program: syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) (async) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0200300c000800"], 0x11) (async) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x40086602, 0x0) (async) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0xfffffffb, 0x2166, 0x2, 0x100000, 0x88d9, 0x8005, 0xfffffffd, 0x10, 0x2, 0xffffffff, 0x200, 0x200, 0x344, 0x0, 0x2, 0x6, 0x9, 0x3, 0x3, 0xe, 0x6, 0x100, 0x80, 0x7fc, 0xe4d7, 0x1, 0x80000000, 0x7df, 0x8, 0xfff, 0x1]}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000fc0)={0x18, 0x11, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000010000000000000200000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32, @ANYBLOB="00000000000000008c080000ffffffff7b020000f8ffffffb703000008000000b7040000020000008500000082000000950000000000000000000000000000000000000000000000262faea57f12bb1c9959ec8145a56c8b5e5e7d5a58b3b7b694c1b12f7a5528772f91a5eea2b2c9935416ebe15fe9b9d3a97d16a02ba1bb2a54a9c9d4dda3074e1a4848921de54dff31516331e4fe8c0fcbdb97288554568859384d468d03533432333271595c9d3de007f605e9ce08ec6735b7d256adb13e9ae1c2a8035cfef12480aee163801a2b3dd9c49c5a9b808fbf514935c4afe9c707523c7e6e7cef7222a6b858f4e897211bb0469c1026"], &(0x7f0000000e00)='syzkaller\x00', 0x7fffffff, 0x92, &(0x7f0000000e40)=""/146, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000f00)={0x1, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000f40)=[{0x2, 0x2, 0x1, 0x8}, {0x1, 0x2, 0xd, 0x4}, {0x4, 0x2, 0xe, 0x3}, {0x0, 0x5, 0x0, 0x5}, {0x0, 0x4, 0x3}], 0x10, 0xc}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x1c, 0x8, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @alu={0x7, 0x0, 0x7, 0x2, 0x1, 0xffffffffffffffc0, 0xffffffffffffffff}, @generic={0x1, 0xf, 0xd, 0x4, 0x3}, @map_idx={0x18, 0x3, 0x5, 0x0, 0xe}]}, &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x12, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x3, 0x4}, 0x8, 0x10, &(0x7f00000005c0)={0x3, 0x9, 0x5, 0x5}, 0x10, 0xffffffffffffffff, r2, 0x4, &(0x7f0000001080)=[0xffffffffffffffff, 0x1], &(0x7f00000010c0)=[{0x5, 0x2, 0x4, 0xa}, {0x0, 0x4, 0x0, 0xb}, {0x5, 0x2, 0x3, 0x1}, {0x3, 0x4, 0x4, 0xc}], 0x10, 0x80000000}, 0x94) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) (async) ptrace$pokeuser(0x6, r3, 0x107, 0x4) (async) r4 = syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12015002004d5b5abd578ddfff6b72430000102505a8a440000102030109022d00010104008109040000000701"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) syz_usb_disconnect(r4) (async) syz_usb_connect$cdc_ecm(0x4, 0x4d, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010003020000202505a1a440000102030109023b00010107a0870904000000020600000024060000002400000000240f010000000000000000000905820200000000000905030200000000003779d3ab4e1d9b10e5e85fa190560bbacada57de3e58533656ed7d"], 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) (async) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETGROUP(r5, 0x400454ce, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4682}, 0x1c) (async) r6 = socket$packet(0x11, 0x3, 0x300) (async) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) (async) prlimit64(r3, 0xd, 0xfffffffffffffffc, 0x0) waitid(0x2, 0xffffffffffffffff, 0x0, 0x8, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="63726561746f723dd10000002c686173682c6f626a5f726f6c653d686673706c757300f23bb2a4cf9bb8c41129085794214567e06da77df9cf82fcfccdea6a0e8a446946b2fbda6e5aab28ed8e9fb1f5afeaccd23ff4df9ea917af8f0e459e4a21e3685cb378abf1acbe5308c39ace2d8457620bf78d99deec06c165fe1f3cca323f6308ccd51fbd432492277a0d5684672fac4ba6025b9a357f0f79fe0f30f637f6ecd1dc009e5eb4532be4cf5511ccb132d57c84336ad341b4ed1f60e8aef82bc90d2655167e70b5d554f5c3749850974240276b13f0340db59d392f5b857c54529ce45bfde31b88d505db88e8c3c94cf2bb612c66736e616d653d686673706c7573002c00"], 0x1, 0x5f4, &(0x7f0000000680)="$eJzs3c9vHGcdB+DPbNZOHCTXbZM2oEpYjVQQFontlQvmQkAI+VChqhw4W4nTWNm4le0it0LI/L5y6B9QDr5xQuIeqZzh1quPlZC49ORb0MzOrre2u9iNs7umzxO9877vvDPvvPPdmXd31oo2wFfWylyaj1NkZe6NnbK+v9dq7++1HnXLSS4naSTNTpZiIyk+Tu6kk/L1cmXdXfFFx/lwffmtTz7b/7RTa9ap2r4xaL/T2a1TZpNcqvPz6u/uU/dX9M6wDNjNbuBg1J4cs3uW3Z/yvgXGQdF53zxmJrma5Er9OSD17NAY7ujO35lmOQAAALignjvIQXYyPepxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEXQqn/1v/79/6JOjW55NkX39/8n63Wpyxfa41EPAAAAAAAAAADOwTcPcpCdTHfrT4rqb/6vVpVr1fJreS9bWctmbmUnq9nOdjazkGSmr6PJndXt7c2FU+y5eOKei8M5XwAAAAAAAAD4P/XbrBz+/R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZBkVzqZFW61i3PpNFMciXJZLndbvKvbvkiezzqAQAAAMAQPHeQg+xkult/UlTP/C9Vz/1X8l42sp31bKedtdyrvgvoPPU39vda7f291qMyHe/3R/850zCqHtP57uHkI9+otpjK/axXa27lbt5JO/fSqPYs3eiO5+Rx/aYcU/HD2ilHdq/OyzP/c50PzeVBjTNVRCZ6EZmvx1ZG4/nBkTjjq3P0SAtp9L75ufYMYn61zsvz+eOwYz7Q0Ugs9l19Lw2ORPKtv//1Fw/aGw8f3N+aG59T+pKORqLVF4mXv1KRmK8icb1XX8lP8/PMZTZvZjPr+WVWs521zOYnVWm1vp7L5czgSN35XO3NweOYqJYzvVn0bGN6tdp3Ouv5Wd7Jvazl9erfYhbyvSxlKct9r/D1U9z1jbPd9Te/XRemkvypzsdDOdc93xfX/jl3pmrrX3MYpRfOf25sfqMulMf4XZ2Ph6ORWOiLxIuDI/GXJ+Vyq73xcPPB6runPN5rdV7eR394yneJ852EyuvlhfLFqmqfvzrKthdPbFuo2q712hrH2q732v7XnTpZf4Y73tNi1fbyiW2tqu1GX9tJn7cAGHtXv3N1curfU/+c+mjq91MPpt648uPL37/8ymQm/jHxg+b8pdcarxR/y0f59eHzPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OVtvf/Bw9V2e21TQWHIhYkkYzCMLyxMZyyGMaLCKSaP3SFMUMAzc3v70bu3t97/4Lvrj1bfXnt7bWN5aWl5fnnp9dbt++vttfnOctSjBJ6Fwzf9UY8EAAAAAAAAAAAAOK1h/HeCUZ8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLGtzKX5OEUW5m/Nl/X9vVa7TN3y4ZbNJI0kxa+S4uPkTjopM33dFUe6v9QtfLi+/NYnn+1/ethXs7t944T9zmi3Tpmtjzl7jv3dfer+it4ZlgG72Q0cjNp/AwAA//9XtQ38") getsockname$packet(r7, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendto$packet(r6, &(0x7f00000001c0)="11", 0x1, 0x2404c081, &(0x7f0000000200)={0x11, 0x88a8, r8, 0x1, 0x4, 0x6, @multicast}, 0x14) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYRESOCT=0x0, @ANYRESDEC=r6, @ANYRESHEX=r8], 0xb) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) [ 85.864750][ T45] Bluetooth: hci0: command tx timeout [ 85.828743][ T5324] comedi comedi3: Minor -5 is invalid! [ 85.867884][ T45] Bluetooth: hci0: command tx timeout [ 86.157146][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 86.287056][ T9] usb 5-1: device descriptor read/64, error -71 [ 86.527057][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 86.658589][ T9] usb 5-1: device descriptor read/64, error -71 [ 86.767367][ T9] usb usb5-port1: attempt power cycle [ 87.107754][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 87.128476][ T9] usb 5-1: device descriptor read/8, error -71 [ 87.367455][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 87.387985][ T9] usb 5-1: device descriptor read/8, error -71 [ 87.497645][ T9] usb usb5-port1: unable to enumerate USB device [ 87.918174][ T4669] ================================================================== [ 87.921869][ T4669] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2a0 [ 87.925587][ T4669] Write of size 4 at addr ffff888012454010 by task kworker/u5:1/4669 [ 87.929317][ T4669] [ 87.930388][ T4669] CPU: 0 UID: 0 PID: 4669 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 87.930404][ T4669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 87.930413][ T4669] Workqueue: hci0 hci_cmd_sync_work [ 87.930436][ T4669] Call Trace: [ 87.930444][ T4669] [ 87.930450][ T4669] dump_stack_lvl+0xe8/0x150 [ 87.930470][ T4669] print_report+0xba/0x230 [ 87.930484][ T4669] ? hci_conn_drop+0x34/0x2a0 [ 87.930499][ T4669] kasan_report+0x117/0x150 [ 87.930514][ T4669] ? hci_conn_drop+0x34/0x2a0 [ 87.930525][ T4669] kasan_check_range+0x264/0x2c0 [ 87.930534][ T4669] hci_conn_drop+0x34/0x2a0 [ 87.930543][ T4669] ? __pfx_le_read_features_complete+0x10/0x10 [ 87.930552][ T4669] hci_cmd_sync_work+0x262/0x400 [ 87.930561][ T4669] ? process_scheduled_works+0xa8d/0x18c0 [ 87.930573][ T4669] process_scheduled_works+0xb6e/0x18c0 [ 87.930587][ T4669] ? __pfx_process_scheduled_works+0x10/0x10 [ 87.930597][ T4669] ? assign_work+0x3d5/0x5e0 [ 87.930606][ T4669] worker_thread+0xa53/0xfc0 [ 87.930620][ T4669] kthread+0x388/0x470 [ 87.930628][ T4669] ? __pfx_worker_thread+0x10/0x10 [ 87.930637][ T4669] ? __pfx_kthread+0x10/0x10 [ 87.930644][ T4669] ret_from_fork+0x51e/0xb90 [ 87.930656][ T4669] ? __pfx_ret_from_fork+0x10/0x10 [ 87.930665][ T4669] ? __switch_to+0xc7d/0x1450 [ 87.930674][ T4669] ? __pfx_kthread+0x10/0x10 [ 87.930681][ T4669] ret_from_fork_asm+0x1a/0x30 [ 87.930695][ T4669] [ 87.930698][ T4669] [ 87.999188][ T4669] Allocated by task 45: [ 88.001031][ T4669] kasan_save_track+0x3e/0x80 [ 88.003454][ T4669] __kasan_kmalloc+0x93/0xb0 [ 88.006106][ T4669] __kmalloc_cache_noprof+0x31c/0x660 [ 88.009061][ T4669] __hci_conn_add+0x3c4/0x1e00 [ 88.011242][ T4669] le_conn_complete_evt+0x706/0x1430 [ 88.013496][ T4669] hci_le_enh_conn_complete_evt+0x189/0x490 [ 88.015958][ T4669] hci_event_packet+0x7af/0x12c0 [ 88.018065][ T4669] hci_rx_work+0x3ee/0x1030 [ 88.020102][ T4669] process_scheduled_works+0xb6e/0x18c0 [ 88.022950][ T4669] worker_thread+0xa53/0xfc0 [ 88.025526][ T4669] kthread+0x388/0x470 [ 88.027624][ T4669] ret_from_fork+0x51e/0xb90 [ 88.029720][ T4669] ret_from_fork_asm+0x1a/0x30 [ 88.031874][ T4669] [ 88.033023][ T4669] Freed by task 45: [ 88.034689][ T4669] kasan_save_track+0x3e/0x80 [ 88.036956][ T4669] kasan_save_free_info+0x46/0x50 [ 88.039927][ T4669] __kasan_slab_free+0x5c/0x80 [ 88.042535][ T4669] kfree+0x1c1/0x630 [ 88.044270][ T4669] device_release+0xc4/0x1f0 [ 88.046339][ T4669] kobject_put+0x228/0x560 [ 88.048269][ T4669] hci_conn_del+0xc36/0x1230 [ 88.050273][ T4669] hci_disconn_complete_evt+0x64e/0x950 [ 88.052734][ T4669] hci_event_packet+0x805/0x12c0 [ 88.054972][ T4669] hci_rx_work+0x3ee/0x1030 [ 88.056913][ T4669] process_scheduled_works+0xb6e/0x18c0 [ 88.059258][ T4669] worker_thread+0xa53/0xfc0 [ 88.061220][ T4669] kthread+0x388/0x470 [ 88.063039][ T4669] ret_from_fork+0x51e/0xb90 [ 88.065111][ T4669] ret_from_fork_asm+0x1a/0x30 [ 88.067138][ T4669] [ 88.068193][ T4669] The buggy address belongs to the object at ffff888012454000 [ 88.068193][ T4669] which belongs to the cache kmalloc-8k of size 8192 [ 88.074542][ T4669] The buggy address is located 16 bytes inside of [ 88.074542][ T4669] freed 8192-byte region [ffff888012454000, ffff888012456000) [ 88.080650][ T4669] [ 88.081734][ T4669] The buggy address belongs to the physical page: [ 88.085165][ T4669] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12450 [ 88.089043][ T4669] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 88.092786][ T4669] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 88.096284][ T4669] page_type: f5(slab) [ 88.098120][ T4669] raw: 00fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122 [ 88.102020][ T4669] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 88.105829][ T4669] head: 00fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122 [ 88.109638][ T4669] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 88.114186][ T4669] head: 00fff00000000003 ffffea0000491401 00000000ffffffff 00000000ffffffff [ 88.118553][ T4669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 88.122399][ T4669] page dumped because: kasan: bad access detected [ 88.125308][ T4669] page_owner tracks the page as allocated [ 88.127876][ T4669] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4695, tgid 4695 (init), ts 30560766015, free_ts 29995090869 [ 88.137377][ T4669] post_alloc_hook+0x231/0x280 [ 88.139592][ T4669] get_page_from_freelist+0x24dc/0x2580 [ 88.142120][ T4669] __alloc_frozen_pages_noprof+0x18d/0x380 [ 88.144959][ T4669] allocate_slab+0x77/0x660 [ 88.147410][ T4669] refill_objects+0x331/0x3c0 [ 88.149874][ T4669] __pcs_replace_empty_main+0x2e6/0x730 [ 88.152710][ T4669] __kmalloc_cache_noprof+0x392/0x660 [ 88.155225][ T4669] tomoyo_init_log+0x112e/0x1fb0 [ 88.157412][ T4669] tomoyo_supervisor+0x353/0x1570 [ 88.159698][ T4669] tomoyo_env_perm+0x151/0x1f0 [ 88.162151][ T4669] tomoyo_find_next_domain+0x15cb/0x1aa0 [ 88.165466][ T4669] tomoyo_bprm_check_security+0x11b/0x180 [ 88.168323][ T4669] security_bprm_check+0x85/0x240 [ 88.170664][ T4669] bprm_execve+0x896/0x1460 [ 88.172752][ T4669] do_execveat_common+0x50d/0x690 [ 88.175095][ T4669] __x64_sys_execve+0x97/0xc0 [ 88.177324][ T4669] page last free pid 1 tgid 1 stack trace: [ 88.180375][ T4669] __free_frozen_pages+0xc2b/0xdb0 [ 88.183263][ T4669] free_reserved_page+0xce/0x120 [ 88.185436][ T4669] free_reserved_area+0x90/0x190 [ 88.187612][ T4669] free_kernel_image_pages+0xa2/0x100 [ 88.190039][ T4669] kernel_init+0x31/0x1d0 [ 88.192302][ T4669] ret_from_fork+0x51e/0xb90 [ 88.194853][ T4669] ret_from_fork_asm+0x1a/0x30 [ 88.197322][ T4669] [ 88.198359][ T4669] Memory state around the buggy address: [ 88.200846][ T4669] ffff888012453f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 88.204875][ T4669] ffff888012453f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 88.208543][ T4669] >ffff888012454000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.212450][ T4669] ^ [ 88.214341][ T4669] ffff888012454080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.217744][ T4669] ffff888012454100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 88.221701][ T4669] ================================================================== [ 88.228968][ T45] Bluetooth: hci0: command 0x041b tx timeout [ 88.232806][ T4669] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 88.236168][ T4669] CPU: 0 UID: 0 PID: 4669 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) [ 88.240438][ T4669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 88.245088][ T4669] Workqueue: hci0 hci_cmd_sync_work [ 88.247497][ T4669] Call Trace: [ 88.249101][ T4669] [ 88.250463][ T4669] vpanic+0x56c/0xa60 [ 88.252329][ T4669] ? __pfx_vpanic+0x10/0x10 [ 88.254325][ T4669] panic+0xc5/0xd0 [ 88.256041][ T4669] ? __pfx_panic+0x10/0x10 [ 88.258107][ T4669] ? preempt_schedule_thunk+0x16/0x30 [ 88.260512][ T4669] ? preempt_schedule_thunk+0x16/0x30 [ 88.262876][ T4669] ? hci_conn_drop+0x34/0x2a0 [ 88.265330][ T4669] check_panic_on_warn+0x89/0xb0 [ 88.267585][ T4669] ? hci_conn_drop+0x34/0x2a0 [ 88.269523][ T4669] end_report+0x73/0x180 [ 88.271503][ T4669] ? hci_conn_drop+0x34/0x2a0 [ 88.273690][ T4669] kasan_report+0x128/0x150 [ 88.275735][ T4669] ? hci_conn_drop+0x34/0x2a0 [ 88.277928][ T4669] kasan_check_range+0x264/0x2c0 [ 88.280969][ T4669] hci_conn_drop+0x34/0x2a0 [ 88.283297][ T4669] ? __pfx_le_read_features_complete+0x10/0x10 [ 88.286460][ T4669] hci_cmd_sync_work+0x262/0x400 [ 88.288757][ T4669] ? process_scheduled_works+0xa8d/0x18c0 [ 88.291456][ T4669] process_scheduled_works+0xb6e/0x18c0 [ 88.294208][ T4669] ? __pfx_process_scheduled_works+0x10/0x10 [ 88.297192][ T4669] ? assign_work+0x3d5/0x5e0 [ 88.299679][ T4669] worker_thread+0xa53/0xfc0 [ 88.302020][ T4669] kthread+0x388/0x470 [ 88.304033][ T4669] ? __pfx_worker_thread+0x10/0x10 [ 88.306298][ T4669] ? __pfx_kthread+0x10/0x10 [ 88.308672][ T4669] ret_from_fork+0x51e/0xb90 [ 88.311267][ T4669] ? __pfx_ret_from_fork+0x10/0x10 [ 88.313925][ T4669] ? __switch_to+0xc7d/0x1450 [ 88.315932][ T4669] ? __pfx_kthread+0x10/0x10 [ 88.317902][ T4669] ret_from_fork_asm+0x1a/0x30 [ 88.320019][ T4669] [ 88.321864][ T4669] Kernel Offset: disabled [ 88.325411][ T4669] Rebooting in 86400 seconds..