program:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x40802, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000002740)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x0, 0x1000, &(0x7f00000027c0)=""/4096}, &(0x7f0000000000)="2ec8d422ae6c", 0x0, 0x6, 0x10011, 0x1, 0x0})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x1)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000080)={0xf0f021})
r4 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0xc2a40)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000300)={0x1, @sliced={0x34c7, [0x7, 0x1, 0x4, 0x7, 0x7, 0x8, 0x3, 0x9, 0x2, 0x2, 0xe3, 0xa, 0xfe, 0xffff, 0x72, 0x244, 0xc1, 0xc, 0x9, 0x3, 0xc, 0x8001, 0x7, 0xe, 0x7, 0xf9cb, 0xd0, 0x7, 0x31, 0x6, 0x0, 0xd39f, 0xe, 0x4, 0x8, 0x3, 0x800, 0x800, 0xcf, 0x9, 0x8, 0x6, 0x72a, 0x3, 0x200, 0xa, 0xc7, 0x4], 0x5}})
ppoll(&(0x7f0000000280)=[{r5, 0x201}], 0x1, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000080)={0x9, 0x0, 0x0, {0x0, 0x300, 0xe7, 0x80000300}})
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0200300c000800"], 0x11)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x40086602, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7)
syz_emit_vhci(&(0x7f0000000140)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x2, 0x0, 0x10}, @l2cap_cid_le_signaling={{0xc}, @l2cap_ecred_reconf_req={{0x19, 0x9, 0x8}, {0x5, 0x6, [0x6, 0x1969]}}}}, 0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = dup(r1)
write$UHID_INPUT(r6, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b44090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f363b68090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2afffbd85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787f007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b40866a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6f651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de592587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xffffffffffffff5a}}, 0x1006)

[   85.156510][ T5295] Bluetooth: hci0: command tx timeout
[   87.213053][ T4662] Bluetooth: hci0: command tx timeout
[   87.531935][ T5295] ==================================================================
[   87.535501][ T5295] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2a0
[   87.538879][ T5295] Write of size 4 at addr ffff88804274c010 by task kworker/u5:2/5295
[   87.542486][ T5295] 
[   87.543609][ T5295] CPU: 0 UID: 0 PID: 5295 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   87.543626][ T5295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.543636][ T5295] Workqueue: hci0 hci_cmd_sync_work
[   87.543662][ T5295] Call Trace:
[   87.543670][ T5295]  <TASK>
[   87.543677][ T5295]  dump_stack_lvl+0xe8/0x150
[   87.543723][ T5295]  print_report+0xba/0x230
[   87.543741][ T5295]  ? hci_conn_drop+0x34/0x2a0
[   87.543753][ T5295]  kasan_report+0x117/0x150
[   87.543785][ T5295]  ? hci_conn_drop+0x34/0x2a0
[   87.543797][ T5295]  kasan_check_range+0x264/0x2c0
[   87.543809][ T5295]  hci_conn_drop+0x34/0x2a0
[   87.543819][ T5295]  ? __pfx_le_read_features_complete+0x10/0x10
[   87.543835][ T5295]  hci_cmd_sync_work+0x262/0x400
[   87.543851][ T5295]  ? process_scheduled_works+0xa25/0x1830
[   87.543905][ T5295]  process_scheduled_works+0xb02/0x1830
[   87.543925][ T5295]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.543940][ T5295]  ? assign_work+0x3d5/0x5e0
[   87.543953][ T5295]  worker_thread+0xa50/0xfc0
[   87.544008][ T5295]  kthread+0x388/0x470
[   87.544020][ T5295]  ? __pfx_worker_thread+0x10/0x10
[   87.544032][ T5295]  ? __pfx_kthread+0x10/0x10
[   87.544042][ T5295]  ret_from_fork+0x51e/0xb90
[   87.544079][ T5295]  ? __pfx_ret_from_fork+0x10/0x10
[   87.544092][ T5295]  ? __switch_to+0xc7d/0x1450
[   87.544105][ T5295]  ? __pfx_kthread+0x10/0x10
[   87.544116][ T5295]  ret_from_fork_asm+0x1a/0x30
[   87.544136][ T5295]  </TASK>
[   87.544139][ T5295] 
[   87.612927][ T5295] Allocated by task 5295:
[   87.614817][ T5295]  kasan_save_track+0x3e/0x80
[   87.616927][ T5295]  __kasan_kmalloc+0x93/0xb0
[   87.619162][ T5295]  __kmalloc_cache_noprof+0x31c/0x660
[   87.622025][ T5295]  __hci_conn_add+0x3c4/0x1e00
[   87.624759][ T5295]  le_conn_complete_evt+0x706/0x1430
[   87.627331][ T5295]  hci_le_enh_conn_complete_evt+0x189/0x490
[   87.630124][ T5295]  hci_event_packet+0x7af/0x12c0
[   87.632421][ T5295]  hci_rx_work+0x3ee/0x1030
[   87.634384][ T5295]  process_scheduled_works+0xb02/0x1830
[   87.636832][ T5295]  worker_thread+0xa50/0xfc0
[   87.639096][ T5295]  kthread+0x388/0x470
[   87.641112][ T5295]  ret_from_fork+0x51e/0xb90
[   87.643818][ T5295]  ret_from_fork_asm+0x1a/0x30
[   87.646404][ T5295] 
[   87.647575][ T5295] Freed by task 4662:
[   87.649603][ T5295]  kasan_save_track+0x3e/0x80
[   87.651667][ T5295]  kasan_save_free_info+0x46/0x50
[   87.653873][ T5295]  __kasan_slab_free+0x5c/0x80
[   87.655905][ T5295]  kfree+0x1c1/0x630
[   87.657666][ T5295]  device_release+0x9e/0x1d0
[   87.659705][ T5295]  kobject_put+0x228/0x560
[   87.661893][ T5295]  hci_conn_del+0xc36/0x1230
[   87.664276][ T5295]  hci_disconn_complete_evt+0x64e/0x950
[   87.667226][ T5295]  hci_event_packet+0x805/0x12c0
[   87.669810][ T5295]  hci_rx_work+0x3ee/0x1030
[   87.671906][ T5295]  process_scheduled_works+0xb02/0x1830
[   87.674284][ T5295]  worker_thread+0xa50/0xfc0
[   87.676359][ T5295]  kthread+0x388/0x470
[   87.678185][ T5295]  ret_from_fork+0x51e/0xb90
[   87.680415][ T5295]  ret_from_fork_asm+0x1a/0x30
[   87.682901][ T5295] 
[   87.684237][ T5295] The buggy address belongs to the object at ffff88804274c000
[   87.684237][ T5295]  which belongs to the cache kmalloc-8k of size 8192
[   87.690862][ T5295] The buggy address is located 16 bytes inside of
[   87.690862][ T5295]  freed 8192-byte region [ffff88804274c000, ffff88804274e000)
[   87.696637][ T5295] 
[   87.697776][ T5295] The buggy address belongs to the physical page:
[   87.700836][ T5295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42748
[   87.705228][ T5295] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   87.709431][ T5295] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   87.712859][ T5295] page_type: f5(slab)
[   87.714566][ T5295] raw: 04fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122
[   87.718349][ T5295] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[   87.722429][ T5295] head: 04fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122
[   87.726940][ T5295] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[   87.730820][ T5295] head: 04fff00000000003 ffffea000109d201 00000000ffffffff 00000000ffffffff
[   87.734698][ T5295] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   87.738440][ T5295] page dumped because: kasan: bad access detected
[   87.741236][ T5295] page_owner tracks the page as allocated
[   87.743715][ T5295] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 9, tgid 9 (kworker/0:0), ts 82492184948, free_ts 29535782192
[   87.752138][ T5295]  post_alloc_hook+0x231/0x280
[   87.754449][ T5295]  get_page_from_freelist+0x24dc/0x2580
[   87.757254][ T5295]  __alloc_frozen_pages_noprof+0x18d/0x380
[   87.760715][ T5295]  alloc_pages_mpol+0x232/0x4a0
[   87.763465][ T5295]  allocate_slab+0x83/0x660
[   87.765562][ T5295]  ___slab_alloc+0x150/0x6b0
[   87.767946][ T5295]  __kmalloc_noprof+0x18a/0x760
[   87.770269][ T5295]  hsr_add_node+0x17c/0x720
[   87.772431][ T5295]  hsr_forward_skb+0x3bf/0x2860
[   87.774635][ T5295]  hsr_dev_xmit+0x242/0x360
[   87.776677][ T5295]  dev_hard_start_xmit+0x2d8/0x870
[   87.779315][ T5295]  __dev_queue_xmit+0x16d1/0x3890
[   87.782085][ T5295]  ip6_finish_output+0x25c/0x610
[   87.784558][ T5295]  ip6_output+0x340/0x550
[   87.786737][ T5295]  NF_HOOK+0xa2/0x3a0
[   87.788665][ T5295]  mld_sendpack+0x8b4/0xe40
[   87.791051][ T5295] page last free pid 920 tgid 920 stack trace:
[   87.793968][ T5295]  __free_frozen_pages+0xc2b/0xdb0
[   87.797193][ T5295]  vfree+0x25a/0x400
[   87.799387][ T5295]  delayed_vfree_work+0x55/0x80
[   87.801406][ T5295]  process_scheduled_works+0xb02/0x1830
[   87.803605][ T5295]  worker_thread+0xa50/0xfc0
[   87.805818][ T5295]  kthread+0x388/0x470
[   87.807808][ T5295]  ret_from_fork+0x51e/0xb90
[   87.810365][ T5295]  ret_from_fork_asm+0x1a/0x30
[   87.812824][ T5295] 
[   87.813900][ T5295] Memory state around the buggy address:
[   87.816672][ T5295]  ffff88804274bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.820355][ T5295]  ffff88804274bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.823929][ T5295] >ffff88804274c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.828397][ T5295]                          ^
[   87.831265][ T5295]  ffff88804274c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.835135][ T5295]  ffff88804274c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.838704][ T5295] ==================================================================
[   87.863620][ T5295] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   87.868444][ T5295] CPU: 0 UID: 0 PID: 5295 Comm: kworker/u5:2 Not tainted syzkaller #0 PREEMPT(full) 
[   87.872902][ T5295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.877316][ T5295] Workqueue: hci0 hci_cmd_sync_work
[   87.879763][ T5295] Call Trace:
[   87.881412][ T5295]  <TASK>
[   87.883048][ T5295]  vpanic+0x56c/0xa60
[   87.885215][ T5295]  ? __pfx_vpanic+0x10/0x10
[   87.887529][ T5295]  panic+0xc5/0xd0
[   87.889205][ T5295]  ? __pfx_panic+0x10/0x10
[   87.891123][ T5295]  ? preempt_schedule_thunk+0x16/0x30
[   87.893486][ T5295]  ? preempt_schedule_thunk+0x16/0x30
[   87.895852][ T5295]  ? hci_conn_drop+0x34/0x2a0
[   87.898408][ T5295]  check_panic_on_warn+0x89/0xb0
[   87.901517][ T5295]  ? hci_conn_drop+0x34/0x2a0
[   87.903842][ T5295]  end_report+0x73/0x180
[   87.905803][ T5295]  ? hci_conn_drop+0x34/0x2a0
[   87.907866][ T5295]  kasan_report+0x128/0x150
[   87.909977][ T5295]  ? hci_conn_drop+0x34/0x2a0
[   87.912186][ T5295]  kasan_check_range+0x264/0x2c0
[   87.914574][ T5295]  hci_conn_drop+0x34/0x2a0
[   87.916901][ T5295]  ? __pfx_le_read_features_complete+0x10/0x10
[   87.920098][ T5295]  hci_cmd_sync_work+0x262/0x400
[   87.922410][ T5295]  ? process_scheduled_works+0xa25/0x1830
[   87.924902][ T5295]  process_scheduled_works+0xb02/0x1830
[   87.927480][ T5295]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.930645][ T5295]  ? assign_work+0x3d5/0x5e0
[   87.933685][ T5295]  worker_thread+0xa50/0xfc0
[   87.936522][ T5295]  kthread+0x388/0x470
[   87.938419][ T5295]  ? __pfx_worker_thread+0x10/0x10
[   87.940762][ T5295]  ? __pfx_kthread+0x10/0x10
[   87.942784][ T5295]  ret_from_fork+0x51e/0xb90
[   87.944938][ T5295]  ? __pfx_ret_from_fork+0x10/0x10
[   87.947215][ T5295]  ? __switch_to+0xc7d/0x1450
[   87.949617][ T5295]  ? __pfx_kthread+0x10/0x10
[   87.952456][ T5295]  ret_from_fork_asm+0x1a/0x30
[   87.955125][ T5295]  </TASK>
[   87.957286][ T5295] Kernel Offset: disabled
[   87.959278][ T5295] Rebooting in 86400 seconds..