program: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0200300c000800"], 0x11) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x40086602, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="d185000000000000000000"], 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x31e, &(0x7f00000000c0)={@broadcast, @random="6c7621d7cc94", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x2e8, 0x3a, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, {[@fragment={0x6c, 0x0, 0x1d, 0x1, 0x0, 0x0, 0x65}, @dstopts={0x1, 0x23, '\x00', [@hao={0xc9, 0x10, @mcast2}, @enc_lim={0x4, 0x1, 0x7}, @generic={0x36, 0xa4, "c57984e053499842819055e9081715e993408cafc01245f9a2b247bc53ad1d78dc3bd3f79e34ee1b11f7f3ad6f49d697d3346f8b63012612bf2c13499495b5fe96561a10eea783137f5967f59e968ec831238419a3dc0883087ef72c70c10327bd450cddfccb49bfd2dea54967b42fb000addc6347cf0e552377b13916bf27be361cd665b483cbb1df7a40a6e9ddd451e461a8cac6d554cf41b1611c734aaf3133b4f0e5"}, @generic={0x7f, 0x4a, "20fef8a763aa684a4be7f84c6ff1c757bb6a89f74b28cf57e6d1652683bfdacb70a604554daa942ae33d922a8e2592a80e2868bbe70df6cac7ff59791370f2570c9ce9e3b699bafc8cdb"}, @hao={0xc9, 0x10, @loopback}]}, @routing={0x5ff8f8d9d5bfa98, 0xe, 0x1, 0x4, 0x0, [@private2={0xfc, 0x2, '\x00', 0x1}, @private1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @dev={0xfe, 0x80, '\x00', 0xe}, @private0, @empty, @mcast2]}, @srh={0x84, 0xe, 0x4, 0x7, 0xfc, 0x18, 0x5, [@remote, @empty, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @local}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2]}, @dstopts={0x3a, 0xf, '\x00', [@generic={0x2, 0x6a, "b088abc7a0fe907d9a15c2c513e94eab9775dcd77888ba276139db2c37640eb8d904394a221ecc508585510a58b025c44414363d5be9066ea0427187d14fc02b1c5fffc70cb146da1439db5afac04d3dcd38f9f77282b507d06f9d94a8c2e010ba48e0099514f6409200"}, @ra={0x5, 0x2, 0x4}, @jumbo={0xc2, 0x4, 0x1}, @pad1]}], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "98a350", 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2}, @private1, [@hopopts={0x11}], "fafb17c103001c19"}}}}}}}, 0x0) open(&(0x7f0000000040)='./file2\x00', 0x181042, 0x0) syz_emit_ethernet(0x29a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaa0086dd60cb653e02643a00fe800000000000000000000000000000fe80000000000000000000000000000086009078000000000000000000000000000d7db4265c9f6aa3b46521199ea778d105c24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d9800081598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d8181cf146261723484c54803466e8b0034130c3818"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001800dd8d00000000000000000a000000000000060000000008001e0002"], 0x30}}, 0x4090) syz_usb_connect$cdc_ecm(0x0, 0x51, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000020000082505a5a440000102030109023f0001010000000904"], 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)=@usbdevfs_driver={0x7, 0xfffffff1, &(0x7f0000000000)="f5f74b1d9b"}) [ 89.337644][ T5296] Bluetooth: hci0: command tx timeout [ 90.316220][ T5320] loop0: detected capacity change from 0 to 2048 [ 90.385444][ T5320] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.444098][ T5320] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.747504][ T54] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 90.897444][ T54] usb 5-1: Using ep0 maxpacket: 8 [ 90.903528][ T54] usb 5-1: config 1 has an invalid descriptor of length 249, skipping remainder of the config [ 90.909701][ T54] usb 5-1: config 1 interface 0 has no altsetting 0 [ 90.943392][ T54] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 90.948087][ T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.952031][ T54] usb 5-1: Product: syz [ 90.954172][ T54] usb 5-1: Manufacturer: syz [ 90.956357][ T54] usb 5-1: SerialNumber: syz [ 91.397486][ T5296] Bluetooth: hci0: command tx timeout [ 91.957471][ T4663] ================================================================== [ 91.961898][ T4663] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2a0 [ 91.968306][ T4663] Write of size 4 at addr ffff88804203c010 by task kworker/u5:1/4663 [ 91.978384][ T4663] [ 91.979792][ T4663] CPU: 0 UID: 0 PID: 4663 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 91.979880][ T4663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 91.979888][ T4663] Workqueue: hci0 hci_cmd_sync_work [ 91.979906][ T4663] Call Trace: [ 91.979913][ T4663] [ 91.979919][ T4663] dump_stack_lvl+0xe8/0x150 [ 91.980012][ T4663] print_report+0xba/0x230 [ 91.980025][ T4663] ? hci_conn_drop+0x34/0x2a0 [ 91.980037][ T4663] kasan_report+0x117/0x150 [ 91.980138][ T4663] ? hci_conn_drop+0x34/0x2a0 [ 91.980150][ T4663] kasan_check_range+0x264/0x2c0 [ 91.980165][ T4663] hci_conn_drop+0x34/0x2a0 [ 91.980176][ T4663] ? __pfx_le_read_features_complete+0x10/0x10 [ 91.980190][ T4663] hci_cmd_sync_work+0x262/0x400 [ 91.980201][ T4663] ? process_scheduled_works+0xa25/0x1830 [ 91.980238][ T4663] process_scheduled_works+0xb02/0x1830 [ 91.980255][ T4663] ? __pfx_process_scheduled_works+0x10/0x10 [ 91.980268][ T4663] ? assign_work+0x3d5/0x5e0 [ 91.980282][ T4663] worker_thread+0xa50/0xfc0 [ 91.980301][ T4663] kthread+0x388/0x470 [ 91.980312][ T4663] ? __pfx_worker_thread+0x10/0x10 [ 91.980323][ T4663] ? __pfx_kthread+0x10/0x10 [ 91.980332][ T4663] ret_from_fork+0x51e/0xb90 [ 91.980346][ T4663] ? __pfx_ret_from_fork+0x10/0x10 [ 91.980357][ T4663] ? __switch_to+0xc7d/0x1450 [ 91.980368][ T4663] ? __pfx_kthread+0x10/0x10 [ 91.980377][ T4663] ret_from_fork_asm+0x1a/0x30 [ 91.980395][ T4663] [ 91.980399][ T4663] [ 92.155203][ T4663] Allocated by task 4663: [ 92.162909][ T4663] kasan_save_track+0x3e/0x80 [ 92.167376][ T4663] __kasan_kmalloc+0x93/0xb0 [ 92.176258][ T4663] __kmalloc_cache_noprof+0x31c/0x660 [ 92.180270][ T4663] __hci_conn_add+0x3c4/0x1e00 [ 92.186791][ T4663] le_conn_complete_evt+0x706/0x1430 [ 92.196042][ T4663] hci_le_enh_conn_complete_evt+0x189/0x490 [ 92.203246][ T4663] hci_event_packet+0x7af/0x12c0 [ 92.209369][ T4663] hci_rx_work+0x3ee/0x1030 [ 92.213549][ T4663] process_scheduled_works+0xb02/0x1830 [ 92.221630][ T4663] worker_thread+0xa50/0xfc0 [ 92.223750][ T4663] kthread+0x388/0x470 [ 92.225467][ T4663] ret_from_fork+0x51e/0xb90 [ 92.232436][ T4663] ret_from_fork_asm+0x1a/0x30 [ 92.235242][ T4663] [ 92.242109][ T4663] Freed by task 5296: [ 92.244349][ T4663] kasan_save_track+0x3e/0x80 [ 92.252171][ T4663] kasan_save_free_info+0x46/0x50 [ 92.254926][ T4663] __kasan_slab_free+0x5c/0x80 [ 92.262421][ T4663] kfree+0x1c1/0x630 [ 92.264279][ T4663] device_release+0x9e/0x1d0 [ 92.271679][ T4663] kobject_put+0x228/0x560 [ 92.274411][ T4663] hci_conn_del+0xc36/0x1230 [ 92.277359][ T4663] hci_disconn_complete_evt+0x64e/0x950 [ 92.284163][ T4663] hci_event_packet+0x805/0x12c0 [ 92.289140][ T4663] hci_rx_work+0x3ee/0x1030 [ 92.291060][ T4663] process_scheduled_works+0xb02/0x1830 [ 92.298297][ T4663] worker_thread+0xa50/0xfc0 [ 92.300449][ T4663] kthread+0x388/0x470 [ 92.307641][ T4663] ret_from_fork+0x51e/0xb90 [ 92.311756][ T4663] ret_from_fork_asm+0x1a/0x30 [ 92.318500][ T4663] [ 92.319934][ T4663] The buggy address belongs to the object at ffff88804203c000 [ 92.319934][ T4663] which belongs to the cache kmalloc-8k of size 8192 [ 92.332102][ T4663] The buggy address is located 16 bytes inside of [ 92.332102][ T4663] freed 8192-byte region [ffff88804203c000, ffff88804203e000) [ 92.354006][ T4663] [ 92.355120][ T4663] The buggy address belongs to the physical page: [ 92.357949][ T4663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42038 [ 92.372158][ T4663] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 92.376001][ T4663] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 92.383963][ T4663] page_type: f5(slab) [ 92.392024][ T4663] raw: 04fff00000000040 ffff88801a842280 dead000000000100 dead000000000122 [ 92.395819][ T4663] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 92.402477][ T4663] head: 04fff00000000040 ffff88801a842280 dead000000000100 dead000000000122 [ 92.406509][ T4663] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 92.410563][ T4663] head: 04fff00000000003 ffffea0001080e01 00000000ffffffff 00000000ffffffff [ 92.431640][ T4663] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 92.435841][ T4663] page dumped because: kasan: bad access detected [ 92.443816][ T4663] page_owner tracks the page as allocated [ 92.452276][ T4663] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5008, tgid 5008 (dhcpcd), ts 54303507944, free_ts 52329985688 [ 92.465567][ T4663] post_alloc_hook+0x231/0x280 [ 92.473301][ T4663] get_page_from_freelist+0x24dc/0x2580 [ 92.475864][ T4663] __alloc_frozen_pages_noprof+0x18d/0x380 [ 92.478287][ T4663] alloc_pages_mpol+0x232/0x4a0 [ 92.480295][ T4663] allocate_slab+0x83/0x660 [ 92.492519][ T4663] ___slab_alloc+0x150/0x6a0 [ 92.495116][ T4663] __kvmalloc_node_noprof+0x34d/0x8a0 [ 92.498923][ T4663] pfifo_fast_init+0x372/0x6c0 [ 92.523316][ T4663] qdisc_create_dflt+0x13b/0x510 [ 92.525984][ T4663] dev_activate+0x378/0x1150 [ 92.528326][ T4663] __dev_open+0x67a/0x830 [ 92.530352][ T4663] __dev_change_flags+0x1f7/0x690 [ 92.532751][ T4663] netif_change_flags+0x88/0x1a0 [ 92.535027][ T4663] dev_change_flags+0x130/0x260 [ 92.537365][ T4663] devinet_ioctl+0x9f2/0x1b30 [ 92.539546][ T4663] inet_ioctl+0x42a/0x560 [ 92.543924][ T4663] page last free pid 4995 tgid 4995 stack trace: [ 92.552088][ T4663] __free_frozen_pages+0xc00/0xd90 [ 92.554537][ T4663] __slab_free+0x263/0x2b0 [ 92.556667][ T4663] qlist_free_all+0x97/0x100 [ 92.558714][ T4663] kasan_quarantine_reduce+0x148/0x160 [ 92.561179][ T4663] __kasan_slab_alloc+0x22/0x80 [ 92.580073][ T4663] __kmalloc_noprof+0x316/0x760 [ 92.583132][ T4663] load_elf_binary+0x30f/0x2980 [ 92.589455][ T4663] bprm_execve+0x93d/0x1460 [ 92.592128][ T4663] do_execveat_common+0x50d/0x690 [ 92.595041][ T4663] __x64_sys_execve+0x97/0xc0 [ 92.598850][ T4663] do_syscall_64+0x14d/0xf80 [ 92.602159][ T4663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.606970][ T4663] [ 92.611142][ T4663] Memory state around the buggy address: [ 92.616899][ T4663] ffff88804203bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.622751][ T4663] ffff88804203bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.627447][ T4663] >ffff88804203c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.632211][ T4663] ^ [ 92.635110][ T4663] ffff88804203c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.651581][ T4663] ffff88804203c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.655358][ T4663] ================================================================== [ 92.669224][ T4663] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 92.673677][ T4663] CPU: 0 UID: 0 PID: 4663 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 92.679655][ T4663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 92.689425][ T4663] Workqueue: hci0 hci_cmd_sync_work [ 92.697753][ T4663] Call Trace: [ 92.699293][ T4663] [ 92.700696][ T4663] vpanic+0x56c/0xa60 [ 92.703019][ T4663] ? __pfx_vpanic+0x10/0x10 [ 92.705668][ T4663] panic+0xc5/0xd0 [ 92.707847][ T4663] ? __pfx_panic+0x10/0x10 [ 92.711828][ T4663] ? preempt_schedule_thunk+0x16/0x30 [ 92.723365][ T4663] ? preempt_schedule_thunk+0x16/0x30 [ 92.725995][ T4663] ? hci_conn_drop+0x34/0x2a0 [ 92.728289][ T4663] check_panic_on_warn+0x89/0xb0 [ 92.730727][ T4663] ? hci_conn_drop+0x34/0x2a0 [ 92.747722][ T4663] end_report+0x73/0x180 [ 92.749715][ T4663] ? hci_conn_drop+0x34/0x2a0 [ 92.751781][ T4663] kasan_report+0x128/0x150 [ 92.753771][ T4663] ? hci_conn_drop+0x34/0x2a0 [ 92.756254][ T4663] kasan_check_range+0x264/0x2c0 [ 92.758516][ T4663] hci_conn_drop+0x34/0x2a0 [ 92.760661][ T4663] ? __pfx_le_read_features_complete+0x10/0x10 [ 92.765826][ T4663] hci_cmd_sync_work+0x262/0x400 [ 92.767820][ T4663] ? process_scheduled_works+0xa25/0x1830 [ 92.770112][ T4663] process_scheduled_works+0xb02/0x1830 [ 92.782524][ T4663] ? __pfx_process_scheduled_works+0x10/0x10 [ 92.784963][ T4663] ? assign_work+0x3d5/0x5e0 [ 92.786867][ T4663] worker_thread+0xa50/0xfc0 [ 92.788763][ T4663] kthread+0x388/0x470 [ 92.790466][ T4663] ? __pfx_worker_thread+0x10/0x10 [ 92.802762][ T4663] ? __pfx_kthread+0x10/0x10 [ 92.804832][ T4663] ret_from_fork+0x51e/0xb90 [ 92.807020][ T4663] ? __pfx_ret_from_fork+0x10/0x10 [ 92.832636][ T4663] ? __switch_to+0xc7d/0x1450 [ 92.834820][ T4663] ? __pfx_kthread+0x10/0x10 [ 92.836979][ T4663] ret_from_fork_asm+0x1a/0x30 [ 92.839263][ T4663] [ 92.849040][ T4663] Kernel Offset: disabled [ 92.851165][ T4663] Rebooting in 86400 seconds..