program:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000040)=""/4096, 0x1000}, {&(0x7f0000001040)=""/133, 0x85}, {&(0x7f0000001100)=""/154, 0x9a}], 0x3)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001200)=<r1=>0x0)
fcntl$lock(r0, 0x7, &(0x7f0000001240)={0x2, 0x2, 0x64d, 0x7, r1})
r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001280)={0xffffffffffffffff, 0x6}, 0xc)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000015c0)={0x18, 0x1c, &(0x7f00000012c0)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7f}}, @jmp={0x5, 0x1, 0x5, 0x6, 0x7, 0xffffffffffffffcc}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @generic={0xd, 0x1, 0x5, 0x6, 0xf1}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @map_val={0x18, 0x7, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0xb0db}], &(0x7f00000013c0)='syzkaller\x00', 0x80000000, 0xef, &(0x7f0000001400)=""/239, 0x41000, 0x8, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000001500)={0x1, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000001540)=[{0x1, 0x1, 0x1, 0x4}, {0x2, 0x1, 0x5, 0x5}, {0x4, 0x2, 0x2, 0xb}, {0x2, 0x4, 0xe, 0x5}, {0x5, 0x4, 0x1, 0x3}, {0x5, 0x3, 0x7, 0x5}, {0x2, 0x1, 0xe, 0x7}, {0x5, 0x2, 0x6, 0x4}], 0x10, 0x9}, 0x94)
r4 = accept$nfc_llcp(r0, &(0x7f0000001680), &(0x7f0000001700)=0x60)
ioctl$NILFS_IOCTL_SET_ALLOC_RANGE(r4, 0x40106e8c, &(0x7f0000001740)=[0x800, 0x4000])
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000017c0), r0)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000001ac0)={&(0x7f0000001780)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001a80)={&(0x7f0000001800)={0x278, r5, 0x200, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x0, 0x22}}}}, [@NL80211_ATTR_TID_CONFIG={0x1dc, 0x11d, 0x0, 0x1, [{0xf8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x41}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0xec, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1e, 0x2, [{0x3, 0x8}, {0x7}, {0x1, 0xa}, {0x0, 0xa}, {0x4, 0x8}, {0x2, 0x5}, {0x2, 0x5}, {0x0, 0x7}, {0x0, 0xa}, {0x4, 0x9}, {0x3, 0x1}, {0x1, 0x4}, {0x7, 0x2}, {0x6, 0x5}, {0x5}, {0x7, 0x7}, {0x4, 0x4}, {0x1, 0x3}, {0x3, 0x9}, {0x4, 0x3}, {0x7, 0x2}, {0x3, 0x2}, {0x4}, {0x3, 0x8}, {0x4, 0x9}, {0x2, 0x3}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x73b4, 0x9, 0xff, 0x4, 0x9940, 0x2, 0x4]}}]}, @NL80211_BAND_5GHZ={0xa8, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4ae, 0xfff, 0x6, 0x8, 0x8, 0x6, 0xe, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x3a, 0x2, [{0x6, 0x2}, {0x0, 0x7}, {0x5, 0x1}, {0x2, 0x5}, {0x5, 0x4}, {0x6, 0x5}, {0x7, 0x8}, {0x6, 0x8}, {0x5, 0x7}, {0x1, 0x5}, {0x3, 0x2}, {0x0, 0xa}, {0x2, 0x3}, {0x1, 0x9}, {0x5, 0x8}, {0x6, 0x1}, {0x3, 0x8}, {0x3, 0x3}, {0x7, 0x4}, {0x4, 0x3}, {0x2, 0x3}, {0x2, 0xa}, {0x4, 0x3}, {0x7}, {0x1, 0x3}, {0x7, 0x8}, {0x2}, {0x1}, {0x2, 0x5}, {0x0, 0x5}, {0x5, 0x4}, {0x0, 0x6}, {0x2, 0x5}, {0x5, 0x6}, {0x2, 0x1}, {0x1, 0x3}, {0x1, 0x5}, {0x4, 0x9}, {0x2, 0x1}, {0x0, 0x2}, {0x5, 0x5}, {0x1, 0x7}, {0x4, 0x4}, {0x5, 0x4}, {0x4, 0x7}, {0x3, 0x9}, {}, {0x7, 0x4}, {0x4, 0x7}, {0x5, 0x2}, {0x0, 0x9}, {0x7, 0xa}, {0x6, 0x4}, {0x0, 0x9}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x200, 0xe5d, 0x5, 0x6, 0x4, 0x4, 0xe00, 0xa]}}, @NL80211_TXRATE_HT={0x27, 0x2, [{0x2, 0x7}, {0x1, 0x5}, {0x5, 0x2}, {0x7, 0x6}, {0x4, 0x1}, {0x3, 0x1}, {0x6, 0x5}, {0x5, 0xa}, {0x2, 0x6}, {0x1, 0xa}, {0x4, 0x1}, {0x7, 0x1}, {0x6, 0x3}, {0x7, 0xa}, {0x5, 0xa}, {0x0, 0xa}, {0x5, 0x2}, {0x1, 0xa}, {0x7, 0x2}, {0x0, 0x2}, {0x4}, {0x7, 0x4}, {0x6, 0x5}, {0x5, 0x3}, {0x2, 0x9}, {0x6, 0x1}, {0x1, 0x1}, {0x5, 0xa}, {}, {0x7, 0x9}, {0x0, 0x9}, {0x7, 0x9}, {0x1, 0xa}, {0x6, 0x3}, {0x5, 0x6}]}]}]}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x3e}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xda}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x35}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xd4}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x47}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xef}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xa0}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x9a}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x7c, 0x11d, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x6}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xf}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7ff}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xfa}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xd2}]}]}]}, 0x278}, 0x1, 0x0, 0x0, 0x4000800}, 0x4010)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r4, 0x4048587b, &(0x7f0000002fc0)={{<r6=>r0, &(0x7f0000001b00)='/sys/kernel/debug/binder/transactions\x00', 0x200, &(0x7f0000001b40)={@_ha_fsid={[0x0, 0x2]}, {0xfff8, 0x1, 0x1, 0x7}}, 0xf, &(0x7f0000001b80)={@_ha_fsid}, &(0x7f0000001bc0)=0x9}, 0x4, &(0x7f0000002f40)=[{0x2, 0x2, &(0x7f0000001c00)='((-^+\x00', &(0x7f0000001c40)="f7122ca9e04dda388d8ff2423a8da761cbef1a2bb349fedb0889f4039cb58cdda81435a766ff7216b9f32472f53f0a093c4f752f7a599775d906eaf65860d19106d2b67335d3e52481a6b4dd991e36b5404b8d09f8b353453294005151fee1a8f5a6115c3436dad2d431689f640a0562d6e8ae85d49f56a5438f82a00d14ce672de12d14345fe5f49ba836d8e789545cebca6c4a336107ffb4d5c66084805a982a1923993ada37a4fad9196a5b55d06bec815ecf4a862d45d24cd79ab2eaa25becd4db102008e99e799c49e8ae53ceadbe1c8e1c88b3db342e7649b836f60bea4247fb8e17e7fe15cdf3a976e0bea4f0bb0dc82928f4bdec70672fb4113715d5e6eaeff729a11282cd2137ac72185ec5b8c11722dc1dc69c7e89025b713867ada87f1a9277a1812c59020553ee1e5fbb4871fcbc061a5157642f1900952591c9b66b69a2d1082e7c78a7c4bb0be79da1896b10c9d1cde3a947d98b6798a570a4b4c7941aca16e69526bde100d179bb6fa140d799995c31c414b77547e48363587fcb4f248373340b4e2965c4b61d6ab23816166a880b92a3e7af37382ce9001729ef2fe4d0675038a1ce077e992d894b66c2af772ee2806f57a3f6f85a279a8095ac692bf413bf72988d7bd54c2d7485267c3d220e36db1e04668516ebb036c1d664ed4356a91a37f150e4d68220ac8aa37787e7f56c34bfa276dcc56939c8ad2e1040a4de3bd28992d4aa966d63ee549f4ac8716c2578246ee50643f44178fd009905e1cd9011ec94a78bdd9de07619198735983986561469182bb34204c5ae6151221574948744c560cee700c9c56a5860e5be83f36f7faf0d5e5c1ee68395b3b614f016ac057038391bc6f43f073c93cef24863c8f2ee1f1bc17db55e566384d7e73d980b72eab838296b86ee8da0a7f4fac97e1be90e123820bd2587ae7184ef8a4c3e6d30134a9c8cd156629f4163b7f8279823ad83cca11f587d7bd57ff1771fe3ae08b555a1c0425a035f8a716844323dcb4bb803011a2d88ea1a95a26754917181f42a77c63a3e6c9f400d218c42ae21a55da9ce0db7b16856ddb9d6a3c611c2c22d102e98bbe0381b3aa4b42f8ce08b2a0c80a5d66a6f5d8010bfdb287a5be87a56c4f2c1b7cdb597c3ef361a8fb68e94a9c54063dd60c2d4a9cab86014154d7f389c2307128e0c72e6f480bb2a7b4a0a3180f7acf415e01e169fab5547570e5f95753ca1e6bad0747cab3c56cbd8f10edd4984fa3a958dfe5cecafbcae6169e9e4f54bf1246eb09b151a9ed48094ed58e963d71ad239bf9018b8430b1196ccd1ac9761b5d6f42ca5c22838dc95b95c19211678edd6032476c7065408f8d1c33e7eb9d341ada1f1d138ea77bfc911b840dfccca0c170726de67b7093db768b6b1ff57072c66dfe3a554cdceb87ebe1a7d13981226fe736a56a0583710bb277f88f6954a9c14364a95e0282098523e3fa5429d68d18eb33b60b6ba3a6198b8d59eea7e1832513fbb8bf495e558669c691e5674c85846ceb965cd84c59b07d20c38aee1b69147b4e3e280336d30e8fc0bb9b3f73e99e4d8f8453a932291fcce5986ddbb13cc568a82430d6a3ef61db9c434d7bae421a729ae12ed79acd55caca6811fc9dd2c8518336d74750537f2469af040f95e631dd7b0b561c37cf0f6960881e02e2838e9b93a88568210a4f1cf1abf412c466f133312122957dbeff185cf091f914fb1099cf8647d039a22fb40348c306cd8ee022a5750289b6e4ea707aac4b3ca850336828e156b075ffd3781e7d19b0d693f4c24046a54c651bd43cafd87ad27e2aeb2cfc9ccf6e1bbee09e3bfa2367961ecbc6db4c56a601a97b836ec475b983f2814e8b79bea27237e94d6832057ed80335fd929d62097fd3aead71d5d49cd3b0397b36ef973ee11084a297869e17dee6e42af0bc09c56d73441aabe39cae28ff97a1df432eaefc3af7187f8650683917d3bb30b9303e993b95105341af9c97b9bef5dc0710123943b8beb405046602cba8d48ecdc382dd61a4d3fc6d38d640171f2294997a9e17ea66c41a03a02d7da1d4dc9d8502801d858fbff2eaf357dcd2c2ae4a78fbe65aea6c7e293ac53a38c8a46969b54512dc04883652a19817c5efc5db2c66c6ac770eee2946094278be4573cf512a6cdaf13709403539468fcc2403478cac7938ca3e676a0e31f9e2514b9b1d74591d34aeab3c0cc223d5b09ba0e8ead3fedb0e120e3a97177cb1425a4562f3bc71e52f364dae64a8782785e1ae713437f7ea3ee507bf8045531f55bf4397601090e51aaffcd30c9b26efe2c1a03a48d44ebe8bcef2972805000d732b41eadb67daaed24515b674726e3e41fb5e2bdf73e0029e941f956bb248a8fc122c26aa8c38df6c7bf9c0e9723ef31fdf1746f702b6c0fa65dbe1658f87acacbfee64aea6f842acc737b74c5c77ef515a331a8d00de6ba67f8f512c033066a199f7555d8f694096b3a0a536e63b37630d011a2790310ca5764b28e1e556b13e0df7bd40d672730e7b86684ea1640c250c3cd11777e6929dd530440aec294c0ae6cd673478bf31f6e7b946c46a903b1eed71d55aa3cc3946d6ce5f4f45853aa33f8bd39e5fd67881e2fc7ea53352a959928dbd9bd503225b2f19c5bce1b228fe29e670b17aed345f5ac9345f68b0358d80aa6083fce00f00d9909b0ef6be8e86019d6705953af4c0254a7605ec8ab99165ac907645167d210a3e531ea677dd1645315bce7ce5f9726232bd174186e58cac5b975d8a2367c08d009c58601056d1f6b33237a30c7c3e7da9e69d592c25d59c579033e1d5a74ed7be4026d2bce018693dfe4b36310cf4d204afb46db2dd0e6b58fd3164af8b89da6c6f694beaa13a3eb5d5a8f563c3ea071b1f154f1e2cf1452d2a51da51109ae8d24a7252518179d6d1097eac7a66b01364f036f5df8118edb96ba1bd64a58cd15437600f3fca73d781eb3f1fe8df155b5f04a1f0edacf083055700051682ff80d125c4ae75db57af064d0ec641de2382385a0ae62841f5122d2e0d5de4160e8dc233429152a296d91bc7e4dd1a24adbc159d6d32cc7f2a36fa784b04603906ce6fd18d729ddd03d6c8904ce83a45a37eb8a30b96ce0dbec4b66593b66724de7a11c3026a50ec94c033bba7fe7f3e17cd500d277f50032872310c168651984b2104c1fb9d669f51278732f80e90b7fc549e32c295110eeb76951d723b48cf9114776051fd16aeef2a81f3796a341c07739b55e1983efa804175acd85fb66e29b5f880aeacfbbaecdfa9cbc15a2cfde7c2a02ea6fa41a2ebbce16e0a4d0820d63f748103775c811b104316fb1b0e0b593d868b2dab3692d774e1a98b702c8e45507430fa08a21bbaf840463d827814fe75f91fd728aaaad784802db4f558dfb363c6333634322338c2896196cc8fdb0dc7c4969dd2cc618008be766ba11650fb7c0b54d2f26d7fbea60a88c8117cf22c033d0514d01bf76f81845475401a9564cd347584cdcfcc27a53577e070fac67f97be712bb29fee7d4f30b7b897fd7017a8586ef3d60dd604b5e94691517b21bd85971aae8656f7f4fdb7fd880e7bb1c22ab7bcd94a6227541cc2639a5824bb21d3c18ea1e8d2935b4ab1df7dacd20499080ff3c5f1ff00f13383ad4fe4cbf4dbc3ac85d9cad2c157447fddbda6f16bd5a612c70153da6a1c19bb3c944b49fd02eadf28feb6446aec640d747baaa687e5c5acefd7184c70d18d4a8a9eef340695607f998008359350d812a2208e93030dd0b07b7228ba2471b89dfeca3f6c08f318640d3915b54b10e22e2b1f0b621cbc620f2495ddad303901f3fd9644802bbc5a80bd45c09f5df2b40d0a8deea46c82fd2901b39abb73a675de931ab71e3e179d174f5bad0fc4ee54c342d5d496f94441daf1028e6526b789071594c2bcab3c2d35b591c055280cff3e244af19a81e01d67248d4c535acecd9df4d5b2442f307acdc343a74820ec0a82662a017d03254396c3f902c577638ef669ddfceae9c1f915277315f51783324faa33a17d0715e085a823306a23e8de7767dc4e6efdc073d8d55c1262b5d0a1372d67dd0aeb017a4b2126056533856e6786debfc6ae0b811b8e880612ccc2473a22da554d5dbc8de12e368bc312730aa3e3fc4d8c8ac5ae0f5765b3cba5e16316a84bc250323867a967849596c06b540929461d06bb4a42fd2cdfcc7074a52abb7f6db2d2c58c209b7ac5e7dc5a46430a3a9d060392e27c1cf02a6e358308269393987396c1a1edd04d739dc0488767b66a1f55bfa4b108d868d3ceefe53f760f62c6bb23b817477218a7ff3003de17880645c7e3b6852d227c04a943b2ec53220344f047b8ec74e0428103737fc6218262d714c7fc9ae3c4c28698e132b69446bf01cb7cf2922a58090d70fc09dd6c78d0fbaec33a9cbcfb342e7a285f2190dc0f76580021188820b21fce49b6d2a314c1759c983cced308fd09f898b07e474de523a0c46fb61b74d1807717040045f48a17a64a29216903cae9094d2a66e2d8519afdb96220d87500bb402dd7cf9c9fbae395cf632d0780982dc8f0833468c874d3eca4fc70e722c4352c4d4201ffb54a5ea1b96835fbba2b82fb8b3d3268f53ac92019117392e78f28e492b74b96255dd2f47c99ea05fb195338d8d13ab592d56571726c16b03d6e46710f28f7236395b746d6d002a7f4c7d9475d32c7db2215f4ea3466b3be2ee606b02cea38caf64cca633e6f5603b44bef90d851c4997458477e0e0c3e65d4c740fbbfa8cbcdb9eb71be66a91fc7efe9d9629909090b80c3d29620b347f3d1887081d4f72cbf95b1c1ca87309be64b645957ff25c155093ec2f29fcd8055a6f1ffdf7ffc4f74a12bd20e9a9658cb42e7f7858eaa464ff0282b84bd6009a701370b533d3608ee4ab4aff9fb89d609bdd1232df5fe88f6ba0797fe70d0dd7838a69d830c75e19bef97349a9aa07d9c75bada57e90f994c229fafac0f65e62719f0a7561dfe47d64ce17855badebf72fa5d42e48a742a524e61203336a4f1837d7faef9f9343533eed8f27c3cbcaf03ed0d3ab6f5a443a2a2c1489a1c53009e12cabfb5919385d215bf1bf88d16e2c0be59444c432510cc6e8eb06124d05d364137d9bfe95fb98af383bdf722cf1506dea89630e0ff1ecb207096a5768de091d087e9096667108101c69bc64cb5d07a6fd631b444c15a4ec2eaa2097373a58c38dc77dcc7c55743c7e0539aef3aa145283d8ae11236909623a2e74f012cb0a0d44058e39f6c06cf20ebd6febf4a1cf4db3fb133b25ed6e4edc11cb01b041206bbcdaf6cd4d8a1adc83f94203b4fb3e66542af36437acd3f811347f8fa40cbe27e0621e16bf9559dc63a35f9c520def9e20309e48074d12037d7ef31b7dbb73483b59d60cc4a00ba1d31f6ef9653bc821b9b489f7d3dacfdb8b2c59768bda3d1d8223977f907a3f8fcf172f1f2425ecac9a5b63af2c3fc7b0ceeef2509f0b9da5fd73de7038ecb361a31732cfb1ee6584fa460b29114155c6069052063398f527525299559d8228260e7c76d758935d569b9df364c3e423296f6b0c03d00640f5076865eae7d9c508b9d4dd078d98769c8187d502e9c5ecb9c0f6e61a71da0861c79294a99edf44a7195615de810f4908aada2f1ec986797830371f7b2073dee7d5bc1962adf1e6c96af8ba3e0a6fa6d7b15159e92963dbadc8b2233edbba55ad865222f3292ff6e5b5321e28f430c0eda658bb09ba24945b5f1cef359cec7d030ed56371a89632bd4e7c1dacb9de5750", 0x1000, 0x10}, {0x1, 0xfffffffd, &(0x7f0000002c40)='-[\x98\xa1:$^,\x00', &(0x7f0000002c80)="93aaa496c85349a03c973b427a2cbc85b2de119a74a64b9d1fc9263c7eeae59f6c647f42552e531dd123d6c6fafdc1f499d7ac543a971e3c0862758a0197f70d9c2006", 0x43, 0x20}, {0x1, 0x44e, &(0x7f0000002d00)='\x00', &(0x7f0000002d40)="891a1d856afe827425f4a068120bc248f2ea2aa0a49a8b924cb084ae7ebc8b2d52873b719690d19796e2ec9cead9271adb4bf100667851dd14738b90f2796232339f2e1ed53e9e9f59b2026116e9f00cd9863563465c329131142a2231f3fe3e04f23491b1c92616a319cf07e3d66c3a31fe2210895f17e40fcf197dceedd949132a513b87c10e3090a55c56bb7645a3137e7ff71cfd2ae5aafecd647a103c8b81fbe93d61bdd201a00ce96729336e25b7bc5558c591a6ae2215bb6ec75cb0df769c51388026be7fe4b9e2a0b0d8e8ebe0f108e1b9793c400a6fafa5def80f4058e9927d516ed9677c6c69b64362f40e0fe66547244d64d0d46d0e80", 0xfc, 0x10}, {0x3, 0x1000, &(0x7f0000002e40)='!\x00', &(0x7f0000002e80)="53487bb547a69caa01e99a45847f3e26c2b1a0c9275b06111ae1c8f07aa0347ab3fb0701eeef6df1191d2244b0dbe83f3e5a96e951921e8aefffb4bb7430089a2b576050981cd3f0f151d36b1ade0225a1d9ab872a09a4403d07e8df22535a38429f46da384a2857b45410ed1785bd7a46e04e078a58883d93b1fa65843a64ea9cbcf842c99b3275ccf32a66a172204bf4109add1cf558abd12931dab6f2f785512e60bcfb1e0416b171348d", 0xac, 0x2}]})
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r6, &(0x7f0000003100)={&(0x7f0000003040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000030c0)={&(0x7f0000003080)={0x14, 0x7, 0x1, 0x401, 0x0, 0x0, {0x0, 0x0, 0x5}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x20008000)
timer_create(0x2, &(0x7f0000003140)={0x0, 0x36, 0x1, @tid=r1}, &(0x7f0000003180)=<r7=>0x0)
clock_gettime(0x0, &(0x7f00000031c0)={<r8=>0x0, <r9=>0x0})
timer_settime(r7, 0x0, &(0x7f0000003200)={{0x0, 0x989680}, {r8, r9+10000000}}, &(0x7f0000003240))
ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f00000032c0)={0x60, 0x15, 0x3, 0x8528, 0x2e, 0x0, &(0x7f0000003280)="8a0f504c00b9ab279538e43cfd0cbe798db7ed892f36a9c52f6d908f2451b8e32ccfd881337723235071909f01ee"})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000003300)=0x3)
write$tun(r6, &(0x7f0000003340)={@val={0x0, 0xc}, @val={0x2, 0x1, 0x1, 0x1, 0x5, 0x5}, @ipv6=@dccp_packet={0xf, 0x6, ']I<', 0x3a5, 0x21, 0xff, @dev={0xfe, 0x80, '\x00', 0x42}, @private1, {[@fragment={0x29, 0x0, 0x94, 0x0, 0x0, 0x0, 0x65}, @routing={0xb4678a9c9db3daa3, 0xa, 0x1, 0x9, 0x0, [@private1, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @local, @private0={0xfc, 0x0, '\x00', 0x1}]}, @fragment={0x6, 0x0, 0xc, 0x1, 0x0, 0x7, 0x67}, @routing={0x5e, 0xc, 0x2, 0x81, 0x0, [@private2={0xfc, 0x2, '\x00', 0x1}, @remote, @dev={0xfe, 0x80, '\x00', 0x29}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2, @dev={0xfe, 0x80, '\x00', 0x35}]}, @hopopts={0x3c, 0x38, '\x00', [@calipso={0x7, 0x20, {0x0, 0x6, 0xaa, 0x5, [0x8, 0x4, 0x9]}}, @generic={0xf9, 0x8e, "dabe6ea53ee8b3e92cafc68447e5f8fd06d992c0f2a2e0bb115c688a3e4c72269b20519b6b968900f55ae6b472caf7d8084af8b2827514253e5ce079c5fde579b242bcbf24c06d4381c5f6a2ab48995db2040b32af33d2c59276c7fa1451f6ca144a02712af62e0c583d320ccf92346d95c7e523f5bed93bb62ef083dac69cbd7d57d573b0ddc22a512eff9c1b62"}, @generic={0x3, 0xca, "d6c1c960fd04cdd4b61871340df81f15d7f1646b30389660b7542a8f9e14efa54185f396689101dbb4ca3e0dce3d844f187c15024798f4b29d28b74514220d358e3a04f6c3a3881704f4a7ebffb33f0c095ab0531e53b759c45db5b7e3f894d4fbb7eef607f69df370d73f1647a39e3ca83a6462be05da6b7ac74d68723b4090aeaf0312b1093f87d1db68f8aab917e274485a1bdb4337dd1b7197eb9c6e3af3546ca56661c2a2d20fbe3e08cd29ed22d358847cdc05069205d1198fcf4311c1138799cfa0223fdeb00b"}, @pad1, @jumbo={0xc2, 0x4, 0x1d}, @calipso={0x7, 0x28, {0x2, 0x8, 0xf4, 0x3, [0x9, 0x7, 0x100, 0x9]}}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim, @generic={0x0, 0x5, "14cbdfddd3"}, @enc_lim={0x4, 0x1, 0x63}]}], {{0x4e23, 0x4e22, 0x4, 0x1, 0x2, 0x0, 0x0, 0x1, 0x6, "d8103b", 0x8, "64c454"}, "5c2d54262e1e65fbe3c1db2b2a7cb81f990d83430f9b2f0aea8ef93b925409688cdc8470d06938f3981c14664320b375e53137f8ba8d29351a47b1b0392cb7dbaa3b0fb34095c316d5690bf3d52842027bd232c86b3dfee4e1bc21701021898d56c959ee58a750a809a41fe6b941fc61522622e4202862a190f28ebe83b95f96e734290b583928738b93abd7fd7482fa75fcb44895256a24d7ae1183e600738201fcf0e92487a76bcfc6ab1a76f3755e5af9072ce7ca9d74cc1fe7cd3ff5b61edc0bae7236a85d28ead08ceeced3faa24efcfa769069b05c643c8fd7b3cc3505fcde88d7fd1f8195b4da0168c2f41f4cd42109e00d"}}}}, 0x3db)
pipe2(&(0x7f0000003740)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x880)
syz_emit_vhci(&(0x7f0000003780)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x20}, @l2cap_cid_le_signaling={{0x1c}, @l2cap_ecred_conn_req={{0x17, 0x8, 0x18}, {0x1ff, 0x8, 0x0, 0x1, [0x8, 0x7fff, 0x3, 0x200, 0x83db, 0xffff, 0xfff7, 0x10]}}}}, 0x25)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003800), r0)
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f00000038c0)={&(0x7f00000037c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000003880)={&(0x7f0000003840)={0x38, r12, 0x4, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_BSSID={0xa}]}, 0x38}}, 0x8000)
openat$sr(0xffffffffffffff9c, &(0x7f0000003900), 0x80, 0x0)
r13 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000003940)={r11, 0x0, 0x25, 0x8, @val=@perf_event={0x381d}}, 0x18)
ioctl$NILFS_IOCTL_CHANGE_CPMODE(r13, 0x40106e80, &(0x7f0000003980)={0x0, 0x1})
ioctl$KVM_TDX_FINALIZE_VM(r10, 0xc008aeba, &(0x7f00000039c0))
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000003a00)={0x3, 0x80, 0x576, 0xb, 0xffffffff})
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000003a40)={<r14=>0x0, 0x4, 0x30, 0x8a, 0xf506}, &(0x7f0000003a80)=0x18)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000003ac0)={r14, 0x6, 0xfd, "a143e1ffd77dd5487a0d45cbd24754408004dc417ba350ba8ef822b0b7ddc68b3ab1244a6f737d046e67fc4d6c88851239f1eee48191512b2d9fc1c9ab6e57c3ffbea06ce0c4a0b0c6f6a5db5dd0b5d90a0ade3061c103f41f0f7a9277d0cc16ed72d572be0ce8874be850c9774ce8e91f1266d209e9a92c2ebd790fd2d48a2c44afb7aae465357eb17692da9d6f93bd67ba46dfb0ae3996fa5534363a345b39e43e0d1997b16e20505ad3a9dd391cd72ca19bdeda55967baff292bfa6cb3bee9d3b5c4b41c8611b9d26702df852d9b56a5f7d2f0c37b079ba0af2b91a98e45de25b4d400bb60081229a53daf8ece00f12abb7212055ab694a5cdecea1"}, 0x105)
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000003d00)={&(0x7f0000003c00)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000003cc0)={&(0x7f0000003c80)={0x30, r5, 0xd04, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x44840)

[  104.077257][ T5302] Bluetooth: hci0: command tx timeout
[  104.208036][ T5302] ==================================================================
[  104.212741][ T5302] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90
[  104.216551][ T5302] Read of size 24 at addr ffffc9000326f500 by task kworker/u5:2/5302
[  104.220158][ T5302] 
[  104.221359][ T5302] CPU: 0 UID: 0 PID: 5302 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[  104.221379][ T5302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.221391][ T5302] Workqueue: hci0 hci_rx_work
[  104.221416][ T5302] Call Trace:
[  104.221425][ T5302]  <TASK>
[  104.221432][ T5302]  dump_stack_lvl+0xe8/0x150
[  104.221454][ T5302]  print_report+0xba/0x230
[  104.221473][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.221486][ T5302]  kasan_report+0x117/0x150
[  104.221503][ T5302]  ? trace_kmem_cache_alloc+0x29/0xf0
[  104.221525][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.221539][ T5302]  kasan_check_range+0x264/0x2c0
[  104.221551][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.221563][ T5302]  __asan_memcpy+0x29/0x70
[  104.221579][ T5302]  l2cap_send_cmd+0x2a3/0xb90
[  104.221594][ T5302]  l2cap_recv_frame+0xc032/0x10240
[  104.221609][ T5302]  ? lock_release+0x4b/0x3d0
[  104.221624][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.221642][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.221661][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.221678][ T5302]  ? lock_release+0x4b/0x3d0
[  104.221691][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.221709][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.221725][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.221744][ T5302]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  104.221757][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.221774][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.221791][ T5302]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  104.221806][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.221824][ T5302]  ? stack_trace_save+0xa9/0x100
[  104.221836][ T5302]  ? __pfx_stack_trace_save+0x10/0x10
[  104.221849][ T5302]  ? check_path+0x21/0x40
[  104.221866][ T5302]  ? check_noncircular+0xda/0x150
[  104.221885][ T5302]  ? add_lock_to_list+0xc7/0x100
[  104.221903][ T5302]  ? lockdep_unlock+0x5d/0xd0
[  104.221914][ T5302]  ? __lock_acquire+0x146e/0x2cf0
[  104.221932][ T5302]  ? __mutex_trylock_common+0x158/0x260
[  104.221953][ T5302]  ? __pfx___mutex_trylock_common+0x10/0x10
[  104.221972][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.221988][ T5302]  ? trace_contention_end+0x3d/0x150
[  104.222007][ T5302]  ? __mutex_lock+0x319/0x1300
[  104.222021][ T5302]  ? l2cap_recv_acldata+0x2e3/0x13e0
[  104.222036][ T5302]  ? l2cap_recv_acldata+0x30b/0x13e0
[  104.222049][ T5302]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  104.222062][ T5302]  ? __pfx___mutex_lock+0x10/0x10
[  104.222075][ T5302]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  104.222087][ T5302]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[  104.222103][ T5302]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[  104.222117][ T5302]  ? l2cap_recv_acldata+0x41/0x13e0
[  104.222129][ T5302]  l2cap_recv_acldata+0x7e9/0x13e0
[  104.222142][ T5302]  hci_rx_work+0x4f9/0x1030
[  104.222155][ T5302]  ? process_scheduled_works+0xa25/0x1830
[  104.222170][ T5302]  process_scheduled_works+0xb02/0x1830
[  104.222191][ T5302]  ? __pfx_process_scheduled_works+0x10/0x10
[  104.222207][ T5302]  ? assign_work+0x3d5/0x5e0
[  104.222219][ T5302]  worker_thread+0xa50/0xfc0
[  104.222237][ T5302]  kthread+0x388/0x470
[  104.222247][ T5302]  ? __pfx_worker_thread+0x10/0x10
[  104.222261][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.222270][ T5302]  ret_from_fork+0x51e/0xb90
[  104.222282][ T5302]  ? __pfx_ret_from_fork+0x10/0x10
[  104.222307][ T5302]  ? __switch_to+0xc7d/0x1450
[  104.222326][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.222338][ T5302]  ret_from_fork_asm+0x1a/0x30
[  104.222358][ T5302]  </TASK>
[  104.222362][ T5302] 
[  104.430411][ T5302] The buggy address belongs to stack of task kworker/u5:2/5302
[  104.433904][ T5302]  and is located at offset 128 in frame:
[  104.436312][ T5302]  l2cap_recv_frame+0x0/0x10240
[  104.437974][ T5302] 
[  104.438787][ T5302] This frame has 26 objects:
[  104.440421][ T5302]  [32, 34) 'rsp.i241.i.i'
[  104.440438][ T5302]  [48, 88) 'chan.i.i.i'
[  104.442434][ T5302]  [128, 146) 'pdu_u.i.i.i'
[  104.444365][ T5302]  [192, 202) 'rsp.i94.i.i'
[  104.446418][ T5302]  [224, 226) 'rsp.i.i.i111'
[  104.448464][ T5302]  [240, 242) 'rej.i'
[  104.450536][ T5302]  [256, 258) 'rej.i145.i'
[  104.452326][ T5302]  [272, 274) 'rej.i143.i'
[  104.454302][ T5302]  [288, 290) 'req.i229.i.i'
[  104.456306][ T5302]  [304, 312) 'buf.i222.i.i'
[  104.458896][ T5302]  [336, 348) 'buf29.i.i.i'
[  104.461434][ T5302]  [368, 372) 'rsp49.i.i.i'
[  104.463580][ T5302]  [384, 393) 'rfc.i.i118.i.i'
[  104.465641][ T5302]  [416, 480) 'buf.i119.i.i'
[  104.467849][ T5302]  [512, 576) 'req.i120.i.i'
[  104.469901][ T5302]  [608, 617) 'rfc.i.i.i.i'
[  104.471931][ T5302]  [640, 656) 'efs.i.i.i.i'
[  104.474312][ T5302]  [672, 678) 'rej.i371.i.i.i'
[  104.476831][ T5302]  [704, 710) 'rej.i.i.i.i'
[  104.479589][ T5302]  [736, 800) 'rsp.i.i.i'
[  104.481876][ T5302]  [832, 896) 'buf.i.i.i'
[  104.483920][ T5302]  [928, 1056) 'req.i.i.i'
[  104.486450][ T5302]  [1088, 1096) 'rsp.i.i.i.i'
[  104.488969][ T5302]  [1120, 1122) 'info.i.i.i.i'
[  104.491346][ T5302]  [1136, 1264) 'buf.i.i.i.i'
[  104.494182][ T5302]  [1296, 1298) 'rej.i.i'
[  104.497713][ T5302] 
[  104.501164][ T5302] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003268000 allocated at copy_process+0x508/0x3cf0
[  104.506478][ T5302] The buggy address belongs to the physical page:
[  104.509743][ T5302] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41d07
[  104.514684][ T5302] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  104.518333][ T5302] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  104.522447][ T5302] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  104.526872][ T5302] page dumped because: kasan: bad access detected
[  104.531446][ T5302] page_owner tracks the page as allocated
[  104.536522][ T5302] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 99733886825, free_ts 98009719148
[  104.547247][ T5302]  post_alloc_hook+0x231/0x280
[  104.550913][ T5302]  get_page_from_freelist+0x24dc/0x2580
[  104.555464][ T5302]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.559111][ T5302]  __alloc_pages_noprof+0xa/0x30
[  104.563008][ T5302]  __vmalloc_node_range_noprof+0x7be/0x1730
[  104.566744][ T5302]  __vmalloc_node_noprof+0xc2/0x100
[  104.569496][ T5302]  dup_task_struct+0x228/0x9a0
[  104.572152][ T5302]  copy_process+0x508/0x3cf0
[  104.575753][ T5302]  kernel_clone+0x248/0x8e0
[  104.579662][ T5302]  kernel_thread+0x13f/0x1b0
[  104.582856][ T5302]  kthreadd+0x4ec/0x6e0
[  104.584849][ T5302]  ret_from_fork+0x51e/0xb90
[  104.587041][ T5302]  ret_from_fork_asm+0x1a/0x30
[  104.589283][ T5302] page last free pid 5297 tgid 5297 stack trace:
[  104.591829][ T5302]  __free_frozen_pages+0xc2b/0xdb0
[  104.594085][ T5302]  __slab_free+0x263/0x2b0
[  104.596267][ T5302]  qlist_free_all+0x97/0x100
[  104.599047][ T5302]  kasan_quarantine_reduce+0x148/0x160
[  104.602704][ T5302]  __kasan_slab_alloc+0x22/0x80
[  104.605309][ T5302]  __kmalloc_noprof+0x316/0x760
[  104.607815][ T5302]  tomoyo_supervisor+0xc22/0x1570
[  104.610413][ T5302]  tomoyo_path_permission+0x25a/0x380
[  104.613273][ T5302]  tomoyo_path_perm+0x3f3/0x560
[  104.616218][ T5302]  security_inode_getattr+0x12b/0x310
[  104.618801][ T5302]  __x64_sys_newfstat+0x13b/0x270
[  104.621145][ T5302]  do_syscall_64+0x14d/0xf80
[  104.623274][ T5302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.626032][ T5302] 
[  104.627178][ T5302] Memory state around the buggy address:
[  104.629875][ T5302]  ffffc9000326f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.633671][ T5302]  ffffc9000326f480: f1 f1 f1 f1 f8 f2 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2
[  104.638455][ T5302] >ffffc9000326f500: 00 00 02 f2 f2 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f2
[  104.642061][ T5302]                          ^
[  104.644426][ T5302]  ffffc9000326f580: f8 f2 f8 f2 f8 f2 f8 f2 f2 f2 f8 f8 f2 f2 f8 f2
[  104.648461][ T5302]  ffffc9000326f600: f8 f8 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2
[  104.652178][ T5302] ==================================================================
[  104.669864][ T5302] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.673010][ T5302] CPU: 0 UID: 0 PID: 5302 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[  104.679327][ T5302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.687287][ T5302] Workqueue: hci0 hci_rx_work
[  104.689641][ T5302] Call Trace:
[  104.692517][ T5302]  <TASK>
[  104.694609][ T5302]  vpanic+0x56c/0xa60
[  104.697153][ T5302]  ? __pfx_vpanic+0x10/0x10
[  104.700032][ T5302]  panic+0xc5/0xd0
[  104.702176][ T5302]  ? __pfx_panic+0x10/0x10
[  104.704543][ T5302]  ? preempt_schedule_thunk+0x16/0x30
[  104.707045][ T5302]  ? preempt_schedule_thunk+0x16/0x30
[  104.709543][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.712645][ T5302]  check_panic_on_warn+0x89/0xb0
[  104.715369][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.718082][ T5302]  end_report+0x73/0x180
[  104.721366][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.725207][ T5302]  kasan_report+0x128/0x150
[  104.727439][ T5302]  ? trace_kmem_cache_alloc+0x29/0xf0
[  104.730229][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.734712][ T5302]  kasan_check_range+0x264/0x2c0
[  104.739253][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.742720][ T5302]  __asan_memcpy+0x29/0x70
[  104.744788][ T5302]  l2cap_send_cmd+0x2a3/0xb90
[  104.747996][ T5302]  l2cap_recv_frame+0xc032/0x10240
[  104.752341][ T5302]  ? lock_release+0x4b/0x3d0
[  104.756469][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.759509][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.762457][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.764877][ T5302]  ? lock_release+0x4b/0x3d0
[  104.767195][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.769739][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.772350][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.776061][ T5302]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  104.778997][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.781404][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.783754][ T5302]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  104.787123][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.789922][ T5302]  ? stack_trace_save+0xa9/0x100
[  104.792445][ T5302]  ? __pfx_stack_trace_save+0x10/0x10
[  104.795059][ T5302]  ? check_path+0x21/0x40
[  104.797059][ T5302]  ? check_noncircular+0xda/0x150
[  104.799223][ T5302]  ? add_lock_to_list+0xc7/0x100
[  104.801441][ T5302]  ? lockdep_unlock+0x5d/0xd0
[  104.803604][ T5302]  ? __lock_acquire+0x146e/0x2cf0
[  104.806145][ T5302]  ? __mutex_trylock_common+0x158/0x260
[  104.808974][ T5302]  ? __pfx___mutex_trylock_common+0x10/0x10
[  104.811672][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.814058][ T5302]  ? trace_contention_end+0x3d/0x150
[  104.816841][ T5302]  ? __mutex_lock+0x319/0x1300
[  104.819662][ T5302]  ? l2cap_recv_acldata+0x2e3/0x13e0
[  104.822684][ T5302]  ? l2cap_recv_acldata+0x30b/0x13e0
[  104.828695][ T5302]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  104.831870][ T5302]  ? __pfx___mutex_lock+0x10/0x10
[  104.834191][ T5302]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  104.837146][ T5302]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[  104.840225][ T5302]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[  104.843453][ T5302]  ? l2cap_recv_acldata+0x41/0x13e0
[  104.846135][ T5302]  l2cap_recv_acldata+0x7e9/0x13e0
[  104.849058][ T5302]  hci_rx_work+0x4f9/0x1030
[  104.851795][ T5302]  ? process_scheduled_works+0xa25/0x1830
[  104.854639][ T5302]  process_scheduled_works+0xb02/0x1830
[  104.858522][ T5302]  ? __pfx_process_scheduled_works+0x10/0x10
[  104.862152][ T5302]  ? assign_work+0x3d5/0x5e0
[  104.864458][ T5302]  worker_thread+0xa50/0xfc0
[  104.866801][ T5302]  kthread+0x388/0x470
[  104.869099][ T5302]  ? __pfx_worker_thread+0x10/0x10
[  104.872037][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.874684][ T5302]  ret_from_fork+0x51e/0xb90
[  104.877585][ T5302]  ? __pfx_ret_from_fork+0x10/0x10
[  104.882143][ T5302]  ? __switch_to+0xc7d/0x1450
[  104.885975][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.888177][ T5302]  ret_from_fork_asm+0x1a/0x30
[  104.890433][ T5302]  </TASK>
[  104.892311][ T5302] Kernel Offset: disabled
[  104.896583][ T5302] Rebooting in 86400 seconds..