program: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_GET_MSRS_cpu(r0, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x2b7, 0x0, 0xfffffffffffffffc}]}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x412080, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r1, 0x80083313, &(0x7f0000000080)) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @initdev, @multicast1}, &(0x7f0000000100)=0xc) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6_vti0\x00', r2, 0x2f, 0x7, 0x3, 0xbc, 0x40, @private1={0xfc, 0x1, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x1, 0xffffff7a}}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5) r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000240), 0x509802, 0x0) ioctl$SNAPSHOT_POWER_OFF(r6, 0xc0045878) sendmsg$sock(r6, &(0x7f00000004c0)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x3, {{0x0, 0x4}, 0x3}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000300)="5cd1014ddf3afadde298d317499e34d1f4de3ea93ff5b05569ecf84ea4ebbf6e30289137aa63c5b92c2692201752239377eff3881c0e45fae90ccf65dfa3b16ace879adc78715369a61279e0403160bc9800a95055edfb5ad8c4c7af1f5f59d31dc7fad696cb28f1a7e1c005619f76a0e2f803e9f3bf8d55fa08489e", 0x7c}, {&(0x7f0000000380)="93f0f174e8759d384d13ef5af7f2fb9eb6a43a22b4aa272361ab9bb62c3fb93b11cd0e695da4b74c6e7aca67bc93528d91308b632bda0ec1a7179f7163fe62bce0a2e2cb12cd42ed84e08e26279237258dc9818424196f5775cf96942ce19cf37b8969432ff015327c005202ae8138ef00db6f8c00", 0x75}], 0x2, &(0x7f0000000440)=[@txtime={{0x18, 0x1, 0x3d, 0xeeb}}, @mark={{0x14, 0x1, 0x24, 0x8000}}, @mark={{0x14, 0x1, 0x24, 0x7f}}, @timestamping={{0x14, 0x1, 0x25, 0x400}}], 0x60}, 0x20000000) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), r6) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000600)={'erspan0\x00', &(0x7f0000000580)={'tunl0\x00', r3, 0x20, 0x1, 0x1, 0x1, {{0x10, 0x4, 0x3, 0x3a, 0x40, 0x64, 0x0, 0x0, 0x4, 0x0, @broadcast, @empty, {[@timestamp_prespec={0x44, 0x2c, 0x15, 0x3, 0x1, [{@remote, 0x7}, {@rand_addr=0x64010100, 0x101}, {@broadcast, 0x4e7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@empty, 0x5}]}]}}}}}) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x49bdcd9597ead127}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0xc0, r7, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r6, 0x5760, 0x0) setsockopt$inet6_int(r6, 0x29, 0x49, &(0x7f0000000780)=0x3ff, 0x4) syz_emit_vhci(&(0x7f00000007c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x1c}, @l2cap_cid_le_signaling={{0x18}, @l2cap_ecred_conn_req={{0x17, 0x86, 0x14}, {0x40, 0x1, 0x6, 0xa, [0x5, 0x4, 0x4, 0x7, 0x1, 0xd]}}}}, 0x21) fstatfs(r1, &(0x7f0000000800)=""/40) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000840)={0x0, r6, 0x400, 0x4, 0x9, 0x3}) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000880)={'wpan4\x00'}) ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r6, 0x8010aebc, &(0x7f00000008c0)={0x1}) r9 = add_key$fscrypt_provisioning(&(0x7f0000000900), &(0x7f0000000940)={'syz', 0x3}, &(0x7f0000000980)={0x1, 0x0, @a}, 0x48, 0xfffffffffffffffa) keyctl$revoke(0x3, r9) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000a40), r4) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r4, &(0x7f0000000b40)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2842b100}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x4c, r10, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3e}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x80}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x7f}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r6, 0x5411, &(0x7f0000000b80)) r11 = syz_genetlink_get_family_id$smc(&(0x7f0000000c00), r6) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x28, r11, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x80) write$RDMA_USER_CM_CMD_REJECT(r6, &(0x7f0000000d80)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x81, "cd7407", "121ccf7e378c25d23c84acdd0f9769d3ec8c24085688ecf42e0ca6d055da5d325fd87ebb7b09ca1230cfdcfacc0275e89ef635ec8a1693f8d16624553c74b480b009aaa456048019aeea161e2a477c892f33c5825f02a210c4817c965be45349df6e9e507a50a848e2b88ae2c5e5ebdec5813fc8a50049a8ad589156ad12fadd232836d822aba547ba9a0835631525e5382a8f5b0109d04cd6069c3c0bc0e7e18b1508e27e1d14b870c5e5ccb5ecda24f9c220b84142c087a45f6d4f58c27998241cc6338c5572ce98ef5fbce219bf77a11acb1ba6efb9a088000e5cfaadc3759a2bb4966d375c82b8c65190119276c80f99e5184509a5d7c4a20b7b858f6145"}}, 0x110) [ 104.161890][ T5303] Bluetooth: hci0: command tx timeout [ 104.166804][ T5303] ================================================================== [ 104.170572][ T5303] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90 [ 104.175250][ T5303] Read of size 20 at addr ffffc9000f5a74e0 by task kworker/u5:2/5303 [ 104.178818][ T5303] [ 104.179920][ T5303] CPU: 0 UID: 0 PID: 5303 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) [ 104.179941][ T5303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.179952][ T5303] Workqueue: hci0 hci_rx_work [ 104.179975][ T5303] Call Trace: [ 104.179984][ T5303] [ 104.179992][ T5303] dump_stack_lvl+0xe8/0x150 [ 104.180013][ T5303] print_report+0xba/0x230 [ 104.180030][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.180042][ T5303] kasan_report+0x117/0x150 [ 104.180053][ T5303] ? trace_kmem_cache_alloc+0x29/0xf0 [ 104.180069][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.180082][ T5303] kasan_check_range+0x264/0x2c0 [ 104.180093][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.180104][ T5303] __asan_memcpy+0x29/0x70 [ 104.180120][ T5303] l2cap_send_cmd+0x2a3/0xb90 [ 104.180133][ T5303] l2cap_recv_frame+0xc576/0x10580 [ 104.180147][ T5303] ? pick_next_task_fair+0x182/0x1740 [ 104.180162][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.180182][ T5303] ? unwind_next_frame+0xa5/0x23c0 [ 104.180205][ T5303] ? rcu_is_watching+0x15/0xb0 [ 104.180219][ T5303] ? lock_release+0x4b/0x3d0 [ 104.180233][ T5303] ? unwind_next_frame+0x1aaf/0x23c0 [ 104.180251][ T5303] ? unwind_next_frame+0xa5/0x23c0 [ 104.180268][ T5303] ? unwind_next_frame+0x1aaf/0x23c0 [ 104.180287][ T5303] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 104.180302][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.180319][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.180336][ T5303] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 104.180351][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.180370][ T5303] ? stack_trace_save+0xa9/0x100 [ 104.180382][ T5303] ? __pfx_stack_trace_save+0x10/0x10 [ 104.180401][ T5303] ? check_path+0x21/0x40 [ 104.180422][ T5303] ? check_noncircular+0xda/0x150 [ 104.180441][ T5303] ? add_lock_to_list+0xc7/0x100 [ 104.180461][ T5303] ? lockdep_unlock+0x5d/0xd0 [ 104.180477][ T5303] ? __lock_acquire+0x146e/0x2cf0 [ 104.180500][ T5303] ? __mutex_trylock_common+0x158/0x260 [ 104.180519][ T5303] ? __pfx___mutex_trylock_common+0x10/0x10 [ 104.180535][ T5303] ? rcu_is_watching+0x15/0xb0 [ 104.180550][ T5303] ? trace_contention_end+0x3d/0x150 [ 104.180561][ T5303] ? __mutex_lock+0x319/0x1300 [ 104.180574][ T5303] ? l2cap_recv_acldata+0x2e3/0x13e0 [ 104.180589][ T5303] ? l2cap_recv_acldata+0x30b/0x13e0 [ 104.180604][ T5303] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 104.180617][ T5303] ? __pfx___mutex_lock+0x10/0x10 [ 104.180630][ T5303] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 104.180643][ T5303] ? l2cap_conn_hold_unless_zero+0x179/0x2b0 [ 104.180659][ T5303] ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10 [ 104.180675][ T5303] ? l2cap_recv_acldata+0x41/0x13e0 [ 104.180691][ T5303] l2cap_recv_acldata+0x7e9/0x13e0 [ 104.180708][ T5303] hci_rx_work+0x4f9/0x1030 [ 104.180723][ T5303] ? process_scheduled_works+0xa8d/0x18c0 [ 104.180747][ T5303] process_scheduled_works+0xb6e/0x18c0 [ 104.180775][ T5303] ? __pfx_process_scheduled_works+0x10/0x10 [ 104.180793][ T5303] ? assign_work+0x3d5/0x5e0 [ 104.180809][ T5303] worker_thread+0xa53/0xfc0 [ 104.180832][ T5303] kthread+0x388/0x470 [ 104.180845][ T5303] ? __pfx_worker_thread+0x10/0x10 [ 104.180859][ T5303] ? __pfx_kthread+0x10/0x10 [ 104.180873][ T5303] ret_from_fork+0x51e/0xb90 [ 104.180895][ T5303] ? __pfx_ret_from_fork+0x10/0x10 [ 104.180913][ T5303] ? __switch_to+0xc7d/0x1450 [ 104.180929][ T5303] ? __pfx_kthread+0x10/0x10 [ 104.180939][ T5303] ret_from_fork_asm+0x1a/0x30 [ 104.180962][ T5303] [ 104.180966][ T5303] [ 104.345242][ T5303] The buggy address belongs to stack of task kworker/u5:2/5303 [ 104.349445][ T5303] and is located at offset 128 in frame: [ 104.351991][ T5303] l2cap_recv_frame+0x0/0x10580 [ 104.353986][ T5303] [ 104.355021][ T5303] This frame has 26 objects: [ 104.357001][ T5303] [32, 34) 'rsp.i244.i.i' [ 104.357015][ T5303] [48, 88) 'chan.i.i.i' [ 104.358928][ T5303] [128, 146) 'pdu_u.i.i.i' [ 104.360919][ T5303] [192, 202) 'rsp.i94.i.i' [ 104.363429][ T5303] [224, 226) 'rsp.i.i.i110' [ 104.366303][ T5303] [240, 242) 'rej.i' [ 104.368945][ T5303] [256, 258) 'rej.i145.i' [ 104.370857][ T5303] [272, 274) 'rej.i143.i' [ 104.372935][ T5303] [288, 290) 'req.i229.i.i' [ 104.374939][ T5303] [304, 312) 'buf.i222.i.i' [ 104.376935][ T5303] [336, 348) 'buf29.i.i.i' [ 104.379294][ T5303] [368, 372) 'rsp49.i.i.i' [ 104.381441][ T5303] [384, 393) 'rfc.i.i118.i.i' [ 104.383968][ T5303] [416, 480) 'buf.i119.i.i' [ 104.386851][ T5303] [512, 576) 'req.i120.i.i' [ 104.389311][ T5303] [608, 617) 'rfc.i.i.i.i' [ 104.391474][ T5303] [640, 656) 'efs.i.i.i.i' [ 104.393435][ T5303] [672, 678) 'rej.i371.i.i.i' [ 104.395328][ T5303] [704, 710) 'rej.i.i.i.i' [ 104.397555][ T5303] [736, 800) 'rsp.i.i.i' [ 104.399708][ T5303] [832, 896) 'buf.i.i.i' [ 104.401822][ T5303] [928, 1056) 'req.i.i.i' [ 104.404019][ T5303] [1088, 1096) 'rsp.i.i.i.i' [ 104.406444][ T5303] [1120, 1122) 'info.i.i.i.i' [ 104.408411][ T5303] [1136, 1264) 'buf.i.i.i.i' [ 104.410367][ T5303] [1296, 1298) 'rej.i.i' [ 104.412520][ T5303] [ 104.415644][ T5303] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc9000f5a0000 allocated at copy_process+0x508/0x3cd0 [ 104.421078][ T5303] The buggy address belongs to the physical page: [ 104.423887][ T5303] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12bd7 [ 104.428389][ T5303] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 104.432343][ T5303] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 104.436226][ T5303] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 104.439945][ T5303] page dumped because: kasan: bad access detected [ 104.443337][ T5303] page_owner tracks the page as allocated [ 104.445989][ T5303] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 99626548074, free_ts 78776405275 [ 104.454270][ T5303] post_alloc_hook+0x231/0x280 [ 104.456465][ T5303] get_page_from_freelist+0x24dc/0x2580 [ 104.459030][ T5303] __alloc_frozen_pages_noprof+0x18d/0x380 [ 104.461533][ T5303] __alloc_pages_noprof+0xa/0x30 [ 104.463805][ T5303] __vmalloc_node_range_noprof+0x7be/0x1730 [ 104.466411][ T5303] __vmalloc_node_noprof+0xc2/0x100 [ 104.468779][ T5303] dup_task_struct+0x275/0x9a0 [ 104.470934][ T5303] copy_process+0x508/0x3cd0 [ 104.473036][ T5303] kernel_clone+0x248/0x8e0 [ 104.475191][ T5303] kernel_thread+0x13f/0x1b0 [ 104.477447][ T5303] kthreadd+0x4ec/0x6e0 [ 104.479400][ T5303] ret_from_fork+0x51e/0xb90 [ 104.481453][ T5303] ret_from_fork_asm+0x1a/0x30 [ 104.483613][ T5303] page last free pid 5011 tgid 5011 stack trace: [ 104.486447][ T5303] __free_frozen_pages+0xc2b/0xdb0 [ 104.488728][ T5303] __slab_free+0x263/0x2b0 [ 104.490787][ T5303] qlist_free_all+0x97/0x100 [ 104.492944][ T5303] kasan_quarantine_reduce+0x148/0x160 [ 104.495383][ T5303] __kasan_slab_alloc+0x22/0x80 [ 104.497496][ T5303] kmem_cache_alloc_node_noprof+0x384/0x690 [ 104.500377][ T5303] __alloc_skb+0x1d0/0x7d0 [ 104.502566][ T5303] alloc_skb_with_frags+0xca/0x890 [ 104.504770][ T5303] sock_alloc_send_pskb+0x878/0x990 [ 104.507476][ T5303] unix_dgram_sendmsg+0x4fb/0x18d0 [ 104.509947][ T5303] sock_write_iter+0x49b/0x4f0 [ 104.512479][ T5303] vfs_write+0x61d/0xb90 [ 104.514356][ T5303] ksys_write+0x150/0x270 [ 104.516272][ T5303] do_syscall_64+0x14d/0xf80 [ 104.518225][ T5303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.520631][ T5303] [ 104.521617][ T5303] Memory state around the buggy address: [ 104.524133][ T5303] ffffc9000f5a7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 104.528547][ T5303] ffffc9000f5a7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 104.532231][ T5303] >ffffc9000f5a7480: f8 f2 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2 00 00 02 f2 [ 104.535626][ T5303] ^ [ 104.538965][ T5303] ffffc9000f5a7500: f2 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f2 f8 f2 f8 f2 [ 104.542467][ T5303] ffffc9000f5a7580: f8 f2 f8 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f8 f2 f2 [ 104.546375][ T5303] ================================================================== [ 104.567645][ T5303] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 104.570853][ T5303] CPU: 0 UID: 0 PID: 5303 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) [ 104.574991][ T5303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.579672][ T5303] Workqueue: hci0 hci_rx_work [ 104.582201][ T5303] Call Trace: [ 104.584196][ T5303] [ 104.585894][ T5303] vpanic+0x56c/0xa60 [ 104.588075][ T5303] ? __pfx_vpanic+0x10/0x10 [ 104.590211][ T5303] panic+0xc5/0xd0 [ 104.591909][ T5303] ? __pfx_panic+0x10/0x10 [ 104.593876][ T5303] ? preempt_schedule_thunk+0x16/0x30 [ 104.596312][ T5303] ? preempt_schedule_thunk+0x16/0x30 [ 104.598988][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.601650][ T5303] check_panic_on_warn+0x89/0xb0 [ 104.604153][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.606368][ T5303] end_report+0x73/0x180 [ 104.608331][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.610699][ T5303] kasan_report+0x128/0x150 [ 104.613324][ T5303] ? trace_kmem_cache_alloc+0x29/0xf0 [ 104.616510][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.618755][ T5303] kasan_check_range+0x264/0x2c0 [ 104.620967][ T5303] ? l2cap_send_cmd+0x2a3/0xb90 [ 104.623314][ T5303] __asan_memcpy+0x29/0x70 [ 104.625368][ T5303] l2cap_send_cmd+0x2a3/0xb90 [ 104.627683][ T5303] l2cap_recv_frame+0xc576/0x10580 [ 104.630443][ T5303] ? pick_next_task_fair+0x182/0x1740 [ 104.633003][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.635636][ T5303] ? unwind_next_frame+0xa5/0x23c0 [ 104.637991][ T5303] ? rcu_is_watching+0x15/0xb0 [ 104.640118][ T5303] ? lock_release+0x4b/0x3d0 [ 104.642343][ T5303] ? unwind_next_frame+0x1aaf/0x23c0 [ 104.645372][ T5303] ? unwind_next_frame+0xa5/0x23c0 [ 104.648668][ T5303] ? unwind_next_frame+0x1aaf/0x23c0 [ 104.651151][ T5303] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 104.653554][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.655855][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.658165][ T5303] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 104.661328][ T5303] ? ret_from_fork_asm+0x1a/0x30 [ 104.663971][ T5303] ? stack_trace_save+0xa9/0x100 [ 104.666449][ T5303] ? __pfx_stack_trace_save+0x10/0x10 [ 104.668997][ T5303] ? check_path+0x21/0x40 [ 104.671017][ T5303] ? check_noncircular+0xda/0x150 [ 104.673313][ T5303] ? add_lock_to_list+0xc7/0x100 [ 104.675997][ T5303] ? lockdep_unlock+0x5d/0xd0 [ 104.678544][ T5303] ? __lock_acquire+0x146e/0x2cf0 [ 104.680963][ T5303] ? __mutex_trylock_common+0x158/0x260 [ 104.683524][ T5303] ? __pfx___mutex_trylock_common+0x10/0x10 [ 104.686247][ T5303] ? rcu_is_watching+0x15/0xb0 [ 104.688606][ T5303] ? trace_contention_end+0x3d/0x150 [ 104.691436][ T5303] ? __mutex_lock+0x319/0x1300 [ 104.694284][ T5303] ? l2cap_recv_acldata+0x2e3/0x13e0 [ 104.697427][ T5303] ? l2cap_recv_acldata+0x30b/0x13e0 [ 104.699781][ T5303] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 104.702317][ T5303] ? __pfx___mutex_lock+0x10/0x10 [ 104.704547][ T5303] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 104.707256][ T5303] ? l2cap_conn_hold_unless_zero+0x179/0x2b0 [ 104.710298][ T5303] ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10 [ 104.713981][ T5303] ? l2cap_recv_acldata+0x41/0x13e0 [ 104.716669][ T5303] l2cap_recv_acldata+0x7e9/0x13e0 [ 104.718960][ T5303] hci_rx_work+0x4f9/0x1030 [ 104.720941][ T5303] ? process_scheduled_works+0xa8d/0x18c0 [ 104.723645][ T5303] process_scheduled_works+0xb6e/0x18c0 [ 104.726310][ T5303] ? __pfx_process_scheduled_works+0x10/0x10 [ 104.729392][ T5303] ? assign_work+0x3d5/0x5e0 [ 104.731931][ T5303] worker_thread+0xa53/0xfc0 [ 104.734360][ T5303] kthread+0x388/0x470 [ 104.736253][ T5303] ? __pfx_worker_thread+0x10/0x10 [ 104.738659][ T5303] ? __pfx_kthread+0x10/0x10 [ 104.740797][ T5303] ret_from_fork+0x51e/0xb90 [ 104.742920][ T5303] ? __pfx_ret_from_fork+0x10/0x10 [ 104.745174][ T5303] ? __switch_to+0xc7d/0x1450 [ 104.747530][ T5303] ? __pfx_kthread+0x10/0x10 [ 104.749498][ T5303] ret_from_fork_asm+0x1a/0x30 [ 104.751574][ T5303] [ 104.753259][ T5303] Kernel Offset: disabled [ 104.755319][ T5303] Rebooting in 86400 seconds..