program:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448dc, &(0x7f0000000000)="99494f4d8739170176583fb96ae54e6e41494079740925c93836c541a0e9c387c0ac3b9198fea0fd7f16256f7847e9f314b4b55821d46f4249c303580afed4c5d1ee97eee0c83980b199c151799b5e8ac0dd86d241698c34e40845986fb1649852817ccd08342dc7bb6a1adc13f7f88791c4c2041df4be0186ba22e884e54985504ee94d6ef82261b0a77f07362ca07fdd8213146ee4973a442ef3543906c9fae7ca69afb5f12f46eb79ee2f98842a2086b674fdc854ed1462b3559a085d9a55eeb7d40332fa0803b6fe6e7677053e99c50b7a5a023fb030063ecc1811ebe8841fc444444f")
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
write(r0, &(0x7f0000000140)="b32791b851a0ee9776c587066fc533285876585949eba8799bc01ddf66d19a787f72ea5d7ef71cd6ea98aac55fac89f4fbd0be79dd9a6cee15f5d6440b1073947c1f9cc11f1a688d9626bdba5fe02de473c1b1974741e097f51143cae9cdd68b29a3388d5c10dbef7f903db020b34dacf8cedc425e604570c8864ddda80bf08e1f9bb7fe647dc0f4271d6bff9a35c21570e64ccfe93bc6c6f9b4aa2b9c06522f0ca699dc88c744fe8ac630f9b76ddf0b8af6415bc84df722c649f6396ae5e078e2ad8f1d028f71e89a34b3b95638195fbd9479df7687e84301d74dc9649728e0ce7f225b7d5dd0cbe6b626a27fc3d54ef4f76667252a9428da5b31756aa517c32d68b0013d408ec228488e73f62a206ed4317583e9e89de487d8920efe92d62c7b288ae9dc483254ed6fcf925f2165c92c4e21cae0a164e9fe74dbebe3573bdfa4285b5f52aa580afcbafa71421df57d325fb02a3af7234beedc9738df152892555695561065d8877d8e5b93177006ee8d9ffb7847c6f52a5dc1d97d2994bd72763104a284ff4a09f88932896e4009908b9fb2dd6ddcc5a9e83bd12158bc0a3258baa95027f43a9b8bcaa2421a7dce8cb0bd405b2d0262a3884ba4b6cbf8d66c3f6fff87f438ff5cbb19ca730772190e409e18a9fa1687696f2bf975bd742dd761434f9bc7fb6c32c852263616d3904b427f26a262b489704bc3383ab6eea86d88382559bc5e305d23c1259a252097470919e19e30d5c5b8e2aeff0371be7e0d8236e5ca1ef145373a76906612308dde303226f860534d70eeb27b49ec626115fa328deee2f28d4d6e1e381f303355fc3d4180d5899510c219717012f7e60ea9a5c41801ca298f9a1175e306fd123e8108aeafde42b9de73489a6ec264b2e9856078fd7a6f649de0c20886382ab388b94334aae13cf1ed5ffececd3e9ae2d586af2861d2f7d56a5bd0a5f6300186a07ef30951f091078b30accf948b0ff109f72fe94b9c6b09f1e133c6fbc46a19a5cf3b1cb15ee73aa8c8e308f7727ef70139aaf79c7c27ba0bae86db2b93ab808a9dbeae1239d78dc166e6737ec23d69029cf1dc5baf69a7b213377bbcefa796f93363c994eea7b481f7a61afa907f06987af59837e42ea2bd5fed9567553b8b1e3ba2fc165c510734470f873ff4fe3a115b5e528da355301e34261455fb0dc1b0550d609ab219761b67a89f94a3c548f68365ed42bd161858390aa8e5663c1755e3db1a4801e9670e1673a384e198d43fbaa992978b27740ecce3172dcee3ca7c15d48242dd1bd44d9c559ef3699066922de19f94fd8c94fbe91af9400f5b8f5f07e560529cc91b21583767ddd5462a18f6d4885f62566a8f09bf0863acfc15df96972b61926361344ea30d442558278c1c003fbe355d3143a151159266b288888dd85cd40959ec64f3ea57fc8350b5b2e25867fe392d12284d3088b598400bf5b25a323789b1cb4b3b5fdb3288e87e0339a263508926a6103c11708e01039914d8190d4231fbb50c2d8be60b25c968627f7ef198dd57be39fd9935be55c78e8653da84f4f057dea16af75e4e0be9b62f398e32b956114ad43e29cd39b9c35d90ff9c478c7392dbd13ae709ab5625ba25d819c0e466f22f9f488d030a971126b36fecd08af7df75e4fc7e5f61193144e07648617025d0a921bbba8ebe249ce563d06e62751e939d57155b8a0c37f66a3905cbfe621dc558b532ce1b6edbe884ac20a48467a21c35ded7a42dcac75ee59b3f0e94a6d1f70041f75629466ed8e1e0cf50ab21fb264b91426f1e532c48870e37b53a2eccdfc3473499e188fe09f033a6eba9579041b942d51dc514c58a4903259ca5cfa293a3ad7f015b9f9ca28e4d3e5554c138c3cf6ef34508e30cf904d2bed0b58969ec06649208b77ab6a65306212d912a706b1924207018f8fbbfca2b782f36345e970af2d8e6b44ef5a2e3e992032321600a92417b59245db8c05cd88598d42bbb16503bbed04f5fe7e243f6c7d42f1d366e2776aed0ccf809d1228111c27974e027fea90b11d35a6fdbe29aedd6e214899ceb11c95a4e31846d9368c8bdb11f8b36ebd661bd40f0484f4b4d141f14ff4b85d36f28d653fc07af283e56b33b0f8e162a01c1eed1fbae92dafa6fc15172c2a5449d97954a93d6d46b0ec26fe4a8ae902234ab3caf2eafbca88ff49808d6f8e8001b7f9c76b7ce2821e6072e4b0baefbd0c202de807211db69e09a51fd383204c7f1508d4580f8c32eaa4d7e138a1e690670c009d76e96958192ab1ba5bfe25650fa4fea043aca6b59365e882ccb5883946655a926b13807b47d86aa66bfe529e34552b4183d3773a61c8cf554ac47061bcf53ebe7266051d435f192db062670227dc7a5db75295045c375b96d0d74f5a82410e38f22bf9858765c96b769cbbec968a1695fdf44250a1b28208f3825d370293a969308f4e2fd92050f4a25b2670826be6b68971603742367d5047bf27a241cfd2ce0ea0e2d62972a263d32ee03fb277f2050ea2df2725043d13277426bc6005725546f30bc373b7d24e4023b4be7378f3548e7251af5ad5bf2fa259b519d32ea9a0b51a053d5428a8b96ed27e3d9a7672fa848d1f776a9ee2ff7ce2f3345be487ad3b459d9a4fefbf8a00eb069fa48dfdf5d04b71ea3b947e54a729ea59d849330720344ba9eff2108e0bc0d11c66a841abeeb3b820ada192c79095388d76247ad54b5e0c6c1e472e1b68c6f17750f145bcff41f65249306a71c45f22dd4b4867e1f921b7d5666f006e4de798e19c89528db8ae18ac3d0a593ca1500d6b1a24e56b85582270f9d1f4b41ef42b815eb825ef44cc851ba822bd93b053b02a3c6f60eca507959fa3cf897f23ae919f1d2edc924e9bc31af7359a39a1e5aecad0638537bbfc60f8c5f2725e5bb132e7c905aa556d8ddc32500f92e437039262248f4d0269136706709cd6ff146aa6fc1c6083d971201c8912bf5c69b250452e49b96382b56daabf2e56b40a2ba7474d0dc54930daa89c5e8666ddfa14e9fd39ea5848f0d0dc05fad975150bb435a9ec11d210ae8412c66a1a62e6c138eb7ddd3c848048dcfc6a562a52c1664ac0d1a7a28ef8c2d4c780e700e63856bd5f576873618ecca6589a0f7cfafac66fe9b4227249f8bb9e9fe75b3b5ee1cd23c610df56e72bbda139296074a7a0c53af3ee41b03566793f0c928449c9273f889f65e8768d76a85559e9d86ac1507e061755d806a6bd284f3a0be1d6ff566a4672f923e02b67cebe48114a70b09100d66dc23554e709833bfe4d02ab580b65d0b8f8358b727eead4bbada562a0f4353f5d7414ce1b35d673c95ab94cfded1eae3c1cf8cbef3e928a540635fbc5233f88a28ff7964bce62358494dfc35b69eb7e5253b742802a8023e67c000658a52e2dd99860a2edbcd763227b60c08894b755794f8d1acb82c5c889401a82c32c45a3b7190853af8f14c5ec63d4f51d523e594df53d8c3a2c34187261c0d6b0703941c3ff0bf671576f081832c593fb4f91e04a439c7ba54128efda49d74d4bdcfd9df4d2778798930a715969c702076f416a638164662b0aa1c73b68b0db67d490068a06c6d9bc3a65ea4bbc2308c54314cd28e4a1206e98b65a070f7240e76d9441df5495ad32a9107cd6e45e54d9fd3250e3d8ec6a4a429eeb6e7f36d4a01c1a6a0c3a46fdb161c3b759c755d82044a488ff87b0843ef7eade0968fe78d66d00cd4fdb2a1798817d3e4d6efd6b960ed515377d605b1b837a5e967d6ad245a9c59cb13a2cbcfcd5881e0018cc1fa94cec21c03bccefefe015eada38fbfda787b9220c756bfdaea503f5d50262d9ef3cee95e8e562b1c732448270ab823bb9177de5a09b0302c56b06dca4d0e837a4ba95133efdd9644f62283b1e030c4ab90703c79a36657e8c43c53ba634644a241d15d90bd21efc07d16006ebbf8429c37dba024c0b33e36efdef79582279a703ce81ff6de27a286888e0be745b391df38ba30e815b66eb191a275631524ac122a4815a62beab8cd8f04a59963768f5f5af28364f258921c0c3819b8de2b8f00bdf94a9dfe4b0c46459b71d91323227289e4acbeec79e5741673724e9eb3fedcf40b383c663cb457f674fc55f97efbdfc96d542e77cd24764aecf78aba928b2ddab7a7e84e6b59f3be7ba43bba58b7d03de8c49a5e509d825c653df459385e9eab635f53ef5415b2c312f57fc0b0e280d2ec58125d07bbe702967c917406edd959495d03957dd832d559eed48b4d740dcd2e86ebbaf90c71116d55aa67ed394df705c8d17174130f1520c5e7bb0c7376679c0dcf21435be8b2ca74c6ab0a4917c01d7080789976e0f930661db28f92a173d1055ee69e8fb8fc790f8e149ef246d957bfd521dc70c3c41f9f190089f86ae1042863cda36342fd371a3b36d49706547098bc7a39bb43c728accf43ece20d4abe62eb0a6be7d0eca33f2c9b43af76a4d6b73b09ff7fceff7b13e245c3c174b639292d85c110dfe9fe416b9bdecb9ab3ef7b91bd3d71c99f38a2de7e28dd8cee81586b8cbd466f0ff9f140b118dabc1b8677bc1566948c010946d48340c5c56fb7375c0591ce9dca97f7cc6f9669426d233fd0e863b9731fa880e467212a4876b31470a5614da68b5639f0614c4808db8f4b8aa788f80b72701bf83927c7b2c989268f28304ffd60547d150ee9aa664450fa9b264d5fcf0cfaf17e7fcfc5da8f9e777930a8c6cc9167fbb32c350ade4bc505f43c7ce286db7f2af0bfd84a82b616d0623b78c5340017da0360442c3a3c3f95e684bd64e159fda5d5337871cfe1f494596fb86fab21bfbe2ff6dd5c1ef569b44012adf26f5ef88b84e02d23e831d4beccf177b1117074de2907f2d6ecbdccdf54173e8e9fe48f97a5e12b3e258d37536dea4f5a7d01b8f0810a0e289a86391e56b699048b0a81d20463d38a64a0c8446335fbdaaa007358e587821db9d0a7f39d98bae9c411c6ecf14b6b7632afc252b69d0dd9035f16323a77f34e05ff1d9b63dbff540b212f92f449181d85f09f29a9db440b5470b064743198c6731528dc15e33de3131055d43ec5f0697d529d6258a3e1356165898c65856da81f24eca20df709db9c26803c8601a043d70dd1b0bfee49eef4f3302a92def92641887ee842d74e88da55c5ff950fd3bb93d6490fb729e0a516abcec451e07c9032ec51750df3e59968dc88dc71bf897fd0f0fac89adea265eee86d879f23d273fc40f0aadfa8613b7531108edfb2ff5db8f0e62facf87b808bd7fecace7a7831929625f3cea6a69222a6ae88336dec1b7258e82428c29e69f12f4aae6e48134a2f3a58034e63b5cada2514569da848f7d3f2fad4795ea999d2c3533188d017062a212b540ff40ed6783c01f4b06254803d8658892821226e64041370430c23d4390c685c3f0f6fd10d5eb784e8b5f65d352b4c85e2a7b2dbadaa072243d52e33d7a0916d4bbb5c54550ae56ef486b0b51fd2395c486f44af67f260709dd249a81e67585b5848e65461640f2964b9a6abefcaaf0e1073264ce82fd3da0d7eba39ffe4d1e5350488afb2119c4d4420a5571fd164cba5b6b9b22ad0d73c08a6c968ca95f5ef0517c128406e135e47786d552a131053e6586e963b8c0b13ee24df3a99f785cdb36a5c5cd9897cd4fe46eb4813872b7f62861551b4e165dd7e11ca0b11dc0d2937d5b40dc7e9bacf8e9c6bfc7b03f824f4c614c73b4f043d5d8f7e35b5a0d24fecb7ed497e625af812b30e3d936175983e5e4e8cd8312c83febe8bef0676", 0x1000)
close_range(r0, r0, 0x2)
wait4(0x0, &(0x7f0000001140), 0x2, &(0x7f0000001180))
syz_emit_vhci(&(0x7f0000001240)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x90}, "76ed7397f96dae4b61e299f3480a589560b46b3c20e5e7d5b6b53d6e9c3847c44fd0968554bab6efcf99be9101369c543ac511c9845afc8019c117a7c5f24e563a5c3e0311a0fee7378c9c472988163aea153b9d01d3b1c9c47c0b7372c2ae9155d9aa0c5d3da8e9a1759b46b4dd4e05b51c7198a53c409eafdea9fb532b34e048ec008ca123c2df7311e3073df6930f"}, 0x94)
r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000001300), 0x80400, 0x0)
fcntl$notify(r1, 0x402, 0x4)
syz_emit_vhci(&(0x7f0000001340)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x24}, @l2cap_cid_le_signaling={{0x20}, @l2cap_ecred_conn_req={{0x17, 0x3, 0x1c}, {0x5, 0x101, 0x1, 0xfffa, [0x5, 0x81, 0x2, 0x78a, 0x7, 0x7ff, 0x7ff, 0xcb80, 0x7, 0x6]}}}}, 0x29)
r2 = add_key$fscrypt_v1(&(0x7f0000001380), &(0x7f00000013c0)={'fscrypt:', @desc2}, &(0x7f0000001400)={0x0, "67123d0dc696bd5bb62854e306c860dd8b29db011ad011a56e61997c96b13a515ab5440d9c896ca42903e4646146e6cf31bed81e0992e5e56b8ff4faa9918883", 0x33}, 0x48, 0xfffffffffffffffa)
keyctl$setperm(0x5, r2, 0x40000)
close(r1)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
r3 = syz_mount_image$fuse(&(0x7f0000001480), &(0x7f00000014c0)='./file0\x00', 0x90022, &(0x7f0000001500)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0xffffffff}}], [{@hash}, {@obj_type={'obj_type', 0x3d, 'logon\x00'}}, {@subj_role={'subj_role', 0x3d, '&&(.@*-&+{'}}]}}, 0x1, 0x0, &(0x7f0000001600)="164776779e503610b4c59439b7d3d8c247d7f8a62c618ba4073fca395eac0e2a6e88e2bc0658e309300d2bfbdae0f765002a2ccdac0bfbbf40e14f19a31b0d02889363f7ba25fd1b17767c5dcff532301458cb6614ea7a461ffa311b8f795d3a1c250552a104a5572f8fcd8dd5602056eac799d02d3b51ff6778e3b0f5f9dffbada52152aa5a1c8cdd07")
getdents64(r3, &(0x7f00000016c0)=""/152, 0x98)
fcntl$setownex(r1, 0xf, &(0x7f0000001780)={0x0, 0xffffffffffffffff})
io_setup(0xffff, &(0x7f00000017c0)=<r4=>0x0)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001ac0)=@bpf_tracing={0x1a, 0x2e, &(0x7f0000001800)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd}, {}, {}, [@exit, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @exit, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x75}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @map_fd={0x18, 0xa}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001980)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x51, '\x00', 0x0, 0xc36092e15a602a5, 0xffffffffffffffff, 0x8, &(0x7f00000019c0)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000001a00)={0x5, 0x1, 0x8000, 0x3}, 0x10, 0x21097, 0xffffffffffffffff, 0x3, &(0x7f0000001a40)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000001a80)=[{0x3, 0x3}, {0x1, 0x1, 0x6, 0xa}, {0x2, 0x2, 0x0, 0x1}], 0x10, 0x9}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000001d00)={{0x1, 0x1, 0x18, <r6=>r3, {0x1}}, './file0\x00'})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000001e00)={<r7=>r1, 0x80, 0x1, 0x36b})
io_submit(r4, 0x5, &(0x7f0000001fc0)=[&(0x7f0000001bc0)={0x0, 0x0, 0x0, 0x5, 0x5, r5, &(0x7f0000001b80), 0x0, 0x4, 0x0, 0x1}, &(0x7f0000001d40)={0x0, 0x0, 0x0, 0x2, 0x200, r1, &(0x7f0000001c00)="ecba29c5e6392cae6e0a0bc2fb3ca3e20cebbe32e329572a5c1b98de63ca9ab1cd831f2d0a17b0a29439e4063a48f84f6ff3319de44071e7c877f55454d176fb7e86c25326a52087e2c128303f0250d5444aec87238393fb1c28e44b76921026ea91d36eff16f280adc872302fd222c8ad0eb9ccacf450f859e7f3f5f405eadbd70e6f76e619ec735eb98f75dd93ea94e8feb2b0f749dc28a3b2fdd0bc6a9c97eda037b7ea7bdd1fb90d9a1c6b7ddf068f6e362d8c86c7c7bb570c239352de08989ce565b493ab37aa851b51f39c04a57df97ca0f0ad92a4ab75", 0xda, 0x6, 0x0, 0x0, r6}, &(0x7f0000001e40)={0x0, 0x0, 0x0, 0x6, 0x5, r3, &(0x7f0000001d80)="013889c67487200ec7cce4e5f00eaeda5fddf571a03a326967c699a1331db39d6c710c444559c66aff758077970b09dcc76d5e7d581f33461111e7ead426c24219a73d162679abf3ade9ad84832ca9b1c1d83803", 0x54, 0xf4cd, 0x0, 0x0, r7}, &(0x7f0000001ec0)={0x0, 0x0, 0x0, 0x5, 0x5, r0, &(0x7f0000001e80), 0x0, 0x7, 0x0, 0x1}, &(0x7f0000001f80)={0x0, 0x0, 0x0, 0x3, 0x5, r3, &(0x7f0000001f00)="493921df9f9663bacb6b87ba86b2a5035f7243c3ceb435d0abed9d7dc82024e03a83624f06c1814d43122b69c1af0414ce2aac3b07357ff1aca977331ead7baff8c279ced9e3c25cf4d470580892170504e293e941b2f2c49c8ef3bce12530193536c75d22fec0145b92", 0x6a, 0x300f, 0x0, 0x1}])
ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000002000)=<r8=>0x0)
syz_pidfd_open(r8, 0x0)
getdents64(r7, &(0x7f0000002040)=""/4096, 0x1000)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000)
r9 = syz_open_pts(r7, 0x30040)
fremovexattr(r9, &(0x7f0000003040)=@random={'security.', '\x00'})
syz_open_dev$midi(&(0x7f0000003080), 0x3, 0x10000)
close(r9)

[   83.012959][ T5303] Bluetooth: hci0: command tx timeout
[   83.183217][ T5303] ==================================================================
[   83.186867][ T5303] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90
[   83.190783][ T5303] Read of size 28 at addr ffffc9000a5af4e0 by task kworker/u5:2/5303
[   83.194611][ T5303] 
[   83.195821][ T5303] CPU: 0 UID: 0 PID: 5303 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   83.195840][ T5303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.195851][ T5303] Workqueue: hci0 hci_rx_work
[   83.195876][ T5303] Call Trace:
[   83.195887][ T5303]  <TASK>
[   83.195894][ T5303]  dump_stack_lvl+0xe8/0x150
[   83.195917][ T5303]  print_report+0xba/0x230
[   83.195930][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.195941][ T5303]  kasan_report+0x117/0x150
[   83.195953][ T5303]  ? trace_kmem_cache_alloc+0x29/0xf0
[   83.195971][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.195982][ T5303]  kasan_check_range+0x264/0x2c0
[   83.195994][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.196005][ T5303]  __asan_memcpy+0x29/0x70
[   83.196020][ T5303]  l2cap_send_cmd+0x2a3/0xb90
[   83.196033][ T5303]  l2cap_recv_frame+0xc576/0x10580
[   83.196047][ T5303]  ? __lock_acquire+0x6b5/0x2cf0
[   83.196073][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.196091][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   83.196111][ T5303]  ? rcu_is_watching+0x15/0xb0
[   83.196130][ T5303]  ? lock_release+0x4b/0x3d0
[   83.196142][ T5303]  ? unwind_next_frame+0x1aaf/0x23c0
[   83.196158][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   83.196172][ T5303]  ? unwind_next_frame+0x1aaf/0x23c0
[   83.196188][ T5303]  ? __pfx_l2cap_recv_frame+0x10/0x10
[   83.196201][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.196215][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.196229][ T5303]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   83.196242][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.196259][ T5303]  ? stack_trace_save+0xa9/0x100
[   83.196268][ T5303]  ? __pfx_stack_trace_save+0x10/0x10
[   83.196280][ T5303]  ? check_path+0x21/0x40
[   83.196298][ T5303]  ? check_noncircular+0xda/0x150
[   83.196313][ T5303]  ? add_lock_to_list+0xc7/0x100
[   83.196327][ T5303]  ? lockdep_unlock+0x5d/0xd0
[   83.196338][ T5303]  ? __lock_acquire+0x146e/0x2cf0
[   83.196352][ T5303]  ? lockdep_hardirqs_on+0x7a/0x110
[   83.196397][ T5303]  ? __mutex_trylock_common+0x158/0x260
[   83.196414][ T5303]  ? __pfx___mutex_trylock_common+0x10/0x10
[   83.196433][ T5303]  ? rcu_is_watching+0x15/0xb0
[   83.196446][ T5303]  ? trace_contention_end+0x3d/0x150
[   83.196462][ T5303]  ? __mutex_lock+0x319/0x1300
[   83.196473][ T5303]  ? l2cap_recv_acldata+0x2e3/0x13e0
[   83.196487][ T5303]  ? l2cap_recv_acldata+0x30b/0x13e0
[   83.196499][ T5303]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   83.196511][ T5303]  ? __pfx___mutex_lock+0x10/0x10
[   83.196521][ T5303]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   83.196532][ T5303]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[   83.196545][ T5303]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[   83.196559][ T5303]  ? l2cap_recv_acldata+0x41/0x13e0
[   83.196572][ T5303]  l2cap_recv_acldata+0x7e9/0x13e0
[   83.196588][ T5303]  hci_rx_work+0x4f9/0x1030
[   83.196601][ T5303]  ? process_scheduled_works+0xa8d/0x18c0
[   83.196615][ T5303]  process_scheduled_works+0xb6e/0x18c0
[   83.196639][ T5303]  ? __pfx_process_scheduled_works+0x10/0x10
[   83.196655][ T5303]  ? assign_work+0x3d5/0x5e0
[   83.196669][ T5303]  worker_thread+0xa53/0xfc0
[   83.196690][ T5303]  kthread+0x388/0x470
[   83.196701][ T5303]  ? __pfx_worker_thread+0x10/0x10
[   83.196712][ T5303]  ? __pfx_kthread+0x10/0x10
[   83.196720][ T5303]  ret_from_fork+0x51e/0xb90
[   83.196735][ T5303]  ? __pfx_ret_from_fork+0x10/0x10
[   83.196748][ T5303]  ? __switch_to+0xc7d/0x1450
[   83.196761][ T5303]  ? __pfx_kthread+0x10/0x10
[   83.196772][ T5303]  ret_from_fork_asm+0x1a/0x30
[   83.196793][ T5303]  </TASK>
[   83.196798][ T5303] 
[   83.358464][ T5303] The buggy address belongs to stack of task kworker/u5:2/5303
[   83.362012][ T5303]  and is located at offset 128 in frame:
[   83.365351][ T5303]  l2cap_recv_frame+0x0/0x10580
[   83.367926][ T5303] 
[   83.369145][ T5303] This frame has 26 objects:
[   83.371301][ T5303]  [32, 34) 'rsp.i244.i.i'
[   83.371316][ T5303]  [48, 88) 'chan.i.i.i'
[   83.373384][ T5303]  [128, 146) 'pdu_u.i.i.i'
[   83.375472][ T5303]  [192, 202) 'rsp.i94.i.i'
[   83.377922][ T5303]  [224, 226) 'rsp.i.i.i110'
[   83.380479][ T5303]  [240, 242) 'rej.i'
[   83.383238][ T5303]  [256, 258) 'rej.i145.i'
[   83.385256][ T5303]  [272, 274) 'rej.i143.i'
[   83.387477][ T5303]  [288, 290) 'req.i229.i.i'
[   83.389584][ T5303]  [304, 312) 'buf.i222.i.i'
[   83.391998][ T5303]  [336, 348) 'buf29.i.i.i'
[   83.394425][ T5303]  [368, 372) 'rsp49.i.i.i'
[   83.396653][ T5303]  [384, 393) 'rfc.i.i118.i.i'
[   83.398702][ T5303]  [416, 480) 'buf.i119.i.i'
[   83.400912][ T5303]  [512, 576) 'req.i120.i.i'
[   83.403447][ T5303]  [608, 617) 'rfc.i.i.i.i'
[   83.406079][ T5303]  [640, 656) 'efs.i.i.i.i'
[   83.408286][ T5303]  [672, 678) 'rej.i371.i.i.i'
[   83.410460][ T5303]  [704, 710) 'rej.i.i.i.i'
[   83.412754][ T5303]  [736, 800) 'rsp.i.i.i'
[   83.414948][ T5303]  [832, 896) 'buf.i.i.i'
[   83.417301][ T5303]  [928, 1056) 'req.i.i.i'
[   83.419807][ T5303]  [1088, 1096) 'rsp.i.i.i.i'
[   83.422387][ T5303]  [1120, 1122) 'info.i.i.i.i'
[   83.424705][ T5303]  [1136, 1264) 'buf.i.i.i.i'
[   83.426953][ T5303]  [1296, 1298) 'rej.i.i'
[   83.429146][ T5303] 
[   83.432555][ T5303] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc9000a5a8000 allocated at copy_process+0x508/0x3cd0
[   83.439491][ T5303] The buggy address belongs to the physical page:
[   83.442476][ T5303] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x410cf
[   83.446548][ T5303] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   83.450598][ T5303] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   83.455076][ T5303] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   83.459007][ T5303] page dumped because: kasan: bad access detected
[   83.461957][ T5303] page_owner tracks the page as allocated
[   83.464816][ T5303] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 80198643932, free_ts 79236116013
[   83.474669][ T5303]  post_alloc_hook+0x231/0x280
[   83.477159][ T5303]  get_page_from_freelist+0x24dc/0x2580
[   83.479825][ T5303]  __alloc_frozen_pages_noprof+0x18d/0x380
[   83.483085][ T5303]  __alloc_pages_noprof+0xa/0x30
[   83.485670][ T5303]  __vmalloc_node_range_noprof+0x7be/0x1730
[   83.488373][ T5303]  __vmalloc_node_noprof+0xc2/0x100
[   83.490878][ T5303]  dup_task_struct+0x275/0x9a0
[   83.493154][ T5303]  copy_process+0x508/0x3cd0
[   83.495603][ T5303]  kernel_clone+0x248/0x8e0
[   83.497913][ T5303]  kernel_thread+0x13f/0x1b0
[   83.500591][ T5303]  kthreadd+0x4ec/0x6e0
[   83.502864][ T5303]  ret_from_fork+0x51e/0xb90
[   83.505501][ T5303]  ret_from_fork_asm+0x1a/0x30
[   83.508249][ T5303] page last free pid 5298 tgid 5298 stack trace:
[   83.511295][ T5303]  __free_frozen_pages+0xc2b/0xdb0
[   83.513673][ T5303]  __slab_free+0x263/0x2b0
[   83.515816][ T5303]  qlist_free_all+0x97/0x100
[   83.518421][ T5303]  kasan_quarantine_reduce+0x148/0x160
[   83.521577][ T5303]  __kasan_slab_alloc+0x22/0x80
[   83.523836][ T5303]  __kmalloc_noprof+0x316/0x760
[   83.526032][ T5303]  tomoyo_supervisor+0xc22/0x1570
[   83.528259][ T5303]  tomoyo_path_permission+0x25a/0x380
[   83.530797][ T5303]  tomoyo_path_perm+0x3f3/0x560
[   83.533257][ T5303]  security_inode_getattr+0x12b/0x310
[   83.536446][ T5303]  __x64_sys_newfstat+0x13b/0x270
[   83.538799][ T5303]  do_syscall_64+0x14d/0xf80
[   83.540889][ T5303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.543619][ T5303] 
[   83.544844][ T5303] Memory state around the buggy address:
[   83.547682][ T5303]  ffffc9000a5af380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.551714][ T5303]  ffffc9000a5af400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   83.555193][ T5303] >ffffc9000a5af480: f8 f2 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2 00 00 02 f2
[   83.558817][ T5303]                                                              ^
[   83.563231][ T5303]  ffffc9000a5af500: f2 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f2 f8 f2 f8 f2
[   83.566880][ T5303]  ffffc9000a5af580: f8 f2 f8 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f8 f2 f2
[   83.570361][ T5303] ==================================================================
[   83.592179][ T5303] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   83.595897][ T5303] CPU: 0 UID: 0 PID: 5303 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   83.600757][ T5303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   83.605451][ T5303] Workqueue: hci0 hci_rx_work
[   83.607381][ T5303] Call Trace:
[   83.609192][ T5303]  <TASK>
[   83.610450][ T5303]  vpanic+0x56c/0xa60
[   83.612520][ T5303]  ? __pfx_vpanic+0x10/0x10
[   83.615068][ T5303]  panic+0xc5/0xd0
[   83.616655][ T5303]  ? __pfx_panic+0x10/0x10
[   83.618745][ T5303]  ? preempt_schedule_thunk+0x16/0x30
[   83.621099][ T5303]  ? preempt_schedule_thunk+0x16/0x30
[   83.623306][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.625438][ T5303]  check_panic_on_warn+0x89/0xb0
[   83.627828][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.630057][ T5303]  end_report+0x73/0x180
[   83.631986][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.634349][ T5303]  kasan_report+0x128/0x150
[   83.636436][ T5303]  ? trace_kmem_cache_alloc+0x29/0xf0
[   83.638960][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.640987][ T5303]  kasan_check_range+0x264/0x2c0
[   83.643246][ T5303]  ? l2cap_send_cmd+0x2a3/0xb90
[   83.646403][ T5303]  __asan_memcpy+0x29/0x70
[   83.648414][ T5303]  l2cap_send_cmd+0x2a3/0xb90
[   83.650699][ T5303]  l2cap_recv_frame+0xc576/0x10580
[   83.652962][ T5303]  ? __lock_acquire+0x6b5/0x2cf0
[   83.655231][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.657899][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   83.660353][ T5303]  ? rcu_is_watching+0x15/0xb0
[   83.662632][ T5303]  ? lock_release+0x4b/0x3d0
[   83.664972][ T5303]  ? unwind_next_frame+0x1aaf/0x23c0
[   83.667569][ T5303]  ? unwind_next_frame+0xa5/0x23c0
[   83.670188][ T5303]  ? unwind_next_frame+0x1aaf/0x23c0
[   83.672658][ T5303]  ? __pfx_l2cap_recv_frame+0x10/0x10
[   83.675459][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.677732][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.679919][ T5303]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   83.682795][ T5303]  ? ret_from_fork_asm+0x1a/0x30
[   83.685355][ T5303]  ? stack_trace_save+0xa9/0x100
[   83.687873][ T5303]  ? __pfx_stack_trace_save+0x10/0x10
[   83.690388][ T5303]  ? check_path+0x21/0x40
[   83.692687][ T5303]  ? check_noncircular+0xda/0x150
[   83.695385][ T5303]  ? add_lock_to_list+0xc7/0x100
[   83.697900][ T5303]  ? lockdep_unlock+0x5d/0xd0
[   83.700400][ T5303]  ? __lock_acquire+0x146e/0x2cf0
[   83.702548][ T5303]  ? lockdep_hardirqs_on+0x7a/0x110
[   83.704701][ T5303]  ? __mutex_trylock_common+0x158/0x260
[   83.706908][ T5303]  ? __pfx___mutex_trylock_common+0x10/0x10
[   83.709627][ T5303]  ? rcu_is_watching+0x15/0xb0
[   83.711935][ T5303]  ? trace_contention_end+0x3d/0x150
[   83.714530][ T5303]  ? __mutex_lock+0x319/0x1300
[   83.716789][ T5303]  ? l2cap_recv_acldata+0x2e3/0x13e0
[   83.719367][ T5303]  ? l2cap_recv_acldata+0x30b/0x13e0
[   83.722003][ T5303]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   83.724520][ T5303]  ? __pfx___mutex_lock+0x10/0x10
[   83.726852][ T5303]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   83.730147][ T5303]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[   83.733418][ T5303]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[   83.736225][ T5303]  ? l2cap_recv_acldata+0x41/0x13e0
[   83.738253][ T5303]  l2cap_recv_acldata+0x7e9/0x13e0
[   83.740530][ T5303]  hci_rx_work+0x4f9/0x1030
[   83.742749][ T5303]  ? process_scheduled_works+0xa8d/0x18c0
[   83.745658][ T5303]  process_scheduled_works+0xb6e/0x18c0
[   83.748148][ T5303]  ? __pfx_process_scheduled_works+0x10/0x10
[   83.750768][ T5303]  ? assign_work+0x3d5/0x5e0
[   83.752843][ T5303]  worker_thread+0xa53/0xfc0
[   83.754934][ T5303]  kthread+0x388/0x470
[   83.756725][ T5303]  ? __pfx_worker_thread+0x10/0x10
[   83.759177][ T5303]  ? __pfx_kthread+0x10/0x10
[   83.761285][ T5303]  ret_from_fork+0x51e/0xb90
[   83.763262][ T5303]  ? __pfx_ret_from_fork+0x10/0x10
[   83.765485][ T5303]  ? __switch_to+0xc7d/0x1450
[   83.767583][ T5303]  ? __pfx_kthread+0x10/0x10
[   83.769519][ T5303]  ret_from_fork_asm+0x1a/0x30
[   83.771736][ T5303]  </TASK>
[   83.773817][ T5303] Kernel Offset: disabled
[   83.775922][ T5303] Rebooting in 86400 seconds..