================================================================================
UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9
index 8916 is out of range for type 'unsigned long [8]'
CPU: 1 PID: 26 Comm: kworker/1:1 Tainted: G        W         5.14.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events l2cap_chan_timeout
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1d3/0x29f lib/dump_stack.c:105
 ubsan_epilogue lib/ubsan.c:148 [inline]
 __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:288
 decode_tail kernel/locking/qspinlock.c:130 [inline]
 __pv_queued_spin_lock_slowpath+0xc12/0xcb0 kernel/locking/qspinlock.c:468
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:585 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock+0x4c9/0x8e0 kernel/locking/spinlock_debug.c:113
 spin_lock_bh include/linux/spinlock.h:359 [inline]
 lock_sock_nested+0x48/0x110 net/core/sock.c:3101
 l2cap_sock_teardown_cb+0x76/0x360 net/bluetooth/l2cap_sock.c:1528
 l2cap_chan_del+0xaf/0x610 net/bluetooth/l2cap_core.c:622
 l2cap_chan_timeout+0x12c/0x280 net/bluetooth/l2cap_core.c:436
 process_one_work+0x833/0x10c0 kernel/workqueue.c:2276
 worker_thread+0xac1/0x1320 kernel/workqueue.c:2422
 kthread+0x453/0x480 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
================================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 26 Comm: kworker/1:1 Tainted: G        W         5.14.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events l2cap_chan_timeout
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:105
 panic+0x2e1/0x850 kernel/panic.c:232
 ubsan_epilogue lib/ubsan.c:162 [inline]
 __ubsan_handle_out_of_bounds+0x12b/0x130 lib/ubsan.c:288
 decode_tail kernel/locking/qspinlock.c:130 [inline]
 __pv_queued_spin_lock_slowpath+0xc12/0xcb0 kernel/locking/qspinlock.c:468
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:585 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock+0x4c9/0x8e0 kernel/locking/spinlock_debug.c:113
 spin_lock_bh include/linux/spinlock.h:359 [inline]
 lock_sock_nested+0x48/0x110 net/core/sock.c:3101
 l2cap_sock_teardown_cb+0x76/0x360 net/bluetooth/l2cap_sock.c:1528
 l2cap_chan_del+0xaf/0x610 net/bluetooth/l2cap_core.c:622
 l2cap_chan_timeout+0x12c/0x280 net/bluetooth/l2cap_core.c:436
 process_one_work+0x833/0x10c0 kernel/workqueue.c:2276
 worker_thread+0xac1/0x1320 kernel/workqueue.c:2422
 kthread+0x453/0x480 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Kernel Offset: disabled
Rebooting in 86400 seconds..