[ 426.520949][ T3586] Bluetooth: hci1: command 0x1003 tx timeout [ 426.520979][ T3577] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 428.600972][ T3577] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 429.352667][ T148] device hsr_slave_0 left promiscuous mode [ 429.359038][ T148] device hsr_slave_1 left promiscuous mode [ 429.366399][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.373909][ T148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.384556][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 429.392532][ T148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 429.401145][ T148] device bridge_slave_1 left promiscuous mode [ 429.407980][ T148] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.416140][ T148] device bridge_slave_0 left promiscuous mode [ 429.423015][ T148] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.433198][ T148] device veth1_macvtap left promiscuous mode [ 429.439294][ T148] device veth0_macvtap left promiscuous mode [ 429.446363][ T148] device veth1_vlan left promiscuous mode [ 429.452478][ T148] device veth0_vlan left promiscuous mode [ 429.558477][ T148] team0 (unregistering): Port device team_slave_1 removed [ 429.573749][ T148] team0 (unregistering): Port device team_slave_0 removed [ 429.589559][ T148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.603014][ T148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.645360][ T148] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.10.50' (ECDSA) to the list of known hosts. [ 431.570432][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 433.640921][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 433.640967][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 434.761862][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 434.768627][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 435.720960][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 435.721018][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 437.800975][ T3585] Bluetooth: hci0: command 0x1003 tx timeout [ 437.801005][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 439.880917][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 439.880991][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 441.960901][ T3585] Bluetooth: hci0: command 0x1003 tx timeout [ 441.960970][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 444.040887][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 444.040949][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 446.120942][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 446.120966][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 448.200918][ T3585] Bluetooth: hci0: command 0x1003 tx timeout [ 448.200980][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 450.280922][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 450.280983][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 452.360947][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 452.370962][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 452.395407][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 454.440894][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 454.440968][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 454.470139][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 456.520919][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 456.520997][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 458.600977][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 458.600984][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 460.680929][ T3585] Bluetooth: hci0: command 0x1003 tx timeout [ 460.680968][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 462.760951][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 462.761024][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 464.840979][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 464.841043][ T3585] Bluetooth: hci0: command 0x1003 tx timeout [ 466.920897][ T3585] Bluetooth: hci0: command 0x1003 tx timeout [ 466.920936][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 469.000949][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 469.001002][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 469.030122][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 471.080912][ T3586] Bluetooth: hci0: command 0x1003 tx timeout [ 471.087189][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 473.160955][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 473.160965][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 475.240909][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 475.240928][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 477.320950][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 477.321005][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 479.400976][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 479.426785][ T986] Bluetooth: hci0: Frame reassembly failed (-84) [ 481.480980][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 481.480979][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 483.560912][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 483.560953][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 485.640911][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 485.640947][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 487.720948][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 487.720972][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 489.800915][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 489.801002][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 491.880889][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 491.880938][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 493.960902][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 493.960955][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 496.040889][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 496.040974][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 496.201796][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 496.208133][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 498.120906][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 498.120938][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 500.200891][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 500.200908][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 502.280891][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 502.280932][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 502.308132][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 504.360927][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 504.360959][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 506.440890][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 506.440915][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 508.520905][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 508.520925][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 510.600899][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 510.600935][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 512.680893][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 512.680935][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 514.760926][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 514.761080][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 516.840911][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 518.920932][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 518.920988][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 521.000884][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 521.000914][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 521.032275][ T986] Bluetooth: hci0: Frame reassembly failed (-84) [ 523.080873][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 523.080896][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 525.160898][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 525.160898][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 527.240926][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 527.264665][ T986] Bluetooth: hci0: Frame reassembly failed (-84) [ 529.320889][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 529.320939][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 529.350176][ T986] Bluetooth: hci0: Frame reassembly failed (-84) [ 531.400929][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 531.407358][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 533.480865][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 533.480883][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 533.513391][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 535.560877][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 535.560917][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 535.589939][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 537.640870][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 537.640906][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 539.720895][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 539.720968][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 541.800855][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 541.800873][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 543.880871][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 543.880913][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 543.909717][ T986] Bluetooth: hci0: Frame reassembly failed (-84) [ 545.960879][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 548.040891][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 548.040891][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 548.069464][ T986] Bluetooth: hci0: Frame reassembly failed (-84) [ 550.120866][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 550.120885][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 550.151673][ T986] Bluetooth: hci0: Frame reassembly failed (-84) [ 552.200868][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 552.200884][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 552.229812][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 554.280861][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 554.280906][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 556.360888][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 556.360892][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 557.642039][ T1354] ieee802154 phy0 wpan0: encryption failed: -22 [ 557.648426][ T1354] ieee802154 phy1 wpan1: encryption failed: -22 [ 558.440894][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 558.440895][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 560.520873][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 560.544053][ T148] Bluetooth: hci0: Frame reassembly failed (-84) [ 562.600868][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 562.600898][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 564.680873][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 564.680940][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 566.760891][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 566.760898][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 568.840882][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 568.840890][ T4416] Bluetooth: hci0: command 0x1003 tx timeout [ 570.920882][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 570.920909][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 573.000867][ T3587] Bluetooth: hci0: command 0x1003 tx timeout [ 573.000921][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 575.080890][ T3577] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 575.087642][ T4416] ================================================================== [ 575.095992][ T4416] BUG: KASAN: use-after-free in hci_cmd_timeout+0x1e5/0x1f0 [ 575.103613][ T4416] Read of size 2 at addr ffff888018e9d408 by task kworker/0:1/4416 [ 575.111480][ T4416] [ 575.113789][ T4416] CPU: 0 PID: 4416 Comm: kworker/0:1 Not tainted 5.15.0-rc3-syzkaller #0 [ 575.122441][ T4416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.132573][ T4416] Workqueue: events hci_cmd_timeout [ 575.138205][ T4416] Call Trace: [ 575.141473][ T4416] dump_stack_lvl+0x57/0x7d [ 575.146003][ T4416] print_address_description.constprop.0.cold+0x6c/0x309 [ 575.153012][ T4416] ? hci_cmd_timeout+0x1e5/0x1f0 [ 575.158098][ T4416] ? hci_cmd_timeout+0x1e5/0x1f0 [ 575.163129][ T4416] kasan_report.cold+0x83/0xdf [ 575.168167][ T4416] ? hci_cmd_timeout+0x1e5/0x1f0 [ 575.173103][ T4416] hci_cmd_timeout+0x1e5/0x1f0 [ 575.177947][ T4416] process_one_work+0x87f/0x1450 [ 575.182876][ T4416] ? lock_release+0x720/0x720 [ 575.187535][ T4416] ? pwq_dec_nr_in_flight+0x230/0x230 [ 575.193082][ T4416] ? rwlock_bug.part.0+0x90/0x90 [ 575.198037][ T4416] ? _raw_spin_lock_irq+0x41/0x50 [ 575.203123][ T4416] worker_thread+0x598/0x1040 [ 575.207799][ T4416] ? process_one_work+0x1450/0x1450 [ 575.212973][ T4416] kthread+0x38b/0x460 [ 575.217015][ T4416] ? _raw_spin_unlock_irq+0x1f/0x40 [ 575.222181][ T4416] ? set_kthread_struct+0x100/0x100 [ 575.227352][ T4416] ret_from_fork+0x1f/0x30 [ 575.231764][ T4416] [ 575.234081][ T4416] Allocated by task 986: [ 575.238306][ T4416] kasan_save_stack+0x1b/0x40 [ 575.242972][ T4416] __kasan_kmalloc+0xa4/0xd0 [ 575.247632][ T4416] batadv_forw_packet_alloc+0x2c6/0x3c0 [ 575.253235][ T4416] batadv_iv_ogm_aggregate_new+0xf3/0x480 [ 575.258971][ T4416] batadv_iv_ogm_schedule_buff+0xbc0/0x1030 [ 575.264837][ T4416] batadv_iv_send_outstanding_bat_ogm_packet+0x59f/0x8f0 [ 575.271829][ T4416] process_one_work+0x87f/0x1450 [ 575.276734][ T4416] worker_thread+0x598/0x1040 [ 575.281378][ T4416] kthread+0x38b/0x460 [ 575.286459][ T4416] ret_from_fork+0x1f/0x30 [ 575.290845][ T4416] [ 575.293143][ T4416] Freed by task 3577: [ 575.297209][ T4416] kasan_save_stack+0x1b/0x40 [ 575.301887][ T4416] kasan_set_track+0x1c/0x30 [ 575.306471][ T4416] kasan_set_free_info+0x20/0x30 [ 575.311621][ T4416] __kasan_slab_free+0xff/0x130 [ 575.316692][ T4416] slab_free_freelist_hook+0x81/0x190 [ 575.322476][ T4416] kfree+0xe4/0x530 [ 575.326362][ T4416] skb_release_data+0x500/0x640 [ 575.331261][ T4416] kfree_skb+0xe0/0x2c0 [ 575.335682][ T4416] hci_dev_open_sync+0x765/0x1990 [ 575.340757][ T4416] hci_dev_do_open+0x23/0x60 [ 575.345318][ T4416] hci_power_on+0xf6/0x4c0 [ 575.350069][ T4416] process_one_work+0x87f/0x1450 [ 575.355545][ T4416] worker_thread+0x598/0x1040 [ 575.360318][ T4416] kthread+0x38b/0x460 [ 575.364941][ T4416] ret_from_fork+0x1f/0x30 [ 575.369629][ T4416] [ 575.371942][ T4416] Last potentially related work creation: [ 575.377641][ T4416] kasan_save_stack+0x1b/0x40 [ 575.382441][ T4416] kasan_record_aux_stack+0xe9/0x110 [ 575.387697][ T4416] insert_work+0x42/0x300 [ 575.392001][ T4416] __queue_work+0x4a5/0xc80 [ 575.396578][ T4416] call_timer_fn+0x163/0x4a0 [ 575.401157][ T4416] __run_timers.part.0+0x3b0/0x890 [ 575.406459][ T4416] run_timer_softirq+0x9c/0x190 [ 575.411302][ T4416] __do_softirq+0x29b/0x9c2 [ 575.415786][ T4416] [ 575.418099][ T4416] The buggy address belongs to the object at ffff888018e9d400 [ 575.418099][ T4416] which belongs to the cache kmalloc-512 of size 512 [ 575.432261][ T4416] The buggy address is located 8 bytes inside of [ 575.432261][ T4416] 512-byte region [ffff888018e9d400, ffff888018e9d600) [ 575.446135][ T4416] The buggy address belongs to the page: [ 575.452448][ T4416] page:ffffea000063a700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18e9c [ 575.462753][ T4416] head:ffffea000063a700 order:2 compound_mapcount:0 compound_pincount:0 [ 575.471054][ T4416] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 575.479105][ T4416] raw: 00fff00000010200 ffffea00006a8300 0000000200000002 ffff88800fc41c80 [ 575.487755][ T4416] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 575.496307][ T4416] page dumped because: kasan: bad access detected [ 575.503036][ T4416] page_owner tracks the page as allocated [ 575.508827][ T4416] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 526, ts 4712550840, free_ts 0 [ 575.526933][ T4416] get_page_from_freelist+0xa6f/0x2f50 [ 575.532649][ T4416] __alloc_pages+0x1b2/0x500 [ 575.537235][ T4416] new_slab+0x319/0x490 [ 575.541359][ T4416] ___slab_alloc+0x923/0xfe0 [ 575.546003][ T4416] __slab_alloc.constprop.0+0x4d/0xa0 [ 575.551428][ T4416] kmem_cache_alloc_trace+0x293/0x2b0 [ 575.557221][ T4416] alloc_bprm+0x4c/0x850 [ 575.561452][ T4416] kernel_execve+0x37/0x3e0 [ 575.565931][ T4416] call_usermodehelper_exec_async+0x2c1/0x500 [ 575.572065][ T4416] ret_from_fork+0x1f/0x30 [ 575.576466][ T4416] page_owner free stack trace missing [ 575.581805][ T4416] [ 575.584103][ T4416] Memory state around the buggy address: [ 575.589788][ T4416] ffff888018e9d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 575.597908][ T4416] ffff888018e9d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 575.606288][ T4416] >ffff888018e9d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 575.614321][ T4416] ^ [ 575.618729][ T4416] ffff888018e9d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 575.626965][ T4416] ffff888018e9d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 575.635040][ T4416] ================================================================== [ 575.643090][ T4416] Disabling lock debugging due to kernel taint [ 575.651898][ T4416] Kernel panic - not syncing: panic_on_warn set ... [ 575.658982][ T4416] CPU: 0 PID: 4416 Comm: kworker/0:1 Tainted: G B 5.15.0-rc3-syzkaller #0 [ 575.669148][ T4416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.679283][ T4416] Workqueue: events hci_cmd_timeout [ 575.684607][ T4416] Call Trace: [ 575.687891][ T4416] dump_stack_lvl+0x57/0x7d [ 575.692374][ T4416] panic+0x214/0x49f [ 575.696387][ T4416] ? __warn_printk+0xee/0xee [ 575.700957][ T4416] ? preempt_schedule_common+0x59/0xc0 [ 575.706423][ T4416] ? hci_cmd_timeout+0x1e5/0x1f0 [ 575.711336][ T4416] ? preempt_schedule_thunk+0x16/0x18 [ 575.716683][ T4416] ? hci_cmd_timeout+0x1e5/0x1f0 [ 575.722110][ T4416] ? hci_cmd_timeout+0x1e5/0x1f0 [ 575.727207][ T4416] end_report.cold+0x63/0x6f [ 575.732045][ T4416] kasan_report.cold+0x71/0xdf [ 575.736789][ T4416] ? hci_cmd_timeout+0x1e5/0x1f0 [ 575.741876][ T4416] hci_cmd_timeout+0x1e5/0x1f0 [ 575.746617][ T4416] process_one_work+0x87f/0x1450 [ 575.751535][ T4416] ? lock_release+0x720/0x720 [ 575.756456][ T4416] ? pwq_dec_nr_in_flight+0x230/0x230 [ 575.761902][ T4416] ? rwlock_bug.part.0+0x90/0x90 [ 575.766927][ T4416] ? _raw_spin_lock_irq+0x41/0x50 [ 575.772121][ T4416] worker_thread+0x598/0x1040 [ 575.776808][ T4416] ? process_one_work+0x1450/0x1450 [ 575.782327][ T4416] kthread+0x38b/0x460 [ 575.786368][ T4416] ? _raw_spin_unlock_irq+0x1f/0x40 [ 575.791799][ T4416] ? set_kthread_struct+0x100/0x100 [ 575.796978][ T4416] ret_from_fork+0x1f/0x30 [ 575.801961][ T4416] Kernel Offset: disabled [ 575.807101][ T4416] Rebooting in 86400 seconds..