Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
==================================================================
BUG: KASAN: global-out-of-bounds in detach_capi_ctr+0xaf/0x120 drivers/isdn/capi/kcapi.c:568
Read of size 8 at addr ffffffff8dd14538 by task kcmtpd_ctr_0/11410

CPU: 0 PID: 11410 Comm: kcmtpd_ctr_0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_address_description.cold+0x5/0x219 mm/kasan/report.c:256
 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354
IPVS: ftp: loaded support on port[0] = 21
 kasan_report mm/kasan/report.c:412 [inline]
 __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433
 detach_capi_ctr+0xaf/0x120 drivers/isdn/capi/kcapi.c:568
 cmtp_session+0x162e/0x19e0 net/bluetooth/cmtp/core.c:316
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415

The buggy address belongs to the variable:
 capi_applications+0x798/0x7a0

Memory state around the buggy address:
 ffffffff8dd14400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff8dd14480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff8dd14500: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
                                        ^
 ffffffff8dd14580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff8dd14600: 00 00 00 00 00 00 00 00 fa fa fa fa 00 fa fa fa
==================================================================
audit: type=1804 audit(1638876444.150:40): pid=11483 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir086821345/syzkaller.TP3N3R/45/cgroup.controllers" dev="sda1" ino=14116 res=1