program:
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_oob_data_request={{0x35, 0x6}}}, 0x9) (async)
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x2, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_cmd_rej_unk={{0x1, 0x2, 0x2}, {0x1}}}}, 0xf) (async)
syz_emit_vhci(&(0x7f0000000080)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x1e}, @l2cap_cid_le_signaling={{0x1a}, @l2cap_ecred_conn_req={{0x17, 0xe9, 0x16}, {0x6, 0x1, 0x7, 0x3, [0x4, 0x401, 0x5, 0x2, 0xdd, 0x2, 0x6]}}}}, 0x23)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f00000000c0)={0x8001, 0xf4a, 0x1, 0x4, 0x6, 0x0, [{0x7, 0xfffffffffffffc01, 0x1000000000000000, '\x00', 0x5}, {0x0, 0x8, 0x8, '\x00', 0x8}, {0xe5d, 0xde6, 0xfffffffffffffff8, '\x00', 0x4}, {0xff, 0x2, 0x7, '\x00', 0x109}, {0x1ff, 0x8, 0x8, '\x00', 0x802}, {0x10, 0x5, 0x3, '\x00', 0x3005}]})
r0 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000240))
pwrite64(r0, &(0x7f0000000280)="dcff3ff929e697693bdd47eecd7d219bf4be8d7f3b7e3663114f1fca4d1e3f11ebff10f70a775255e88bcc49ef766eb45e7511437e3679b3ed3ed8a7692b8bc0ec0b7dbc8e9de48bac8491870ae7ddbc99f7e5747f9261313fd9a2009c1e9bfb8895452b79969290d5b7e8cff5f4b9b6005ec8e858ad182688f8c1f6ef6ba6b4caa9d317e6bb0204ffeaf0de3741fdb523eae06c40a132ebc245c0e0cd026beb885fe3feb7db7240e8a1b9ea148544f9bd8d2b4fd2a89bc39d4690fd8ce21fca9a0d985810d62cb890a6fad20140d4367735eceef8aad665eda13f8a3e6b13db738446c046f8c91a125577429666070fabb9efd56ac44cf398b3309fda066f1e632b253603c07aba332014d133b6e57aaf33e47e97e10a050714a4fd1735e4d01df9b7a0c52056aa54484956b08f34ebcad95313e006da065af9f86600051aacf944cf99ab1e8cdf7b31111b538b188c99fbbb982d8f771e533045e521efb7987feb4ac23038815e9c2311cf86ac9dc5be43278397f458f384bb4e68e916b924034ccfa522e7a37fd9c93879d8e4555c9100a098ec2eac7b9af338d42e4d5be6a82c3311c934638e6902e5b441f977eea91e72cfb0a4a06beeae9ed00657d860c5966ae17512a87528cb01d10b7970451cb27d54ba59afc597be391851ae3c970dadfc3918d4c8e61f253735e6b9b21314c3ca62696a6e14ce04255c84131a5c0b1b44831759d238ff5e4d0d8ef47096a8441d210756a30cab32b7f04228872f3085b7c57d510f68c19ec51845ba16b2a1dc472a3c0410a8509a2478eb360fea48fc7bcf5af8cbdc498e1c637ede415dc09a7a35782186964337e72f35b592f48cd8f4e47ec5f8b3fc9b1e1263428bac570c6b8641679b93aebbee5eedc6bd89c4cf3a32fbe949407e50043dde57cb179915904edb9c9b91bdb171a2a464a541680fbd2e35d1b959002b7a42bc0b0af4dd8da1b3a42b65a3670c0281d2ddf5ff84ee49ec6642347623d67e94c4c00ed8bf8d7ec38f8d38306ee9c2f03cb22e3aeeefca6310bd5dafb0889d71594f635f82ee1a3cda4ac08a2ce006043752a53b72f8c2823edcaa57b688ee3ae1c90cd7ea366a162cb21c6f7f905cdaf0adbf0ba3409d2df7340e33b2a504b830175ffe641d73af7054b6fd090028048358968937e89d8e22051f22fec8dcbbdef346bba337d2e693a6ec648f7a2df66aedfda489e6d17ef6f2dbb9b757081be51b30422870578cc689cb00c7a19836484713a8a50eac30a69811f0dbf8129fee22b1886318e31b38d5f0a43977b60543f903c45c69af3b6c687b17c2cfccc42dbcf03e3d23a7eabdadf00c8945109b3274a489df2850d2eb268a01c779db892e70a2b442ab72e1e0be35b831713e67aa7ee411258f33a1ab330c12f9a6639bd5910ebf3b8e87b791bc38f7a2e85dccbfb5350c8cb6ffe4713ed9298c119448fdae404e5ae5c77226df4799065458f591ba2ad16e5518e028d527443b8061685360f3dbbe21955886a7f9a5f2ecbe55666dae6dac61578b84383ad62241350fbd356baa4d024b06f8911aee26242561cef84f51d6e8bbe93f66dfecc3dd87bbebda84a5e9a607d9d599fe87eb6e474b446c4a61c7df36d4ddd6f18c9e8db9ddf05efab485ed38e935b641628aff70fed5fd0cfa85dfe73d1304b1393256da34e38556c45fd79f275df2febe4eaaff027ac0b17c17310826b0b560eca7a85873debd20fb964baf923a87b938bdb5d7c94febfa67837cdd6dca2afeb40936af1dbf76967e27b5dd0e3d46c4cac36a4807ff7ad377cff8bdbd894b1639221d2b19d7c9a913992e69a40fd6e241358f936726f3aec43ca4d22eb45b556b7084e81db5a093e95fed18a76d6105952efe719d1a829be1ca8885a515e457aa2e8f5d18a4c9cd315bc69d32d644c366b629466d616271dea20f8489e2a3e9d176145e072adbd03a8841fee89c5cd65f7c1fb77769aae628e686d4ff0de3cdb12cf0267862a36baf7e3b8fa62994d3fb8cc6923c3587e8329d227b5bef55d8402b66bb4ef11cb9b03257c57be4ff6841b3604c4522e029dfaa3056961a38acb51657c5e41daa03d9ed6fbeceaf7bb6288d40dfa1bbf166c609437b552a4b779530d054c6ec01745d8066971642bace382cc03bf316c23af3e8d6f14a77b95d879a902f75c3f0b9109a76e37a6a7957a07e33b85d8e7c53893cea0155ca99d8a9ba1118c1d8c8a7f170ae85b2ecea1487dcafec939b9ab1b879938ec3db7a73ff3c9199462f2942d670524017624edbfa928b5b1ccddad55ae75baa0e70af6e4f784a72431ba2b1cbc46a82aa682a3def26cf0af0c154ad3e8fa12127bdc4a012e0dd870ad85c85a44a7cde5ba60789c09eeb468ce511111710d5c613df646af63cc2d55072a1313534e82974ec0943ff6451c78a47416d8f98ee4105e2c3eb2b1e3b1c371fa7861286b2092b2f19bf98245da20951680bcab923449ba5a00754b5471dd000b6a6ecb3422cb10b6bae0195a1cf2ac3f9fbf93d68a4ab1af4f4018e07f41f786d8799cb87fe4e3d7578ac319993a936756dd142a29c9330ca66ff48d7a7971aaf78e9d4eb7c3bdc83d2955e91db68add2302a6d4e1b4fddeb9f1dbd8bccab0a3119d96d56a1cc0a9f45366a849899c002a011cf2d0fc9627987fe17bda533e676ee6f8851ffbae553f1a4df0bb29837ca67ed6f96983705be95ad740eecc090543e0d2ba7498f88c35acf10517ba18d743d502dcf22f33ffeb1b84ffb03eb56b2426ddeae079d58a2ca201f822f37b3e37fd445b8710b17d5dbba14c358f265177bf6d197d6de61b923684bd6b385e106cf6d995ab1170ffdcaec894ad505adbd178a0649ca6d30789b941a47835357e8e8430e2f9d1c06e4abda6750efc0467da92e5102e488ab8335a762db4c1700a14d32ca211d1887ea2b8e04f67eb154394f5a4000714b0ee6f3f43f287863898175822d5041a78753180266b357c7692130b09105645e09ab24cbddf87ee36e442401b05ea119856826dfc79afa5c8979133a87b2a77a43ba190632d01a33b03a002a5a8aa6ca54bdfcabb5f8cc8a61debbd79cf44985211945715c60a2875b420cb7a0ba6b2409fbc39660aa97aacbcf4bada26de785411af84343ab18d1c52c0c2ac988bd784dc6f2436b91c64bda64af433ec863da3554c501891eb4194613560b97f2be93a201cb0345d3e18be167aa19ea77b5581e99bd68d8cfd7bb16bfd42860cc5da9d19a6ed856f098f6f4891e1c2c37a38a264ae4102b2fda3702b40d421c9308c64c96af54e37e136cbe87b4d3e4d44c4d3147824feca700d0195f04087e849c16ec163aa83b5df8791a2f6d29c459024c123655ada335dd1bc0641b6d1835b17f52feadb2d2d218f651f5def089afadde8efe1557785a4430d2f64b55dd2445d845a9ba62ddda6835e22824d416d7c5824d26535b3c9160795c91082925b8442670c13703fd290bacb9741c7a0e428776c34e322d1af94357ad6be01adbb2364afec9191001e8dfff48b39c957bc843a3cb3e6ad14e1d2afd1541521fd9d7ff6999ca02391076de456e852081b2e0814756fcd1dc54c0756eff1fb7d8e90c6bf456cf510d64dcba2e6d592cb3d7686ab54c9cba8e5a86284bd9735d64d59e43bb5f0104f8d383213f4e7daaded9f27169806ffffa2a9603f5728ef44d2e95eb5b4bfc340b9ac2acae8d31ea0a5249f2cc8f88ab55f0bfb04f6102737c5862760831bd10bcfe93f624996a926d70fcbe5c0288a60f8e1fe918989f28a911a7c734c8ba8c194ef70b986a21518b554f7054be389dfa8a563df1b658aa5125577e4dd56629ba0f9458c99b8d429a2f8a164ed2948d14fb7c0c79f1de76ccd9b05b0ddeea2df9c81556ccd1c0a668cd822c790418cf4be11c1b8f3a48def72021929761c8e920c91ba78bdbd019ee14225c2182de3c5e99b3fd39877b3dc03c1e048b4219923286ec6b403d4bcd5a45d092ad0f4f1394b97dad805b7a83f53c95e1b77b3edf262020d102af89b69c2c3879780f25028e17889d6853a48942d19886136b4b7344cd0b22e55c1da8dfc5e3ed0af508650cdb727dc36e625a4ad7aff3c366fd60024688b5a4d9801f9fb3fcec9c5316ce3cecd8cbf8d8a6adaf0078c30bf3b1dd898da18ba89f4d720c7d5df4f97b4b0a78c04fc725f86e2ad010f1655d6bf9e0d95783cf572023816eab27a491832a14cdf0ecb0192eb7fa5ad0e00a694c7f4760e714735e6fcfce007b868eea0bf442a6540c4528c31c15838d125a7123bf7aac254951feb75e1df5cee5a4e0beb52426b12994031ce4fa3fa75849cde2bae23a87a55fb7aea4f54c02c394c8d97547ad2bc94318ab1d65a80c7c1b9176295f157c987df534f710ffbe7f38acf5e6102d434a1ee64301a890732ba11243115e1204f6cd0cee73263b2253e0dc0f3c28c7054379220414f592ec30d844d94616cae896a0eb1c9b1531b241653f60218cbb886ed48f1736e4f43ef7b74c9d580fa1c00e181976828486a172e2437af2ac08209196fd37949aa0a269b93ff6af57a53a6dfe5456e2797c1902bdf5e6164fd19807d2315a94a0dad02130d64f94e71260e6104984c0246b578e3c0df2f28fd57fd02c0cfd9779dfa743bb57a4970d919d60a4b04914a86bd2fd6719a9c0b90503633a085761b0424c4d327a47e76f33bb0af330915e7e29c9bea61b626fcfddb6941e51952570cffc5dd073b3076e0fc2829515d85286322b39f61fa9467440319827b73d13ee302151179975df06d948ead5f9b75cf0bdb3d04d24f18070f7c5023055872c34635a27de22f6a26eaeb47083b76dd16e3b637edee893eddacf479616fb65a09151c693f9e07e3f47acdc59708318ced3112db76fc7719fe626295d766bbeffc4561f27864d8fee367a144276f31bdf7360848f73af485bbc3217b7306cb6b02c512c0cc624f24619955a4dabacb17a3453d6bdbd84ec1dd0d4eb2cdee8f0317025e41a9a2fbecf7b1d770a79cc5970a4f63d9b3d37a3af0fcee164859c1f74e4b95c385bd3138a9a1088d2bb5b2cd8d05b6af1deb6a55bb45f1f6c2421e88bb94f09d327f29baacfb6f22af28e216425ec568b48db67f5aec31c08aa5932eed6134586aa19df24f29a8a8397df155b08bd16c532d54e9905b803ddeef1deb19b9715fd9e2fded3bbf89c25b9def97d783626eff0b8973e4f9a77f8892fd4d27a7ab77e0f5411f3025767c48b4af3769f4fd0fe40efc78e6d8af6fa40b385c15f473dcfc9b3d9cfb2eb1df76a65dfe53be7aaff04968ab7b53cbd8d647b0710715f915cd44df55e25a4c8b7a34c07cbe2df92914c27467f02a1032edcc3e2956f724a8d0a5bdcfbbe90e20345556b75b81198c65e14216bd79cae0e08b060f3104660f7db34e7fa544a3bdfb9dc7f98f0febb1a2d41ea625c32175b0315f0ccb3a17d9bc72d4a8c6e154630b5a8e20cf610de45e019e52a804e871e36ef269a44cc3011e3ec7275874c24c0b8f46ddb59a810ad9f54da9829f6fec48bee41c69d540a493f79bcbeccc1c2f60e7f505dda6556bb18019faeb1728cbb764f04694d7494f763a3c0064e121c0d0d62815a05a5b3ae9eb99a863434f08f7cc95de2a6c1a1e898b6cecd67b675cbf4f710757e13178af3bb3449c778ed4d4cf1911348950e8922fb38f8656aac4045d14d754cd4de6f45673bd02d6d3adfb308ed981da8738c72ca668d2bdefa74b2f492b5a69c2aba547bfac222e8ee596f045430cbd8", 0x1000, 0x3)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f0000001280)=""/166) (async)
mount(&(0x7f0000001340)=@nullb, &(0x7f0000001380)='./file0\x00', &(0x7f00000013c0)='gfs2\x00', 0x8, &(0x7f0000001400)='\x00')
ioctl$XFS_IOC_FREE_EOFBLOCKS(r1, 0x8080583a, &(0x7f0000001440)={0x5, 0x1, 0x4, 0x0, 0x8, 0x0, 0x9})
syz_emit_vhci(&(0x7f00000014c0)=@HCI_SCODATA_PKT={0x3, {0xac, 0xdf}, "74a8b1c8b920b8c712210845e9ffe4d4711eec2de617f60b0aace4397daeb3ab6f64a39c7f4a98b42956a300dcd2cb996eca6a1ac7664050576e4a2b5ec77ddd8d21beb7876e9224659fbd86d4bde74fd4856a9463bdd3a9ab0d9410b6bad28eef41649da72c456f094a6f85fe41ba398893dd62367019a4c7f00353edc4565a3d289432c629a67f8de8eda7b47b3958d41821d93a2837b6f2fce46bf46e2d4badad40df58be4ee98f1775d73eb49ea4b894a37943a108340134e5f2aa219c82b648f623a5b8543b6f8c7cae58a9859f8aa4fbe65b87ea4aff976b176996fb"}, 0xe3) (async)
ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f00000015c0)={0x8, 0x4, 0xb, 0x7d5})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r3, 0x1) (async)
unshare(0x40000080)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r2, 0xf50f, 0x0)
listxattr(&(0x7f0000001600)='./file0\x00', &(0x7f0000001640)=""/26, 0x1a) (async)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, &(0x7f0000001680)=""/201, &(0x7f0000001780)=0xc9) (async)
listxattr(&(0x7f00000017c0)='./file0/file0\x00', 0x0, 0x0) (async)
ioctl$XFS_IOC_PATH_TO_HANDLE(r1, 0xc0385869, &(0x7f0000001900)={<r4=>r0, &(0x7f0000001800)='\x00', 0x13d180, &(0x7f0000001840)={@_ha_fsid={[0x89ba, 0x1]}, {0x3, 0x16cb, 0x6, 0xcf}}, 0x0, &(0x7f0000001880), &(0x7f00000018c0)=0x8})
sendmsg$nl_route_sched(r4, &(0x7f0000003240)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000003200)={&(0x7f0000001980)=@newtaction={0x1878, 0x30, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [{0x1864, 0x1, [@m_xt={0x15c, 0xb, 0x0, 0x0, {{0x7}, {0x64, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0xc}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}]}, {0xd2, 0x6, "b5e66a9de8b57690eff1acdb1b07854120d706e8c5216732d4ae5bcfeb95d9138959765dd3112f356e0df3268414805f35a50412dac2c16064d29cc7893689694b36dd45039eba81f4252317ecad62ce3cc37a5df5fe6965c884896c9888aa2527b061e2eb787e9217beb84cd8a2fb3dc27aca009305aa22ebc408c22e7899ee18dd684ae1fedc63c9e4e3fd4d6aacaa5a05607ebb38b43b718bf1b57751b0e849e2f499027a6e84ecfe4c29a09240b4ec28e3d55e9327b91e8c2b1ff2aaa1dbe4bbc916cb28313e91b876c342ba"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_connmark={0x224, 0x18, 0x0, 0x0, {{0xd}, {0x100, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x6, 0xfffffff7, 0x5, 0x50000000, 0x4}, 0x6}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x9, 0x0, 0x80000001, 0x9}, 0x5796}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x8, 0x20000000, 0x5, 0x3}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x2, 0x3, 0x12, 0x8}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x1, 0x9, 0xc0000000}, 0xff82}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x2, 0x6, 0x6, 0x8}, 0xe}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x10001, 0x8a6, 0x4, 0x3, 0x5}, 0xf1}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x18f, 0x1b3e, 0x2, 0x9, 0x7ff}, 0xfbff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x5, 0xafe4b60cd0cc59fe, 0x8, 0x2}, 0x8}}]}, {0xf7, 0x6, "5b3c1589eb266bc578e534ab8e3b19681130a4432a980ca07a562249d76d9b15df46d78daa9a29b27872d3259ebdfa8e368760017c445ca8b4c7dad2708b654dea33452024b6efcd3731ffde19bd45357a1607ca0399b265ee67b033ee74f6d6d44321cd51a1c2e404d99907e826bc89f330cf0ab3ef0239b35a2f27bed3ce786b301efa86e0b39fbd53328a17a21dad8114cbeb4679e49812a5315a4d7df42d4c65e348334343bdf6726753051341a766ef45cef892dd7703055bc4d0afc74000171ce64b9762f0d30185e34524d757463f4802b401ebc55223a5f9903058bc15b1892c646948344efb458e722f3755bfaf25"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_simple={0x170, 0x5, 0x0, 0x0, {{0xb}, {0x8c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0xa, 0x14, 0x1, 0x5, 0x3}}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0xe, 0x4, 0x764f, 0x8}}, @TCA_DEF_PARMS={0x18, 0x2, {0x10001, 0x3, 0x8, 0x8, 0x3}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x9b24, 0x8, 0x8, 0x13cb}}, @TCA_DEF_PARMS={0x18, 0x2, {0x680, 0x5, 0xffffffffffffffff, 0x7, 0x4}}, @TCA_DEF_DATA={0x10, 0x3, '/dev/nullb0\x00'}]}, {0xb9, 0x6, "031859a479a9d776d36808c18fdc648695b1edb9ccbe3c5ee17a084c8748728cda924421cacd0db7d58717a1643ede05190221f16bbcf2ada1c3f351823b8448ab581e6600ef4a22bb50500183468d6dddb64fc4dfdf67810ff0dfe54e130b518410f65d11a22a0ce86e4667c4fedba4fc0ed058e731048ee292607c99e1c11643edd768aa0132d3a5f0f72ad6bc62f7b53143e33e117287d56fc4fb21a0d0f53ad78c6e6da4fe8abfc0b788fcdb28335119296262"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_tunnel_key={0x64, 0x4, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x3f}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e20}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, {0x5, 0x6, 'Q'}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0xedc, 0x20, 0x0, 0x0, {{0xa}, {0xe84, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x233, 0x1200000, 0x5, 0x2, 0x3}, 0x6, 0x81, [{0x3, 0x40, 0xd2, 0x7, 0x8, 0x3}, {0x5, 0xfffff000, 0x3, 0x7, 0x6, 0xffffff7f}]}, [{0x2, 0xfffffa10, 0x1, 0x1, 0x6, 0x60000}, {0x401, 0x5, 0x5, 0xf, 0xd5efd2e, 0x5}, {0x5, 0x5, 0x1, 0x3, 0x7079, 0x3}, {0x0, 0xb, 0x0, 0x7, 0x10001, 0x80}, {0x8, 0xabe6, 0x2, 0x4, 0x6, 0x7fffffff}, {0xc, 0x0, 0xd53e, 0x7, 0x7017ee04, 0x8000}, {0x4, 0x81, 0x9, 0xf77, 0x9, 0xffff}, {0x6f9, 0x1, 0x3eaa, 0x3, 0x1, 0x10000}, {0x6, 0x3, 0x7, 0x7, 0x7fffffff, 0x80}, {0x2, 0x0, 0x0, 0x9, 0x5}, {0x1bc, 0xdc, 0x800, 0xfb5b5a5, 0x3, 0xff}, {0x1, 0x8, 0x6, 0x12, 0x9, 0x2}, {0xf506, 0x62, 0x1, 0x8, 0x100, 0xb}, {0x8, 0x0, 0xfffffeff, 0x6bfa, 0x9, 0xbac}, {0x7, 0xffff0001, 0x73, 0x4, 0xfffeffff, 0xb}, {0x267717a9, 0x8000, 0x7, 0xaa4, 0x4, 0x5}, {0xa, 0xfffffff2, 0xe0e5, 0x7, 0x3a25}, {0x1, 0x3, 0x8, 0x5, 0xffffffff, 0x3902}, {0x400, 0x80000001, 0x46ec, 0x2, 0x2, 0xdd2f}, {0xfffffffd, 0x1, 0x0, 0x3, 0x7, 0x5a0d}, {0x4, 0x2, 0x8, 0x61, 0x9, 0x3}, {0xc, 0x9bd00000, 0x373, 0x5, 0x4, 0x2}, {0x1000, 0x3, 0x0, 0x1, 0x8, 0x800}, {0x2, 0x3, 0x0, 0x4, 0x5, 0x7}, {0x4, 0xffff, 0x5, 0xd, 0x8, 0x25}, {0x8, 0x7, 0x3, 0x0, 0x10, 0x200}, {0x6, 0x5, 0xcf, 0x7, 0x5, 0xfffffff3}, {0x57570379, 0x0, 0x2, 0x3, 0xfb35, 0x2}, {0x1, 0x40, 0x5, 0x80000000, 0x10000, 0x7}, {0xffffff80, 0x0, 0x1, 0xffffffd4, 0x4ab1, 0x75}, {0x7, 0x1, 0x7, 0x7, 0x5b, 0x6}, {0xffff, 0x2, 0x6, 0x1, 0x8000, 0x10}, {0xb, 0x800, 0x2, 0x401, 0xa, 0x2}, {0x3, 0x1, 0x7, 0x7ff, 0x80000001, 0x5e46fd9}, {0x7f, 0x4, 0x6, 0x6, 0xe7, 0x7}, {0x3ff, 0x1ca2, 0x6, 0x10000, 0x3, 0xa}, {0x800000, 0x6, 0x7, 0x10000, 0x8, 0x8}, {0xfff, 0x80, 0x6, 0x8, 0x8, 0xc0000000}, {0x5, 0x9, 0xb940, 0x1, 0x1, 0x2}, {0x3b, 0x9c15, 0x6, 0x0, 0xa336, 0x9}, {0xfffffffd, 0x1c8f, 0x7, 0x2, 0x0, 0xc69}, {0x2, 0x3, 0x7, 0x2, 0x0, 0x5}, {0x1, 0x8, 0x1, 0x4, 0x0, 0x9}, {0x7, 0x1, 0x93, 0x9a, 0x0, 0x37c50b20}, {0x5, 0x2, 0x8000000, 0xc, 0x7, 0x5}, {0x1, 0x0, 0x9, 0x7, 0xfff, 0x80}, {0xc, 0x4, 0x1b, 0x8, 0x4, 0x1}, {0x1, 0x2, 0x400, 0x7, 0x9, 0x3}, {0x10, 0x1, 0xca1, 0x3, 0x7, 0x2}, {0x7, 0xffff4510, 0x9, 0x7, 0x9, 0x9}, {0x6, 0x9, 0xd036, 0x2, 0x8, 0xa}, {0x71f, 0x3, 0x80, 0x125, 0xe, 0xff}, {0x401, 0x8, 0x6, 0x6, 0x0, 0x6}, {0x3, 0x7ff, 0x401, 0x9, 0xe1ac, 0xfffffffa}, {0x4, 0x3ff6d66a, 0xffffffff, 0xfffffffc, 0x6, 0x9}, {0x4, 0x4, 0x2, 0x9, 0x2, 0x1}, {0x6, 0x6, 0x4, 0xc, 0x8, 0x1}, {0x9, 0x5, 0xc, 0x3, 0xff, 0x7}, {0x3, 0x50000, 0x847e, 0x5, 0x5, 0x1}, {0x0, 0x200, 0x3ff, 0x2, 0x8, 0x6}, {0x6, 0xc, 0x1000, 0x2, 0x1ff, 0x7}, {0x90000000, 0x6, 0xc6d, 0x6, 0x2, 0x8}, {0x2, 0x6, 0x2, 0xffffffff, 0x6, 0x9}, {0x10, 0x4, 0x8001, 0x9, 0x65f, 0x6}, {0x6, 0x1, 0x7, 0x8000, 0x7982, 0x3}, {0x4, 0x40000000, 0x1, 0x1, 0x1, 0x157}, {0x3, 0xe6, 0x7, 0x1, 0x4, 0xfffffffb}, {0x8, 0x5, 0x8, 0x10000, 0xede, 0x7}, {0x5, 0x200, 0x4, 0xc, 0x6, 0x9}, {0x400, 0xfffffffe, 0x40, 0x5, 0x9, 0x8001}, {0xee0, 0x8, 0x3, 0x8, 0xf8000000, 0x14e}, {0x187, 0x401, 0xe8, 0x3c, 0xfffffeff, 0x203a}, {0x0, 0x4, 0x4, 0x1, 0x2, 0xf}, {0x9f1e, 0x0, 0x8, 0xd787, 0xa, 0x80000001}, {0x5, 0x0, 0x5, 0x1, 0x9, 0x1}, {0x24, 0x1, 0x1, 0xf9eedf2, 0x7fffffff, 0x3}, {0x4, 0x4, 0x0, 0x5, 0x7, 0x9}, {0x1, 0xb19b, 0x7f, 0x800, 0x9}, {0x10001, 0xa2, 0x2, 0x8, 0x55, 0xb883}, {0x8000, 0x8, 0x8, 0xeb, 0x2, 0x5}, {0x9, 0x4, 0x0, 0x4, 0x6}, {0x200, 0x200, 0x8, 0xfffffff2, 0x1, 0xfffffffe}, {0xfae2, 0xffffff8b, 0x1, 0x8001, 0x9, 0x8}, {0x16b4, 0x4, 0xd3, 0xfea5, 0x1000}, {0x0, 0x5, 0x4b74, 0x5, 0x1, 0x8}, {0x10001, 0x7, 0x2, 0x1a3a, 0x1, 0x20000}, {0x10001, 0xd, 0x5, 0x200, 0x0, 0x8}, {0xa, 0x7, 0x3, 0x1ff, 0x5, 0x9}, {0x8c, 0x164c00, 0x23, 0x8, 0x6, 0x200}, {0x7f, 0x5, 0x0, 0x1, 0x4, 0x7}, {0x0, 0x80, 0x5, 0x4fa3, 0x3, 0x3}, {0x9, 0x8, 0x3, 0x200, 0x7ff}, {0x3, 0x4, 0x1, 0x3, 0x7fffffff, 0x80}, {0x7, 0x4, 0xf, 0x3, 0xf8, 0x9}, {0x1, 0x3, 0x81, 0x1, 0xde0, 0xffffffc0}, {0x7, 0x4, 0x7f, 0x5, 0xc8, 0x3}, {0x7, 0x4, 0x101, 0x2, 0x7ff, 0x4}, {0x8, 0xf, 0x4, 0x4, 0x4, 0x70d7}, {0x100, 0x9, 0x2d, 0x1000, 0x6, 0x10000}, {0x6, 0xbeaa, 0xd3df8682, 0x9, 0xe, 0x2a71}, {0x9, 0xc2, 0x4, 0x8, 0x6, 0x9}, {0x7, 0x7, 0xc, 0xe25, 0x9, 0x6}, {0x5, 0x8000, 0x7fff, 0x4, 0x1, 0x800}, {0x2, 0x4, 0x7, 0xfffffc01, 0x6, 0x7}, {0x4, 0x1, 0x7ff, 0x7f, 0x5, 0x401}, {0xc4, 0x6328, 0x8d8, 0xa3, 0x3, 0x2}, {0x3e, 0x101, 0x4, 0x19, 0x0, 0x6}, {0x34b, 0xfffffc00, 0x7, 0xffffffff, 0x5, 0x8001}, {0xe, 0xe11, 0x8, 0x7, 0x7, 0x4}, {0x7, 0x394723e1, 0xb, 0x2e4b48f, 0x313, 0xa281}, {0x6, 0x8, 0x4, 0x1ec, 0x1, 0xfffffffc}, {0x3223, 0x19, 0x1000, 0x9, 0x24a, 0xf}, {0x3, 0x0, 0x3, 0x4, 0xfffffffe, 0x800}, {0x10000, 0x2, 0x9, 0x101, 0xfff, 0xbdc}, {0x8, 0x6, 0x4, 0x9}, {0x5, 0x7, 0xa51, 0x7, 0x3, 0x8000}, {0x3, 0x7, 0x3ff, 0x2, 0x5, 0x5}, {0xb, 0x7, 0xe00000, 0x1, 0x7, 0x7ff}, {0x7, 0x4, 0x5, 0xc61, 0x9, 0x2f9b}, {0xc81, 0x0, 0x22842e98, 0x3, 0xfffffff4, 0x7}, {0x7, 0x4, 0x1, 0x4, 0xd16, 0x1}, {0xd, 0x6, 0xc76, 0x5, 0x2, 0x50000}, {0x7fff, 0x7, 0x730, 0xf, 0x5, 0x5e}, {0x2, 0x3400000, 0x1, 0x3, 0x5}, {0x8, 0x5, 0x10, 0x6, 0x6, 0x6}, {0x6, 0x7, 0xffffff00, 0x4, 0x1, 0x8}, {0x9, 0x6, 0x8000, 0x10000, 0x2343, 0x8}, {0x38, 0x1, 0x7, 0x0, 0x80000000, 0xffffffff}], [{0x4, 0x1}, {0x5}, {0x4, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x1}, {0x2, 0x1}, {}, {0x5}, {0x1, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x1}, {0x2}, {0x3}, {0x4}, {0x5, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x4, 0x37748ce0a5aab079}, {0x5, 0xba1d7abb6b7ac9f3}, {0x5, 0x1}, {0x1, 0x1}, {0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x3}, {0x2, 0x1}, {}, {0x1}, {0x5}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1}, {}, {0x4, 0x1}, {0x7973bcd2cda155b5}, {0x3}, {0x2}, {0x4}, {0x2}, {0x4}, {}, {0x1}, {0xe551da5714169bc3}, {0x2, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x1}, {0x2, 0x1}, {0x3}, {0x4, 0x1}, {0x1}, {0x5}, {0x3, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x5}, {0x4217e03d545d0815, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2}, {0x1, 0x2}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x5}, {0x2, 0x1}, {0x1}, {0x2}, {0x4, 0x1}, {0x2}, {0x5}, {}, {0x3, 0x1}, {0x2}, {}, {0x2, 0x1}, {0x4}, {0x3928b74227da27e, 0x1}, {0x4}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0xd}, {0x3, 0x1}, {0x3}, {0x2, 0x1}, {0x1}, {0x4, 0x1}, {0x4}, {0x3}, {0x1, 0x1}, {0x5, 0x1}, {0x3}, {0x3}, {0x5}, {0x2, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {}, {0x4, 0x1}, {0x2}, {}, {0x2, 0x1}, {0x1, 0x1}, {0x1}, {0x1, 0x1}]}}]}, {0x2e, 0x6, "40cc2097da466119b990a0d81db1c27d309d1e17ecb24ea3ea2d6185ceac6c027113ea7a3281296ab9de"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_xt={0x284, 0xe, 0x0, 0x0, {{0x7}, {0x22c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x43, 0x6, {0xffff, 'mangle\x00', 0x6, 0x4, "a3b2f9fcf15e84989d0a83151ea701709f63d31e55499ba2d8"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TARG={0xb7, 0x6, {0x7, 'filter\x00', 0x3, 0xd3ab, "5c58c7070e52f6da23e7ea9dcffc0cee0f13b64ab8fa714011bc057ea36d98546f220b3f736f23cd9bc2d3137a0441ee5d908a9ffe0d15838b94215c7c8208363f1149cbb73940591d0a09776c2c1942ad800828b0f27414d788e61f6ef5fe1450637826fb545645f6788c133d231ed1fa2f830ef8e3d24a75504b12071c7c2db06fd7ed2a0ef540d2dfa77e0f"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x8}, @TCA_IPT_TARG={0xed, 0x6, {0x10, 'nat\x00', 0x7, 0x2, "2ec564a4fcb0df670b1d56ee400ac2be48457548b3a6c0290e82c4283d04f6292fc97e0dfd447272294afaff07aa98a5b06372c2e24f3b28129c47d684cbf39f808d5d077a50d064c69e6158b09e64fedd15180111f3383edddc488ff05787d69579dc2a8001a4e167b45fbfe2bfaecbaf01201669267c5d0ea170d6d04a05f686b4458604ac3de5b35362a0625cb5a2a2b0bf7d4ef8d987a52fad405e6bd42707472934a8cc8c3d6bb9a5bcadcb11c097b6c8d5f7c733aa15419a626b20ce03c52bec"}}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x3}]}, {0x32, 0x6, "a950535630b2f871e8f8a1015a51bc20f5d4d48fd5568b913fcc35dc39b57457bd4c7bbecc83fc749e64a0223300"}, {0xc}, {0xc, 0x8, {0x5, 0x2}}}}, @m_vlan={0x60, 0x4, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x50e}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x5, 0xfff, 0x5, 0x0, 0xdb}, 0x2}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}]}, {0x7, 0x6, "71dcbb"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ctinfo={0xb0, 0xb, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x9}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x4}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x6049}]}, {0x64, 0x6, "4ef8ee83abd53831654e61621f4fbf013bbed4deeb520e75f4f02fe013a31c745a362df299dfcef7be580fe25d42de244a31605347b3a26a699d78f086ac2622f743838445173e479cfaba5034ff295b85b78631c5523fc42dde602347a56f7c"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ctinfo={0x9c, 0xb, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xd}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x5110}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3}, @TCA_CTINFO_ACT={0x18, 0x3, {0x3, 0x80, 0x0, 0x0, 0xffffffff}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0xffffffff}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x72}]}, {0x25, 0x6, "8d155e53f624662525b6e485083ee1fdb3b19851e06077dbe125ccb05af9d76530"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x4}}}}]}]}, 0x1878}, 0x1, 0x0, 0x0, 0x5}, 0x0)
mknodat(r4, &(0x7f0000003280)='./file0/file0/file0\x00', 0x1, 0x2) (async)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000003300)={&(0x7f00000032c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x400, 0x0, <r5=>0xffffffffffffffff})
ioctl$sock_x25_SIOCDELRT(r5, 0x890c, &(0x7f0000003340)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}, 0x4, 'veth0_macvtap\x00'}) (async)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000003440), 0x4001, 0x0) (async)
r7 = geteuid() (async)
r8 = getegid()
fchown(r6, r7, r8) (async)
ioctl$EVIOCREVOKE(r5, 0x40044591, &(0x7f0000003480))

[   84.621111][ T5303] Bluetooth: hci0: command tx timeout
[   84.683059][ T5303] ==================================================================
[   84.686978][ T5303] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90
[   84.691927][ T5303] Read of size 22 at addr ffffc9000cc17500 by task kworker/u5:2/5303
[   84.696261][ T5303] 
[   84.697444][ T5303] CPU: 0 UID: 0 PID: 5303 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   84.697465][ T5303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.697478][ T5303] Workqueue: hci0 hci_rx_work
[   84.697537][ T5303] Call Trace:
[   84.697550][ T5303]  <TASK>
[   84.697560][ T5303]  dump_stack_lvl+0xe8/0x150
[   84.697586][ T5303]  print_report+0xba/0x230
[   84.697604][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   84.697666][ T5303]  kasan_report+0x117/0x150
[   84.697683][ T5303]  ? trace_kmem_cache_alloc+0x29/0xf0
[   84.697710][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   84.697808][ T5303]  kasan_check_range+0x264/0x2c0
[   84.697823][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   84.697848][ T5303]  __asan_memcpy+0x29/0x70
[   84.697903][ T5303]  l2cap_send_cmd+0x2a3/0xb90
[   84.697926][ T5303]  l2cap_recv_frame+0xc032/0x10240
[   84.697939][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   84.697985][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   84.698006][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   84.698025][ T5303]  ? unwind_next_frame+0x1aaf/0x23c0
[   84.698061][ T5303]  ? __pfx_l2cap_recv_frame+0x10/0x10
[   84.698075][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   84.698099][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   84.698143][ T5303]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   84.698161][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   84.698181][ T5303]  ? stack_trace_save+0xa9/0x100
[   84.698218][ T5303]  ? __pfx_stack_trace_save+0x10/0x10
[   84.698233][ T5303]  ? stack_depot_save_flags+0x33/0x810
[   84.698312][ T5303]  ? __lock_acquire+0x6b5/0x2cf0
[   84.698335][ T5303]  ? __mutex_trylock_common+0x158/0x260
[   84.698384][ T5303]  ? __pfx___mutex_trylock_common+0x10/0x10
[   84.698405][ T5303]  ? rcu_is_watching+0x15/0xb0
[   84.698448][ T5303]  ? trace_contention_end+0x3d/0x150
[   84.698471][ T5303]  ? __mutex_lock+0x319/0x1300
[   84.698520][ T5303]  ? l2cap_recv_acldata+0x2e3/0x13e0
[   84.698535][ T5303]  ? l2cap_recv_acldata+0x30b/0x13e0
[   84.698549][ T5303]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   84.698571][ T5303]  ? __pfx___mutex_lock+0x10/0x10
[   84.698612][ T5303]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   84.698633][ T5303]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[   84.698648][ T5303]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[   84.698683][ T5303]  ? l2cap_recv_acldata+0x41/0x13e0
[   84.698697][ T5303]  l2cap_recv_acldata+0x7e9/0x13e0
[   84.698724][ T5303]  hci_rx_work+0x4f9/0x1030
[   84.698772][ T5303]  ? process_scheduled_works+0xa25/0x1830
[   84.698797][ T5303]  process_scheduled_works+0xb02/0x1830
[   84.698823][ T5303]  ? __pfx_process_scheduled_works+0x10/0x10
[   84.698841][ T5303]  ? assign_work+0x3d5/0x5e0
[   84.698884][ T5303]  worker_thread+0xa50/0xfc0
[   84.698905][ T5303]  kthread+0x388/0x470
[   84.698918][ T5303]  ? __pfx_worker_thread+0x10/0x10
[   84.698952][ T5303]  ? __pfx_kthread+0x10/0x10
[   84.698964][ T5303]  ret_from_fork+0x51e/0xb90
[   84.698987][ T5303]  ? __pfx_ret_from_fork+0x10/0x10
[   84.699003][ T5303]  ? __switch_to+0xc7d/0x1450
[   84.699083][ T5303]  ? __pfx_kthread+0x10/0x10
[   84.699095][ T5303]  ret_from_fork_asm+0x1a/0x30
[   84.699120][ T5303]  </TASK>
[   84.699126][ T5303] 
[   84.849902][ T5303] The buggy address belongs to stack of task kworker/u5:2/5303
[   84.853723][ T5303]  and is located at offset 128 in frame:
[   84.856763][ T5303]  l2cap_recv_frame+0x0/0x10240
[   84.859173][ T5303] 
[   84.860317][ T5303] This frame has 26 objects:
[   84.862502][ T5303]  [32, 34) 'rsp.i241.i.i'
[   84.862520][ T5303]  [48, 88) 'chan.i.i.i'
[   84.864587][ T5303]  [128, 146) 'pdu_u.i.i.i'
[   84.866545][ T5303]  [192, 202) 'rsp.i94.i.i'
[   84.869675][ T5303]  [224, 226) 'rsp.i.i.i111'
[   84.872639][ T5303]  [240, 242) 'rej.i'
[   84.874769][ T5303]  [256, 258) 'rej.i145.i'
[   84.876643][ T5303]  [272, 274) 'rej.i143.i'
[   84.878914][ T5303]  [288, 290) 'req.i229.i.i'
[   84.881410][ T5303]  [304, 312) 'buf.i222.i.i'
[   84.883689][ T5303]  [336, 348) 'buf29.i.i.i'
[   84.886082][ T5303]  [368, 372) 'rsp49.i.i.i'
[   84.888812][ T5303]  [384, 393) 'rfc.i.i118.i.i'
[   84.890971][ T5303]  [416, 480) 'buf.i119.i.i'
[   84.893201][ T5303]  [512, 576) 'req.i120.i.i'
[   84.895358][ T5303]  [608, 617) 'rfc.i.i.i.i'
[   84.897827][ T5303]  [640, 656) 'efs.i.i.i.i'
[   84.900179][ T5303]  [672, 678) 'rej.i371.i.i.i'
[   84.902326][ T5303]  [704, 710) 'rej.i.i.i.i'
[   84.904596][ T5303]  [736, 800) 'rsp.i.i.i'
[   84.906758][ T5303]  [832, 896) 'buf.i.i.i'
[   84.909037][ T5303]  [928, 1056) 'req.i.i.i'
[   84.911134][ T5303]  [1088, 1096) 'rsp.i.i.i.i'
[   84.913206][ T5303]  [1120, 1122) 'info.i.i.i.i'
[   84.915499][ T5303]  [1136, 1264) 'buf.i.i.i.i'
[   84.918084][ T5303]  [1296, 1298) 'rej.i.i'
[   84.921374][ T5303] 
[   84.925410][ T5303] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc9000cc10000 allocated at copy_process+0x508/0x3cf0
[   84.931531][ T5303] The buggy address belongs to the physical page:
[   84.934557][ T5303] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b737
[   84.939151][ T5303] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   84.943141][ T5303] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[   84.947200][ T5303] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   84.951256][ T5303] page dumped because: kasan: bad access detected
[   84.954713][ T5303] page_owner tracks the page as allocated
[   84.958023][ T5303] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 81356405506, free_ts 53801082101
[   84.966734][ T5303]  post_alloc_hook+0x231/0x280
[   84.969140][ T5303]  get_page_from_freelist+0x24dc/0x2580
[   84.971865][ T5303]  __alloc_frozen_pages_noprof+0x18d/0x380
[   84.975507][ T5303]  __alloc_pages_noprof+0xa/0x30
[   84.978283][ T5303]  __vmalloc_node_range_noprof+0x7be/0x1730
[   84.981188][ T5303]  __vmalloc_node_noprof+0xc2/0x100
[   84.983836][ T5303]  dup_task_struct+0x228/0x9a0
[   84.986139][ T5303]  copy_process+0x508/0x3cf0
[   84.989283][ T5303]  kernel_clone+0x248/0x8e0
[   84.991342][ T5303]  kernel_thread+0x13f/0x1b0
[   84.993805][ T5303]  kthreadd+0x4ec/0x6e0
[   84.996236][ T5303]  ret_from_fork+0x51e/0xb90
[   84.998842][ T5303]  ret_from_fork_asm+0x1a/0x30
[   85.001248][ T5303] page last free pid 5150 tgid 5150 stack trace:
[   85.004133][ T5303]  __free_frozen_pages+0xc2b/0xdb0
[   85.006555][ T5303]  __slab_free+0x263/0x2b0
[   85.008952][ T5303]  qlist_free_all+0x97/0x100
[   85.011802][ T5303]  kasan_quarantine_reduce+0x148/0x160
[   85.014404][ T5303]  __kasan_slab_alloc+0x22/0x80
[   85.016729][ T5303]  kmem_cache_alloc_noprof+0x2bc/0x650
[   85.019290][ T5303]  vm_area_alloc+0x24/0x140
[   85.021422][ T5303]  mmap_region+0x10eb/0x2240
[   85.023721][ T5303]  do_mmap+0xc39/0x10c0
[   85.025986][ T5303]  vm_mmap_pgoff+0x2c9/0x4f0
[   85.028812][ T5303]  ksys_mmap_pgoff+0x51e/0x760
[   85.031193][ T5303]  do_syscall_64+0x14d/0xf80
[   85.033345][ T5303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.036055][ T5303] 
[   85.037186][ T5303] Memory state around the buggy address:
[   85.040459][ T5303]  ffffc9000cc17400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   85.044765][ T5303]  ffffc9000cc17480: f1 f1 f1 f1 f8 f2 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2
[   85.048410][ T5303] >ffffc9000cc17500: 00 00 02 f2 f2 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f2
[   85.052205][ T5303]                          ^
[   85.054727][ T5303]  ffffc9000cc17580: f8 f2 f8 f2 f8 f2 f8 f2 f2 f2 f8 f8 f2 f2 f8 f2
[   85.058851][ T5303]  ffffc9000cc17600: f8 f8 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2
[   85.062504][ T5303] ==================================================================
[   85.084601][ T5303] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   85.084655][ T5303] CPU: 0 UID: 0 PID: 5303 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   85.084673][ T5303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.084684][ T5303] Workqueue: hci0 hci_rx_work
[   85.084717][ T5303] Call Trace:
[   85.084723][ T5303]  <TASK>
[   85.084731][ T5303]  vpanic+0x56c/0xa60
[   85.084782][ T5303]  ? __pfx_vpanic+0x10/0x10
[   85.084811][ T5303]  panic+0xc5/0xd0
[   85.084830][ T5303]  ? __pfx_panic+0x10/0x10
[   85.084873][ T5303]  ? preempt_schedule_thunk+0x16/0x30
[   85.084890][ T5303]  ? preempt_schedule_thunk+0x16/0x30
[   85.084904][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   85.084951][ T5303]  check_panic_on_warn+0x89/0xb0
[   85.084970][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   85.084990][ T5303]  end_report+0x73/0x180
[   85.085007][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   85.085054][ T5303]  kasan_report+0x128/0x150
[   85.085067][ T5303]  ? trace_kmem_cache_alloc+0x29/0xf0
[   85.085089][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   85.085133][ T5303]  kasan_check_range+0x264/0x2c0
[   85.085146][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   85.085161][ T5303]  __asan_memcpy+0x29/0x70
[   85.085221][ T5303]  l2cap_send_cmd+0x2a3/0xb90
[   85.085241][ T5303]  l2cap_recv_frame+0xc032/0x10240
[   85.085255][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   85.085299][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   85.085318][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   85.085359][ T5303]  ? unwind_next_frame+0x1aaf/0x23c0
[   85.085381][ T5303]  ? __pfx_l2cap_recv_frame+0x10/0x10
[   85.085395][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   85.085439][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   85.085458][ T5303]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   85.085477][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   85.085516][ T5303]  ? stack_trace_save+0xa9/0x100
[   85.085530][ T5303]  ? __pfx_stack_trace_save+0x10/0x10
[   85.085545][ T5303]  ? stack_depot_save_flags+0x33/0x810
[   85.085564][ T5303]  ? __lock_acquire+0x6b5/0x2cf0
[   85.085623][ T5303]  ? __mutex_trylock_common+0x158/0x260
[   85.085647][ T5303]  ? __pfx___mutex_trylock_common+0x10/0x10
[   85.085690][ T5303]  ? rcu_is_watching+0x15/0xb0
[   85.085710][ T5303]  ? trace_contention_end+0x3d/0x150
[   85.085727][ T5303]  ? __mutex_lock+0x319/0x1300
[   85.085904][ T5303]  ? l2cap_recv_acldata+0x2e3/0x13e0
[   85.085922][ T5303]  ? l2cap_recv_acldata+0x30b/0x13e0
[   85.085935][ T5303]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   85.085952][ T5303]  ? __pfx___mutex_lock+0x10/0x10
[   85.085968][ T5303]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   85.085984][ T5303]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[   85.086000][ T5303]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[   85.086013][ T5303]  ? l2cap_recv_acldata+0x41/0x13e0
[   85.086027][ T5303]  l2cap_recv_acldata+0x7e9/0x13e0
[   85.086044][ T5303]  hci_rx_work+0x4f9/0x1030
[   85.086066][ T5303]  ? process_scheduled_works+0xa25/0x1830
[   85.086094][ T5303]  process_scheduled_works+0xb02/0x1830
[   85.086121][ T5303]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.086140][ T5303]  ? assign_work+0x3d5/0x5e0
[   85.086158][ T5303]  worker_thread+0xa50/0xfc0
[   85.086181][ T5303]  kthread+0x388/0x470
[   85.086239][ T5303]  ? __pfx_worker_thread+0x10/0x10
[   85.086260][ T5303]  ? __pfx_kthread+0x10/0x10
[   85.086275][ T5303]  ret_from_fork+0x51e/0xb90
[   85.086296][ T5303]  ? __pfx_ret_from_fork+0x10/0x10
[   85.086312][ T5303]  ? __switch_to+0xc7d/0x1450
[   85.086329][ T5303]  ? __pfx_kthread+0x10/0x10
[   85.086340][ T5303]  ret_from_fork_asm+0x1a/0x30
[   85.086365][ T5303]  </TASK>
[   85.086817][ T5303] Kernel Offset: disabled