program:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f903", 0x11}], 0x1}, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd4242"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x90)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x21, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV6_HTHRESH={0x6}]}, 0x1c}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000080)="fc")
syz_emit_vhci(&(0x7f0000000580)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x1e}, @l2cap_cid_le_signaling={{0x1a}, @l2cap_ecred_conn_req={{0x17, 0x7, 0x16}, {0x1, 0x5, 0x1, 0x0, [0xd, 0x0, 0x5ab, 0x1, 0x200, 0x200, 0x1]}}}}, 0x23)
ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000080))
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="b80000001900674c000000000000000000000000000000000000000000000000e000000200000000000000000000000000000000000000000a"], 0xb8}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000005c0)='gretap0\x00', 0x10)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x2, 0x15, 0x1, 0x0, 0x9, 0x0, 0x70bd29, 0x25dfdbfe, [@sadb_key={0x7, 0x9, 0x160, 0x0, "483d32ff92046ec59a370be8f7f9ce7102c665cf66b9cc645bb2db20d27e5b2f7057e1651f2c8b805be6b965"}]}, 0x48}}, 0x20008000)
syz_emit_ethernet(0xfc, &(0x7f00000008c0)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0xc6, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [{0x3, 0x13, "af6c6a02c3856a59ed4aa5674d7558afcad4def33e9bbf847800e9fd6c212c785378bc4dcdcfa80e0e7c0045449305d549450113d3b4cc4cb186e09f7f367c8744439be1df366a91f4732ce4ed57ba35a99a7a195b8510e6d9daa30a6c237b7d63b81b2a6c2b8a43da58935a95345e94e401183fa5074ddac16ac4a547e2a2341a1024c72c9802604decdfcecfc7f46048ddce37ec7d4373cc75f677"}]}}}}}}, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000440)={&(0x7f00000007c0)=@newae={0xf0, 0x1e, 0x300, 0x70bd2d, 0x25dfdbfd, {{@in6=@private2, 0x4d2, 0xa, 0x2b}, @in6=@empty, 0x3ff, 0x3505}, [@algo_aead={0x65, 0x12, {{'echainiv(rfc4106-gcm-aesni)\x00'}, 0xc8, 0x100, "55abfec821762438dd30b31744984ef18b5cb8a9e57c4eaf62"}}, @user_kmaddress={0x2c, 0x13, {@in=@rand_addr=0x64010101, @in6=@loopback, 0x0, 0xa}}, @replay_thresh={0x8, 0xb, 0x7a4}, @replay_thresh={0x8, 0xb, 0x8}, @policy_type={0xa, 0x10, {0x1}}]}, 0xf0}, 0x1, 0x0, 0x0, 0x20004040}, 0x81)
syz_emit_ethernet(0x4e, &(0x7f0000000300)={@empty, @multicast, @val={@val={0x88a8, 0x3, 0x0, 0x2}, {0x8100, 0x1, 0x1}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x4, 0x1, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x11, 0x0, @empty=0xac1414aa}, "17c1b7df60874b7b"}}}}}, 0x0)

[  107.281700][ T5306] Bluetooth: hci0: command tx timeout
[  107.463703][ T4670] ==================================================================
[  107.467397][ T4670] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90
[  107.471582][ T4670] Read of size 22 at addr ffffc9000f9b7500 by task kworker/u5:1/4670
[  107.475509][ T4670] 
[  107.476829][ T4670] CPU: 0 UID: 0 PID: 4670 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[  107.476846][ T4670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  107.476856][ T4670] Workqueue: hci0 hci_rx_work
[  107.476878][ T4670] Call Trace:
[  107.476886][ T4670]  <TASK>
[  107.476902][ T4670]  dump_stack_lvl+0xe8/0x150
[  107.476952][ T4670]  print_report+0xba/0x230
[  107.476968][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.476981][ T4670]  kasan_report+0x117/0x150
[  107.477017][ T4670]  ? trace_kmem_cache_alloc+0x29/0xf0
[  107.477036][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.477051][ T4670]  kasan_check_range+0x264/0x2c0
[  107.477062][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.477072][ T4670]  __asan_memcpy+0x29/0x70
[  107.477089][ T4670]  l2cap_send_cmd+0x2a3/0xb90
[  107.477104][ T4670]  l2cap_recv_frame+0xc032/0x10240
[  107.477118][ T4670]  ? lock_release+0x4b/0x3d0
[  107.477158][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.477176][ T4670]  ? unwind_next_frame+0xa5/0x23c0
[  107.477194][ T4670]  ? rcu_is_watching+0x15/0xb0
[  107.477208][ T4670]  ? lock_release+0x4b/0x3d0
[  107.477219][ T4670]  ? unwind_next_frame+0x1aaf/0x23c0
[  107.477236][ T4670]  ? unwind_next_frame+0xa5/0x23c0
[  107.477249][ T4670]  ? unwind_next_frame+0x1aaf/0x23c0
[  107.477267][ T4670]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  107.477279][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.477295][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.477311][ T4670]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  107.477327][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.477344][ T4670]  ? stack_trace_save+0xa9/0x100
[  107.477354][ T4670]  ? __pfx_stack_trace_save+0x10/0x10
[  107.477366][ T4670]  ? check_path+0x21/0x40
[  107.477382][ T4670]  ? check_noncircular+0xda/0x150
[  107.477399][ T4670]  ? add_lock_to_list+0xc7/0x100
[  107.477413][ T4670]  ? lockdep_unlock+0x5d/0xd0
[  107.477423][ T4670]  ? __lock_acquire+0x146e/0x2cf0
[  107.477440][ T4670]  ? __mutex_trylock_common+0x158/0x260
[  107.477458][ T4670]  ? __pfx___mutex_trylock_common+0x10/0x10
[  107.477475][ T4670]  ? rcu_is_watching+0x15/0xb0
[  107.477489][ T4670]  ? trace_contention_end+0x3d/0x150
[  107.477505][ T4670]  ? __mutex_lock+0x319/0x1300
[  107.477544][ T4670]  ? l2cap_recv_acldata+0x2e3/0x13e0
[  107.477561][ T4670]  ? l2cap_recv_acldata+0x30b/0x13e0
[  107.477575][ T4670]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  107.477589][ T4670]  ? __pfx___mutex_lock+0x10/0x10
[  107.477601][ T4670]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  107.477612][ T4670]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[  107.477627][ T4670]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[  107.477642][ T4670]  ? l2cap_recv_acldata+0x41/0x13e0
[  107.477654][ T4670]  l2cap_recv_acldata+0x7e9/0x13e0
[  107.477668][ T4670]  hci_rx_work+0x4f9/0x1030
[  107.477683][ T4670]  ? process_scheduled_works+0xa25/0x1830
[  107.477699][ T4670]  process_scheduled_works+0xb02/0x1830
[  107.477724][ T4670]  ? __pfx_process_scheduled_works+0x10/0x10
[  107.477741][ T4670]  ? assign_work+0x3d5/0x5e0
[  107.477755][ T4670]  worker_thread+0xa50/0xfc0
[  107.477777][ T4670]  kthread+0x388/0x470
[  107.477789][ T4670]  ? __pfx_worker_thread+0x10/0x10
[  107.477803][ T4670]  ? __pfx_kthread+0x10/0x10
[  107.477813][ T4670]  ret_from_fork+0x51e/0xb90
[  107.477826][ T4670]  ? __pfx_ret_from_fork+0x10/0x10
[  107.477838][ T4670]  ? __switch_to+0xc7d/0x1450
[  107.477851][ T4670]  ? __pfx_kthread+0x10/0x10
[  107.477862][ T4670]  ret_from_fork_asm+0x1a/0x30
[  107.477882][ T4670]  </TASK>
[  107.477886][ T4670] 
[  107.631972][ T4670] The buggy address belongs to stack of task kworker/u5:1/4670
[  107.635323][ T4670]  and is located at offset 128 in frame:
[  107.637896][ T4670]  l2cap_recv_frame+0x0/0x10240
[  107.640100][ T4670] 
[  107.641472][ T4670] This frame has 26 objects:
[  107.643836][ T4670]  [32, 34) 'rsp.i241.i.i'
[  107.643853][ T4670]  [48, 88) 'chan.i.i.i'
[  107.645838][ T4670]  [128, 146) 'pdu_u.i.i.i'
[  107.647503][ T4670]  [192, 202) 'rsp.i94.i.i'
[  107.649347][ T4670]  [224, 226) 'rsp.i.i.i111'
[  107.651306][ T4670]  [240, 242) 'rej.i'
[  107.653349][ T4670]  [256, 258) 'rej.i145.i'
[  107.655528][ T4670]  [272, 274) 'rej.i143.i'
[  107.657916][ T4670]  [288, 290) 'req.i229.i.i'
[  107.660032][ T4670]  [304, 312) 'buf.i222.i.i'
[  107.662183][ T4670]  [336, 348) 'buf29.i.i.i'
[  107.664138][ T4670]  [368, 372) 'rsp49.i.i.i'
[  107.666099][ T4670]  [384, 393) 'rfc.i.i118.i.i'
[  107.668001][ T4670]  [416, 480) 'buf.i119.i.i'
[  107.670001][ T4670]  [512, 576) 'req.i120.i.i'
[  107.672000][ T4670]  [608, 617) 'rfc.i.i.i.i'
[  107.673996][ T4670]  [640, 656) 'efs.i.i.i.i'
[  107.675875][ T4670]  [672, 678) 'rej.i371.i.i.i'
[  107.677572][ T4670]  [704, 710) 'rej.i.i.i.i'
[  107.679468][ T4670]  [736, 800) 'rsp.i.i.i'
[  107.681260][ T4670]  [832, 896) 'buf.i.i.i'
[  107.683313][ T4670]  [928, 1056) 'req.i.i.i'
[  107.685436][ T4670]  [1088, 1096) 'rsp.i.i.i.i'
[  107.687886][ T4670]  [1120, 1122) 'info.i.i.i.i'
[  107.689986][ T4670]  [1136, 1264) 'buf.i.i.i.i'
[  107.692084][ T4670]  [1296, 1298) 'rej.i.i'
[  107.694052][ T4670] 
[  107.697239][ T4670] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc9000f9b0000 allocated at copy_process+0x508/0x3cf0
[  107.705264][ T4670] The buggy address belongs to the physical page:
[  107.709054][ T4670] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x438cf
[  107.713704][ T4670] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  107.717588][ T4670] raw: 04fff00000000000 0000000000000000 ffffea00010e33c8 0000000000000000
[  107.722748][ T4670] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  107.727110][ T4670] page dumped because: kasan: bad access detected
[  107.730602][ T4670] page_owner tracks the page as allocated
[  107.733384][ T4670] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 29930699177, free_ts 29501713085
[  107.741579][ T4670]  post_alloc_hook+0x231/0x280
[  107.744369][ T4670]  get_page_from_freelist+0x24dc/0x2580
[  107.747373][ T4670]  __alloc_frozen_pages_noprof+0x18d/0x380
[  107.750497][ T4670]  __alloc_pages_noprof+0xa/0x30
[  107.752815][ T4670]  __vmalloc_node_range_noprof+0x7be/0x1730
[  107.755502][ T4670]  __vmalloc_node_noprof+0xc2/0x100
[  107.757672][ T4670]  dup_task_struct+0x228/0x9a0
[  107.759659][ T4670]  copy_process+0x508/0x3cf0
[  107.762771][ T4670]  kernel_clone+0x248/0x8e0
[  107.765751][ T4670]  kernel_thread+0x13f/0x1b0
[  107.768347][ T4670]  kthreadd+0x4ec/0x6e0
[  107.770000][ T4670]  ret_from_fork+0x51e/0xb90
[  107.771883][ T4670]  ret_from_fork_asm+0x1a/0x30
[  107.774057][ T4670] page last free pid 1 tgid 1 stack trace:
[  107.777152][ T4670]  __free_frozen_pages+0xc2b/0xdb0
[  107.779703][ T4670]  __slab_free+0x263/0x2b0
[  107.781789][ T4670]  qlist_free_all+0x97/0x100
[  107.784142][ T4670]  kasan_quarantine_reduce+0x148/0x160
[  107.786745][ T4670]  __kasan_slab_alloc+0x22/0x80
[  107.789172][ T4670]  kmem_cache_alloc_noprof+0x2bc/0x650
[  107.792593][ T4670]  __kernfs_new_node+0xe9/0x8e0
[  107.794956][ T4670]  kernfs_new_node+0x102/0x210
[  107.797187][ T4670]  __kernfs_create_file+0x4b/0x2e0
[  107.799464][ T4670]  sysfs_add_file_mode_ns+0x238/0x300
[  107.801955][ T4670]  internal_create_group+0x673/0x1180
[  107.804199][ T4670]  sysfs_slab_add+0x14a/0x290
[  107.806252][ T4670]  slab_sysfs_init+0x5b/0xf0
[  107.808660][ T4670]  do_one_initcall+0x250/0x8d0
[  107.811308][ T4670]  do_initcall_level+0x104/0x190
[  107.813915][ T4670]  do_initcalls+0x59/0xa0
[  107.815995][ T4670] 
[  107.817224][ T4670] Memory state around the buggy address:
[  107.819867][ T4670]  ffffc9000f9b7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.823718][ T4670]  ffffc9000f9b7480: f1 f1 f1 f1 f8 f2 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2
[  107.828110][ T4670] >ffffc9000f9b7500: 00 00 02 f2 f2 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f2
[  107.832520][ T4670]                          ^
[  107.834737][ T4670]  ffffc9000f9b7580: f8 f2 f8 f2 f8 f2 f8 f2 f2 f2 f8 f8 f2 f2 f8 f2
[  107.838028][ T4670]  ffffc9000f9b7600: f8 f8 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2
[  107.841808][ T4670] ==================================================================
[  107.880319][ T4670] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  107.883373][ T4670] CPU: 0 UID: 0 PID: 4670 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[  107.888220][ T4670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  107.893419][ T4670] Workqueue: hci0 hci_rx_work
[  107.895443][ T4670] Call Trace:
[  107.896999][ T4670]  <TASK>
[  107.898444][ T4670]  vpanic+0x56c/0xa60
[  107.900295][ T4670]  ? __pfx_vpanic+0x10/0x10
[  107.902365][ T4670]  panic+0xc5/0xd0
[  107.904052][ T4670]  ? __pfx_panic+0x10/0x10
[  107.906372][ T4670]  ? preempt_schedule_thunk+0x16/0x30
[  107.908683][ T4670]  ? preempt_schedule_thunk+0x16/0x30
[  107.911140][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.913528][ T4670]  check_panic_on_warn+0x89/0xb0
[  107.915704][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.917895][ T4670]  end_report+0x73/0x180
[  107.919885][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.922143][ T4670]  kasan_report+0x128/0x150
[  107.924305][ T4670]  ? trace_kmem_cache_alloc+0x29/0xf0
[  107.927138][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.930027][ T4670]  kasan_check_range+0x264/0x2c0
[  107.933128][ T4670]  ? l2cap_send_cmd+0x2a3/0xb90
[  107.935802][ T4670]  __asan_memcpy+0x29/0x70
[  107.937662][ T4670]  l2cap_send_cmd+0x2a3/0xb90
[  107.939587][ T4670]  l2cap_recv_frame+0xc032/0x10240
[  107.941857][ T4670]  ? lock_release+0x4b/0x3d0
[  107.944041][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.946500][ T4670]  ? unwind_next_frame+0xa5/0x23c0
[  107.948903][ T4670]  ? rcu_is_watching+0x15/0xb0
[  107.951152][ T4670]  ? lock_release+0x4b/0x3d0
[  107.954222][ T4670]  ? unwind_next_frame+0x1aaf/0x23c0
[  107.956505][ T4670]  ? unwind_next_frame+0xa5/0x23c0
[  107.958905][ T4670]  ? unwind_next_frame+0x1aaf/0x23c0
[  107.961285][ T4670]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  107.963773][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.966305][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.968820][ T4670]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  107.972041][ T4670]  ? ret_from_fork_asm+0x1a/0x30
[  107.974289][ T4670]  ? stack_trace_save+0xa9/0x100
[  107.976525][ T4670]  ? __pfx_stack_trace_save+0x10/0x10
[  107.978995][ T4670]  ? check_path+0x21/0x40
[  107.981090][ T4670]  ? check_noncircular+0xda/0x150
[  107.983792][ T4670]  ? add_lock_to_list+0xc7/0x100
[  107.986405][ T4670]  ? lockdep_unlock+0x5d/0xd0
[  107.988681][ T4670]  ? __lock_acquire+0x146e/0x2cf0
[  107.991010][ T4670]  ? __mutex_trylock_common+0x158/0x260
[  107.994082][ T4670]  ? __pfx___mutex_trylock_common+0x10/0x10
[  107.997195][ T4670]  ? rcu_is_watching+0x15/0xb0
[  108.000065][ T4670]  ? trace_contention_end+0x3d/0x150
[  108.002928][ T4670]  ? __mutex_lock+0x319/0x1300
[  108.005148][ T4670]  ? l2cap_recv_acldata+0x2e3/0x13e0
[  108.007976][ T4670]  ? l2cap_recv_acldata+0x30b/0x13e0
[  108.010507][ T4670]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  108.013448][ T4670]  ? __pfx___mutex_lock+0x10/0x10
[  108.015931][ T4670]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  108.018765][ T4670]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[  108.022381][ T4670]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[  108.025432][ T4670]  ? l2cap_recv_acldata+0x41/0x13e0
[  108.027730][ T4670]  l2cap_recv_acldata+0x7e9/0x13e0
[  108.030101][ T4670]  hci_rx_work+0x4f9/0x1030
[  108.032263][ T4670]  ? process_scheduled_works+0xa25/0x1830
[  108.035422][ T4670]  process_scheduled_works+0xb02/0x1830
[  108.039364][ T4670]  ? __pfx_process_scheduled_works+0x10/0x10
[  108.042965][ T4670]  ? assign_work+0x3d5/0x5e0
[  108.045254][ T4670]  worker_thread+0xa50/0xfc0
[  108.047458][ T4670]  kthread+0x388/0x470
[  108.049469][ T4670]  ? __pfx_worker_thread+0x10/0x10
[  108.051923][ T4670]  ? __pfx_kthread+0x10/0x10
[  108.054407][ T4670]  ret_from_fork+0x51e/0xb90
[  108.057264][ T4670]  ? __pfx_ret_from_fork+0x10/0x10
[  108.061022][ T4670]  ? __switch_to+0xc7d/0x1450
[  108.064220][ T4670]  ? __pfx_kthread+0x10/0x10
[  108.066745][ T4670]  ret_from_fork_asm+0x1a/0x30
[  108.069146][ T4670]  </TASK>
[  108.071110][ T4670] Kernel Offset: disabled
[  108.073517][ T4670] Rebooting in 86400 seconds..