pfx_kthread+0x10/0x10 [ 102.064945][ T4664] ret_from_fork_asm+0x1a/0x30 [ 102.064965][ T4664] [ 102.064969][ T4664] [ 102.234850][ T4664] The buggy address belongs to stack of task kworker/u5:1/4664 [ 102.238581][ T4664] and is located at offset 128 in frame: [ 102.241243][ T4664] l2cap_recv_frame+0x0/0x10240 [ 102.243704][ T4664] [ 102.244975][ T4664] This frame has 26 objects: [ 102.247496][ T4664] [32, 34) 'rsp.i241.i.i' [ 102.247513][ T4664] [48, 88) 'chan.i.i.i' [ 102.249998][ T4664] [128, 146) 'pdu_u.i.i.i' [ 102.252075][ T4664] [192, 202) 'rsp.i94.i.i' [ 102.254431][ T4664] [224, 226) 'rsp.i.i.i111' [ 102.256675][ T4664] [240, 242) 'rej.i' [ 102.259211][ T4664] [256, 258) 'rej.i145.i' [ 102.261391][ T4664] [272, 274) 'rej.i143.i' [ 102.263573][ T4664] [288, 290) 'req.i229.i.i' [ 102.265612][ T4664] [304, 312) 'buf.i222.i.i' [ 102.268161][ T4664] [336, 348) 'buf29.i.i.i' [ 102.270311][ T4664] [368, 372) 'rsp49.i.i.i' [ 102.272486][ T4664] [384, 393) 'rfc.i.i118.i.i' [ 102.274816][ T4664] [416, 480) 'buf.i119.i.i' [ 102.277381][ T4664] [512, 576) 'req.i120.i.i' [ 102.279738][ T4664] [608, 617) 'rfc.i.i.i.i' [ 102.281961][ T4664] [640, 656) 'efs.i.i.i.i' [ 102.283933][ T4664] [672, 678) 'rej.i371.i.i.i' [ 102.285941][ T4664] [704, 710) 'rej.i.i.i.i' [ 102.288231][ T4664] [736, 800) 'rsp.i.i.i' [ 102.290703][ T4664] [832, 896) 'buf.i.i.i' [ 102.293170][ T4664] [928, 1056) 'req.i.i.i' [ 102.295387][ T4664] [1088, 1096) 'rsp.i.i.i.i' [ 102.297277][ T4664] [1120, 1122) 'info.i.i.i.i' [ 102.299479][ T4664] [1136, 1264) 'buf.i.i.i.i' [ 102.301693][ T4664] [1296, 1298) 'rej.i.i' [ 102.304227][ T4664] [ 102.308146][ T4664] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc9000f590000 allocated at copy_process+0x508/0x3cf0 [ 102.315342][ T4664] The buggy address belongs to the physical page: [ 102.318897][ T4664] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x435bf [ 102.323373][ T4664] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 102.326741][ T4664] raw: 04fff00000000000 0000000000000000 ffffea00010d6fc8 0000000000000000 [ 102.331133][ T4664] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 102.335081][ T4664] page dumped because: kasan: bad access detected [ 102.338260][ T4664] page_owner tracks the page as allocated [ 102.341465][ T4664] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 30097195017, free_ts 29789461746 [ 102.350503][ T4664] post_alloc_hook+0x231/0x280 [ 102.353044][ T4664] get_page_from_freelist+0x24dc/0x2580 [ 102.355978][ T4664] __alloc_frozen_pages_noprof+0x18d/0x380 [ 102.358772][ T4664] __alloc_pages_noprof+0xa/0x30 [ 102.361024][ T4664] __vmalloc_node_range_noprof+0x7be/0x1730 [ 102.364220][ T4664] __vmalloc_node_noprof+0xc2/0x100 [ 102.367039][ T4664] dup_task_struct+0x228/0x9a0 [ 102.369697][ T4664] copy_process+0x508/0x3cf0 [ 102.372029][ T4664] kernel_clone+0x248/0x8e0 [ 102.374465][ T4664] kernel_thread+0x13f/0x1b0 [ 102.377207][ T4664] kthreadd+0x4ec/0x6e0 [ 102.379307][ T4664] ret_from_fork+0x51e/0xb90 [ 102.381760][ T4664] ret_from_fork_asm+0x1a/0x30 [ 102.384325][ T4664] page last free pid 1 tgid 1 stack trace: [ 102.387241][ T4664] __free_frozen_pages+0xc2b/0xdb0 [ 102.389738][ T4664] __slab_free+0x263/0x2b0 [ 102.391965][ T4664] qlist_free_all+0x97/0x100 [ 102.394374][ T4664] kasan_quarantine_reduce+0x148/0x160 [ 102.397099][ T4664] __kasan_krealloc+0x1f/0x110 [ 102.399330][ T4664] krealloc_node_align_noprof+0x238/0x390 [ 102.401947][ T4664] push_jmp_history+0x1cc/0x690 [ 102.404307][ T4664] do_check+0x7e69/0x10690 [ 102.406386][ T4664] do_check_common+0x19c8/0x25b0 [ 102.409123][ T4664] bpf_check+0x5f3e/0x1ce00 [ 102.411942][ T4664] bpf_prog_load+0x1484/0x1ae0 [ 102.414418][ T4664] __sys_bpf+0x618/0x950 [ 102.416389][ T4664] kern_sys_bpf+0x185/0x700 [ 102.418355][ T4664] load+0x488/0xad0 [ 102.420180][ T4664] do_one_initcall+0x250/0x8d0 [ 102.422438][ T4664] do_initcall_level+0x104/0x190 [ 102.424928][ T4664] [ 102.426260][ T4664] Memory state around the buggy address: [ 102.429382][ T4664] ffffc9000f597400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 102.433548][ T4664] ffffc9000f597480: f1 f1 f1 f1 f8 f2 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2 [ 102.437294][ T4664] >ffffc9000f597500: 00 00 02 f2 f2 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f2 [ 102.441244][ T4664] ^ [ 102.443398][ T4664] ffffc9000f597580: f8 f2 f8 f2 f8 f2 f8 f2 f2 f2 f8 f8 f2 f2 f8 f2 [ 102.447461][ T4664] ffffc9000f597600: f8 f8 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 [ 102.451133][ T4664] ================================================================== [ 102.469526][ T4664] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 102.472892][ T4664] CPU: 0 UID: 0 PID: 4664 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 102.477886][ T4664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 102.482574][ T4664] Workqueue: hci0 hci_rx_work [ 102.484764][ T4664] Call Trace: [ 102.486328][ T4664] [ 102.487650][ T4664] vpanic+0x56c/0xa60 [ 102.489628][ T4664] ? __pfx_vpanic+0x10/0x10 [ 102.492120][ T4664] panic+0xc5/0xd0 [ 102.494343][ T4664] ? __pfx_panic+0x10/0x10 [ 102.496632][ T4664] ? preempt_schedule_thunk+0x16/0x30 [ 102.499333][ T4664] ? preempt_schedule_thunk+0x16/0x30 [ 102.501874][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.504534][ T4664] check_panic_on_warn+0x89/0xb0 [ 102.507148][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.509627][ T4664] end_report+0x73/0x180 [ 102.511608][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.513823][ T4664] kasan_report+0x128/0x150 [ 102.515736][ T4664] ? trace_kmem_cache_alloc+0x29/0xf0 [ 102.518143][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.521042][ T4664] kasan_check_range+0x264/0x2c0 [ 102.524381][ T4664] ? l2cap_send_cmd+0x2a3/0xb90 [ 102.526735][ T4664] __asan_memcpy+0x29/0x70 [ 102.528894][ T4664] l2cap_send_cmd+0x2a3/0xb90 [ 102.531189][ T4664] l2cap_recv_frame+0xc032/0x10240 [ 102.533801][ T4664] ? lock_release+0x4b/0x3d0 [ 102.536462][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.539311][ T4664] ? unwind_next_frame+0xa5/0x23c0 [ 102.541951][ T4664] ? rcu_is_watching+0x15/0xb0 [ 102.544197][ T4664] ? lock_release+0x4b/0x3d0 [ 102.546757][ T4664] ? unwind_next_frame+0x1aaf/0x23c0 [ 102.549413][ T4664] ? unwind_next_frame+0xa5/0x23c0 [ 102.552119][ T4664] ? unwind_next_frame+0x1aaf/0x23c0 [ 102.554866][ T4664] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 102.557664][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.559784][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.562050][ T4664] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 102.564939][ T4664] ? ret_from_fork_asm+0x1a/0x30 [ 102.567345][ T4664] ? stack_trace_save+0xa9/0x100 [ 102.570252][ T4664] ? __pfx_stack_trace_save+0x10/0x10 [ 102.573325][ T4664] ? check_path+0x21/0x40 [ 102.575136][ T4664] ? check_noncircular+0xda/0x150 [ 102.577162][ T4664] ? add_lock_to_list+0xc7/0x100 [ 102.579284][ T4664] ? lockdep_unlock+0x5d/0xd0 [ 102.581573][ T4664] ? __lock_acquire+0x146e/0x2cf0 [ 102.584279][ T4664] ? __mutex_trylock_common+0x158/0x260 [ 102.587873][ T4664] ? __pfx___mutex_trylock_common+0x10/0x10 [ 102.591526][ T4664] ? rcu_is_watching+0x15/0xb0 [ 102.593624][ T4664] ? trace_contention_end+0x3d/0x150 [ 102.596353][ T4664] ? __mutex_lock+0x319/0x1300 [ 102.598484][ T4664] ? l2cap_recv_acldata+0x2e3/0x13e0 [ 102.600870][ T4664] ? l2cap_recv_acldata+0x30b/0x13e0 [ 102.603251][ T4664] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 102.605904][ T4664] ? __pfx___mutex_lock+0x10/0x10 [ 102.608776][ T4664] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 102.611479][ T4664] ? l2cap_conn_hold_unless_zero+0x179/0x2b0 [ 102.614145][ T4664] ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10 [ 102.617127][ T4664] ? l2cap_recv_acldata+0x41/0x13e0 [ 102.619929][ T4664] l2cap_recv_acldata+0x7e9/0x13e0 [ 102.623286][ T4664] hci_rx_work+0x4f9/0x1030 [ 102.625697][ T4664] ? process_scheduled_works+0xa25/0x1830 [ 102.628739][ T4664] process_scheduled_works+0xb02/0x1830 [ 102.631921][ T4664] ? __pfx_process_scheduled_works+0x10/0x10 [ 102.635254][ T4664] ? assign_work+0x3d5/0x5e0 [ 102.637722][ T4664] worker_thread+0xa50/0xfc0 [ 102.640167][ T4664] kthread+0x388/0x470 [ 102.642083][ T4664] ? __pfx_worker_thread+0x10/0x10 [ 102.644351][ T4664] ? __pfx_kthread+0x10/0x10 [ 102.646465][ T4664] ret_from_fork+0x51e/0xb90 [ 102.648706][ T4664] ? __pfx_ret_from_fork+0x10/0x10 [ 102.651217][ T4664] ? __switch_to+0xc7d/0x1450 [ 102.653555][ T4664] ? __pfx_kthread+0x10/0x10 [ 102.656179][ T4664] ret_from_fork_asm+0x1a/0x30 [ 102.658590][ T4664] [ 102.660477][ T4664] Kernel Offset: disabled [ 102.662703][ T4664] Rebooting in 86400 seconds..