program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0200300c000800"], 0x11)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x40086602, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7)
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}}}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x40, 0x1, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x400006}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x8}]}, @CTA_STATUS={0x8}]}, 0x40}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000028000480240001800b00010072656a6563740000140002800800014000000000050002000000000008000b40000000000900010073797a300000000014000000110001"], 0xd8}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f0000000180), 0x4)
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r3, &(0x7f0000001280)={@val={0x2f3a, 0x800}, @val={0x0, 0x3, 0x3, 0x1}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x8, 0xfc0, 0x64, 0x0, 0x2, 0x11, 0x0, @empty, @remote, {[@timestamp={0x44, 0x4, 0xda, 0x0, 0x4}]}}, {0x4e23, 0x4e22, 0xfa8, 0x0, @opaque="1dbd2999d49d1ffc50eb5ff8d6e580f14050fe2c393bc37288afd126d1a675b26df62fe32f1a2e5f01dd65097cb1e3f52ee9c04ba60fbe31d534283fa3949df98b95211c8e06136eb4835aa26f2e95118da7595b52f88a521dea6d99e951be0a6384cd2286f3c27a1fc5266257917bfb20e89b8e277dbebae4e5a7a7495d682a89375c6e3bcfd96559ded46518f23da6b1f2a4f8207873829b6aa9312a13eb73dc5e0cbf38bcc9ca7822704791b0a459a4fcf358cc4d7d18f4a673b3d89af5c03c89bda576794545ef8d876ce884c1507636c3ccf06878595dce00637f4d6bf0cb1e8962ad22697d0e69852907e0096a568078ef81b22e222b07bf015467ee0954cf7099fe849613aa0dd0e836c53fd858dcc6aec2802b32409bf1e37f0cf39c9ad2b81fea60d847fd6d6cfe9f1fe8bd81a9989da9d2a85cfceb7c321c6dc698d7644738a617eee70b12fcfc7620bee48e0adbc5f8b7e63930a5dec74c4adfd0bf3391ad0d2a0f7635a71d09fc2536aa5856b9a00110a88da4d3f1b1e2584b65db85fa12fc90bf39203b3ce3f27ae5960d52b5ce337b0cdc7cc74290dbb960ae3f83af45148f43a73fcec4044858fce7933ac068d1331fbeef0e9fe02f6a609f2509635ab86b933a97d44b71ccc414f2325e3e108d1c48b98ba8ade1df9365cd37d1c1c8af27b4dc6e2aff7b157e0a75f84a7610b244818d67a8871a4f72f150a68f40c6abffcd5754f25d1614d2016f42a1803f83d6ec57e6e771801ecb799d55106a2e4d09f7da4f7c706d3a07337e3109e21922ab2b9423ad71616638b6c96668e568a17ddfec6e9d39fb513cbf7189251ef787582505e4afb3e6735deadba1b7a3b06217b43724909db5adcd3c2020be60cbe9d19c972607cdefb071d8a3a08839e8bb3070aa6a09dc6d62c54d794f9bd0a122bbc1946e487be0779073712c2f6f43d547e9c060d669b1bf70caee5699de023e9fe26192ac68ae560763606b605c465c93ad3e841670f672ab658088c0988bd87626771f3e7b94cf34ee9e298fcd7ae06781a1985f0ec5d41c3a17bfdbcae24023a94f46185c2a8f00f1e7d30509aecc7c0ffaafd7ef18cbf3cb964d9ae80c142917c2fdc7a536b00a923ef90046f6b9c81bdce46d545a04df1cefd319dc5b96c56354a94fe0f0baa6f7fe9dba6c8f3c8c293afda8d7794270a30d49de57661acfa00af42d9e8e623f461341fabf1c7b1e6bcf13b598eaacb33542b7686566308e4af5d216731dc1a069d7f3d8dd4a2bc218990493056c0e982e594c3926e3ba638d6d96e63cf9da295e24de96d476b910a2cda66b44f1013574017b07f567fbbc801a653f9eb6fb9f408a22e746ec2c4e161808b0b564d48cb1bcb624005e570521511175c7534fbe10400683d3951c97b046b35c216d0eb4cafbf0df5e00f5ec44fd68daf0e97e34cb799a6f21df7284cae81e0b1ca4828ce88421946edae1eb3afe084fb81f822b92f1a0b1f4a078a763ae96493971fac5fdc59d3810d4120182a784924f34ed6aac53c095e28c834aa2d17fa8cbf56ec51bf04813cb1fd4bd1990e284c326eb33c04a9d89a50265e826f4fc5244b36064af88b5c13a42f3687551b78535b6b525508b532296b370276899714383ad24f51e9be0d5f2fff656563b4776f46ca5c56195c231a1c761994ffb0acfe28e369a9be74afc8e5bcfde16877d5a52b84fec1116b91eb8587fb0f3a5aa03f44b8337bf614882b22fbdc8e53c1fd59f66d5ac305244f00dbb8ec8af8c5beee329199c385fdcd725f550de2b1e8f2e3d99fe8225f62b60233347dfada4d4d28baf5a4823221279715f7e54e55d9586ba73ace5ec53e47edaca6e8e29bf1578462acae8ac1bb1383ccd179f1f83ed12dd08a6e96327546ab2f03b94a31b069257235128816c2e8b7822af2c99e8e9dbd35af660aceef552c1979be3b8c967d29d8e19b7c90ee48596ba2c7daa24bba288f4bef2a3a888fbb8f30b0e445abf0cdf3995d11523a52f7e2c78d37c11e851343e531cf3bb564d652e8c1f9153e41ef036dc49d2aa731998bb9601a44429a85d45cd7caddce2091809793aae293c1644fe6b842ec87e1e85e8e6c9a5c6bb1e20b6eced0fb23925cddef1d562eacf2442adfe04067c8b6ad3c71e1b35457397e8be5377c116f6b04ede05f2abd28ad3203ecf7284a1fe20c81fefc8f913e47388874e9ad2450a58659eae946ced0d4bea8e005da2a378e5dc31cf90e03b34dccc95e9db28b39e85cd5864c7e6d3e00e80ecbd71e45407b26ba8dd7f910cf6f67cd5581ca11cdc506aeaa77a15b8f4068055e6dee4cd82632da383d6e2c01820f21fbaaca869bfd9250f618f2b416df41482b9bbb740e099cfcbf58eb6c9ec0e40cda34225d5b987bc01761ba5fcbab346a2036f0d3ccf216c39eca6b074d8a845dc6a9d936f34191cfea3bdf6a1966d5cbda97c05629e1c4c0b72ef8c66af71ccfa24bb1082eb14d1f6104e62170a3fcc45ab0b88f0872b25c3354711aa61c490e8736099c8ae2c3135616e173f1555251e58ee5f0b12840c1dbd1c7a292ddc8c6f2ae0893dbfb67847d0e26da417d8be0cbf0efb1bc7bc88226693d18bc3acb1c03b30afe69485a06afa7f1c3b2a1806e531213b048ac37b1d3690e676021ea87e6fe36810b42be5b2878b2466de81a6d61e7b3fb4954db0e83f8cd7aa3eae792c3bd232c94b5d2e9b31ad95f8395e4abc0867c75aa2fba63caf811318534bfdba6c1de30cab938a0a5f99a9bc5c443291f525af536031aa6c2e10038ed88d0d3d02af5d028e91b9081da46f184676375f9334ac77f4cad3487b4ee2b1431e621ab04c248e5e5710581ab74a4c728eab62cb39dfb5b269414aca8d604a683e7e20629fc6de3ded5ab2e3c69bf6c852fa6d31450b0de246e8c83606b240e8739af39b06cb41152b8e85586c45b63f71dbf7f459a9085b459f5e1176a929c2378eabfacec03540949b7af8c97ea0b0055ab0c541ad3b51674dbf862fc58fd312d6595cf23731b5d8a18110e263704a225d77f0f38466307c4ad57a819e08d96609f570f0c0490cfbec5e7dab79e4f6293c798add76aaae288ffd2c11e9cad405f43498311a65df70540b049554f327d337bb2b5071eabf163b688af1a59fb3d8198aae97418ba4cb1b51e743c8f79559e3f41be77de066bb343cde006588383996f20b3c9d6b501ada35d8a68f4fa658a11cd6688d05272d2205e6d080375bb35c4fa4f00f983c6e6ab8656f891bfeafe1818f6fdb9600aa264658933a749f0e2e650bc4b53f26ff448c862ca749ae4531446fa068695d61370075e5d2f4280c6bffb204db951d2d3bb0ad738db3688e7d39b682be48606658d0c20a73e06441edcd105f0a5b67839daf2e9d6fdae5f9312f47bbfd4ab6c1f65e9d8a0c904dd69288587a30441da8c41bb7e825b5e19872c8036c0c8806951e52f24e373c91a7e977aa39c40a304f92897d484d13e2dbea2555d336a4285b8e8a9bea0b5611d051a69f93602615a4c9c3f3af5883215aae3805ed4bd7d954b45addbeee07a60e851ec74db0c93e955765ea73f89ee783f59e59d3964067f75689b6ebbfe29ba4120d39ba743898b238829e8f8ddd7b8d455274544470c9e6da98c969fe62a80cece431ed726a27b9b244ebc8ac81ead66dc299b73caa0af947bfda68deeb681060e191942fc7c06db951b7bf314583d36e373992b98dfe5e77063d0dbef5f1e6aee0d87d61fc35bb193b965d003c325fae1f131b6ceca1504cd3b5e1dd574d80eccd3512fc137544474ecae3414c0228cd86e102828c8abc07d5916111e8ed6f436d97c3a24d1da10f161b71efe842eb57afb9577416727d0e18b942d82026b93446188d05eb7dcadc9f6dff5b55796e47429a23fa91a26079444591b831e92a4f1f29c63658d2c5b3310657a3e430e28810fc3df85ef1cd928377d33ecda3dbb78ecf733876b0bb025a1f0bdfe7b6d2603e5eaba4334fd41ac374432f41b59517f3e9b6dfe93be537c1dc916193bb8c0007cbafcdd9255bf690455051e4ba80c879ff37228dc4e42e20666ab785430a2c36491e9a57f4e373a02238f68cf9df231328492af5fc6916dd75c729bda4d2683d4fb41362a65c0271cfd1d29f4a61c5bae3c85b92ebe6ddd2005c2a8b9d7ec45c6e9e7c5a74ac44bc339dd769586e28808bbd979fbac66db4491e147a776ba9f9ef560c03b37571d2218f51542930b8680ec3b2dc990f2d3cb6281cbe1958e87c0216d8bbac7329792a7990a82c0cf7a0bcca681739677b312c6b4799ca5cf3528c354f3cedf018a5803e93348c1a5a334ac14728ad845610ccc4e620a88e010d61051861d13f469e452b62f1b70779ffd2bfd1bad818980d72cdc7509b64cd1de1348db83def401580cb9907a240aac7557b780b6e7dc1e0043eef3867af1f224c957889841a6ee50c254d532a561865f0be5733092d66112fb01571193e3298676cb9f4dcd602df467329d1c991b6992ac21e3a1b58a1ed3a7c52bc76b8245e711f72658c33a5b83adf48939bfd5f56f19d653dc72efefc7c64e25b3dc7a56113444b96fd31ccabc207140661254b8276515242becdb1082f21cb84b3d84fcb837ab0542de6e3e21e9380693e06251d8efe294efff3c1f35c6bc592d1fa93d8a33e57f2d4403c0c933e5334090dc98a162e826cdefd0734166f26d61fe4c9138abed7b9a6bc9d0f52a5e50dd9ddd4199b66f0962baddeb39da181dc60ff4a1423cc50741a525dde9f2afeb17bea83f6e4188d5f7ef021476c24b0c9ea2b51a7054dda6ad9010039b3420b92141f3dee96850c294587758df1ec0c03268a94771095f1a70724f0db555ff2ca0631321b4e4755f5da1498df71a807e45dca988249f89b449511e8e63e8b600c3d3f31239693ad364abb540c22f2658b9dc833a9748bf45a213acf213472f1db3b61daceaa3d3a4800140f4172ebc4b9d8c9639a3789b3f89ec03e81d902c115e579923394df0d9c3a0ab8e43f481f1de8036393bb0b589efb44aff59134d51e00f97b1e963bde11b941f5852ba7b9caa0b307b9e0223136e24fcf28c368c34f06d84cd7d73c9b71c9d3f953386e63ff65c159d62f73229c0a5427082d2d4aade8579f06df8ce48adb96848949e6c4c90d6e3c102b33547b509696a18500593ce4445e9b684c7688ef2f11ccfd9a63b420152c9ff3aee6de688b25bbb953dec40b9f8a6636e250cac0a03163a81caf8d2ed34e1350dc0093e51a2919aa0aafa9250891edfdc10409c157f2ed242dc3c8bc5c617db80e1d3151b9a0603270458fe2b52d2468ccbffe87874cfed14ae40b1a6df9423a6432171e03f456b59cbd8e4a8f638e5d56c4cf5140ae78fe2bbf38cd09d70352064599cfe0c2f2c387dbbb1a48595431214820cdf9412b5a749013e5a65b8e62e2d1db4385ecb78d3fad1af0eb367e0b3364ef039458ff4a8eec772755a4d0528891c957acb617e7b8d8a2058adfe8d558c22290cc488374f3c01ba77b304345367fb8cb18a317c89d1bcdd6d7f9523eada0327857caac10abd67821ad58e85a3f061c448d3f6371e3a73d91f52fc806e445128b463fc35c3a303ec355b4ad3387566b1c1d7ed18ea7ce2a78b2ca322bdd3c7e"}}}, 0xfce)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @loopback}]}]}, @IFLA_IFNAME={0x14, 0x3, 'tunl0\x00'}]}, 0x50}}, 0x0)

[  102.471772][ T4665] Bluetooth: hci0: command tx timeout
[  102.765238][ T5330] syzkaller1: entered promiscuous mode
[  102.767809][ T5330] syzkaller1: entered allmulticast mode
[  104.562754][ T5304] Bluetooth: hci0: command tx timeout
[  104.632715][ T4665] ==================================================================
[  104.636603][ T4665] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2a0
[  104.640069][ T4665] Write of size 4 at addr ffff888033a7c010 by task kworker/u5:1/4665
[  104.643860][ T4665] 
[  104.645044][ T4665] CPU: 0 UID: 0 PID: 4665 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[  104.645060][ T4665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.645070][ T4665] Workqueue: hci0 hci_cmd_sync_work
[  104.645089][ T4665] Call Trace:
[  104.645115][ T4665]  <TASK>
[  104.645121][ T4665]  dump_stack_lvl+0xe8/0x150
[  104.645138][ T4665]  print_report+0xba/0x230
[  104.645151][ T4665]  ? hci_conn_drop+0x34/0x2a0
[  104.645165][ T4665]  kasan_report+0x117/0x150
[  104.645178][ T4665]  ? hci_conn_drop+0x34/0x2a0
[  104.645191][ T4665]  kasan_check_range+0x264/0x2c0
[  104.645203][ T4665]  hci_conn_drop+0x34/0x2a0
[  104.645233][ T4665]  ? __pfx_le_read_features_complete+0x10/0x10
[  104.645252][ T4665]  hci_cmd_sync_work+0x262/0x400
[  104.645264][ T4665]  ? process_scheduled_works+0xa8d/0x18c0
[  104.645279][ T4665]  process_scheduled_works+0xb6e/0x18c0
[  104.645300][ T4665]  ? __pfx_process_scheduled_works+0x10/0x10
[  104.645314][ T4665]  ? assign_work+0x3d5/0x5e0
[  104.645328][ T4665]  worker_thread+0xa53/0xfc0
[  104.645347][ T4665]  kthread+0x388/0x470
[  104.645358][ T4665]  ? __pfx_worker_thread+0x10/0x10
[  104.645371][ T4665]  ? __pfx_kthread+0x10/0x10
[  104.645381][ T4665]  ret_from_fork+0x51e/0xb90
[  104.645397][ T4665]  ? __pfx_ret_from_fork+0x10/0x10
[  104.645410][ T4665]  ? __switch_to+0xc7d/0x1450
[  104.645422][ T4665]  ? __pfx_kthread+0x10/0x10
[  104.645431][ T4665]  ret_from_fork_asm+0x1a/0x30
[  104.645451][ T4665]  </TASK>
[  104.645455][ T4665] 
[  104.710861][ T4665] Allocated by task 4665:
[  104.712767][ T4665]  kasan_save_track+0x3e/0x80
[  104.714972][ T4665]  __kasan_kmalloc+0x93/0xb0
[  104.716929][ T4665]  __kmalloc_cache_noprof+0x31c/0x660
[  104.719563][ T4665]  __hci_conn_add+0x3c4/0x1e00
[  104.721705][ T4665]  le_conn_complete_evt+0x706/0x1430
[  104.724069][ T4665]  hci_le_enh_conn_complete_evt+0x189/0x490
[  104.726735][ T4665]  hci_event_packet+0x7af/0x12c0
[  104.729394][ T4665]  hci_rx_work+0x3ee/0x1030
[  104.732031][ T4665]  process_scheduled_works+0xb6e/0x18c0
[  104.734582][ T4665]  worker_thread+0xa53/0xfc0
[  104.736496][ T4665]  kthread+0x388/0x470
[  104.738133][ T4665]  ret_from_fork+0x51e/0xb90
[  104.740145][ T4665]  ret_from_fork_asm+0x1a/0x30
[  104.742467][ T4665] 
[  104.743676][ T4665] Freed by task 5304:
[  104.745654][ T4665]  kasan_save_track+0x3e/0x80
[  104.748052][ T4665]  kasan_save_free_info+0x46/0x50
[  104.750539][ T4665]  __kasan_slab_free+0x5c/0x80
[  104.752812][ T4665]  kfree+0x1c1/0x630
[  104.754681][ T4665]  device_release+0x9e/0x1d0
[  104.756973][ T4665]  kobject_put+0x228/0x560
[  104.759016][ T4665]  hci_conn_del+0xc36/0x1230
[  104.761212][ T4665]  hci_disconn_complete_evt+0x64e/0x950
[  104.763861][ T4665]  hci_event_packet+0x805/0x12c0
[  104.766174][ T4665]  hci_rx_work+0x3ee/0x1030
[  104.768228][ T4665]  process_scheduled_works+0xb6e/0x18c0
[  104.771016][ T4665]  worker_thread+0xa53/0xfc0
[  104.773449][ T4665]  kthread+0x388/0x470
[  104.775541][ T4665]  ret_from_fork+0x51e/0xb90
[  104.777690][ T4665]  ret_from_fork_asm+0x1a/0x30
[  104.779786][ T4665] 
[  104.780842][ T4665] The buggy address belongs to the object at ffff888033a7c000
[  104.780842][ T4665]  which belongs to the cache kmalloc-8k of size 8192
[  104.786563][ T4665] The buggy address is located 16 bytes inside of
[  104.786563][ T4665]  freed 8192-byte region [ffff888033a7c000, ffff888033a7e000)
[  104.794294][ T4665] 
[  104.795286][ T4665] The buggy address belongs to the physical page:
[  104.798393][ T4665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33a78
[  104.802004][ T4665] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  104.805733][ T4665] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  104.809543][ T4665] page_type: f5(slab)
[  104.811632][ T4665] raw: 04fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122
[  104.815423][ T4665] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[  104.819140][ T4665] head: 04fff00000000040 ffff88801ac42280 dead000000000100 dead000000000122
[  104.823094][ T4665] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000
[  104.827695][ T4665] head: 04fff00000000003 ffffea0000ce9e01 00000000ffffffff 00000000ffffffff
[  104.831888][ T4665] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  104.835777][ T4665] page dumped because: kasan: bad access detected
[  104.838767][ T4665] page_owner tracks the page as allocated
[  104.842465][ T4665] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 20100355136, free_ts 19390077470
[  104.851782][ T4665]  post_alloc_hook+0x231/0x280
[  104.853886][ T4665]  get_page_from_freelist+0x24dc/0x2580
[  104.856269][ T4665]  __alloc_frozen_pages_noprof+0x18d/0x380
[  104.858782][ T4665]  allocate_slab+0x77/0x660
[  104.860810][ T4665]  refill_objects+0x331/0x3c0
[  104.862996][ T4665]  __pcs_replace_empty_main+0x2e6/0x730
[  104.865847][ T4665]  __kmalloc_cache_noprof+0x392/0x660
[  104.868579][ T4665]  ptp_clock_register+0x404/0x1610
[  104.871044][ T4665]  e1000e_ptp_init+0x597/0x7a0
[  104.873417][ T4665]  e1000_probe+0x1d72/0x2af0
[  104.875842][ T4665]  pci_device_probe+0x41a/0xc70
[  104.878304][ T4665]  really_probe+0x267/0xaf0
[  104.880381][ T4665]  __driver_probe_device+0x18c/0x320
[  104.882977][ T4665]  driver_probe_device+0x4f/0x240
[  104.885343][ T4665]  __driver_attach+0x349/0x640
[  104.887349][ T4665]  bus_for_each_dev+0x23b/0x2c0
[  104.889316][ T4665] page last free pid 53 tgid 53 stack trace:
[  104.891991][ T4665]  __free_frozen_pages+0xc2b/0xdb0
[  104.894464][ T4665]  __slab_free+0x263/0x2b0
[  104.897077][ T4665]  qlist_free_all+0x97/0x100
[  104.899789][ T4665]  kasan_quarantine_reduce+0x148/0x160
[  104.902770][ T4665]  __kasan_slab_alloc+0x22/0x80
[  104.904867][ T4665]  __kmalloc_cache_noprof+0x2ba/0x660
[  104.907074][ T4665]  drm_atomic_state_alloc+0xa9/0x100
[  104.909318][ T4665]  drm_atomic_helper_dirtyfb+0x129/0xf80
[  104.911680][ T4665]  drm_fbdev_shmem_helper_fb_dirty+0x160/0x2d0
[  104.914829][ T4665]  drm_fb_helper_damage_work+0x2b3/0x750
[  104.917205][ T4665]  process_scheduled_works+0xb6e/0x18c0
[  104.920062][ T4665]  worker_thread+0xa53/0xfc0
[  104.922698][ T4665]  kthread+0x388/0x470
[  104.924602][ T4665]  ret_from_fork+0x51e/0xb90
[  104.926685][ T4665]  ret_from_fork_asm+0x1a/0x30
[  104.928786][ T4665] 
[  104.929840][ T4665] Memory state around the buggy address:
[  104.932168][ T4665]  ffff888033a7bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.939364][ T4665]  ffff888033a7bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.943208][ T4665] >ffff888033a7c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.946690][ T4665]                          ^
[  104.948672][ T4665]  ffff888033a7c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.952090][ T4665]  ffff888033a7c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  104.956210][ T4665] ==================================================================
[  104.974029][ T4665] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  104.977285][ T4665] CPU: 0 UID: 0 PID: 4665 Comm: kworker/u5:1 Not tainted syzkaller #0 PREEMPT(full) 
[  104.982146][ T4665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.986831][ T4665] Workqueue: hci0 hci_cmd_sync_work
[  104.989191][ T4665] Call Trace:
[  104.990800][ T4665]  <TASK>
[  104.992240][ T4665]  vpanic+0x56c/0xa60
[  104.994201][ T4665]  ? __pfx_vpanic+0x10/0x10
[  104.996617][ T4665]  panic+0xc5/0xd0
[  104.998689][ T4665]  ? __pfx_panic+0x10/0x10
[  105.000700][ T4665]  ? preempt_schedule_thunk+0x16/0x30
[  105.003029][ T4665]  ? preempt_schedule_thunk+0x16/0x30
[  105.005194][ T4665]  ? hci_conn_drop+0x34/0x2a0
[  105.007263][ T4665]  check_panic_on_warn+0x89/0xb0
[  105.009589][ T4665]  ? hci_conn_drop+0x34/0x2a0
[  105.011953][ T4665]  end_report+0x73/0x180
[  105.014459][ T4665]  ? hci_conn_drop+0x34/0x2a0
[  105.016468][ T4665]  kasan_report+0x128/0x150
[  105.018601][ T4665]  ? hci_conn_drop+0x34/0x2a0
[  105.020731][ T4665]  kasan_check_range+0x264/0x2c0
[  105.023039][ T4665]  hci_conn_drop+0x34/0x2a0
[  105.025096][ T4665]  ? __pfx_le_read_features_complete+0x10/0x10
[  105.028470][ T4665]  hci_cmd_sync_work+0x262/0x400
[  105.031332][ T4665]  ? process_scheduled_works+0xa8d/0x18c0
[  105.033857][ T4665]  process_scheduled_works+0xb6e/0x18c0
[  105.036384][ T4665]  ? __pfx_process_scheduled_works+0x10/0x10
[  105.039086][ T4665]  ? assign_work+0x3d5/0x5e0
[  105.041221][ T4665]  worker_thread+0xa53/0xfc0
[  105.043408][ T4665]  kthread+0x388/0x470
[  105.045194][ T4665]  ? __pfx_worker_thread+0x10/0x10
[  105.047562][ T4665]  ? __pfx_kthread+0x10/0x10
[  105.049796][ T4665]  ret_from_fork+0x51e/0xb90
[  105.051994][ T4665]  ? __pfx_ret_from_fork+0x10/0x10
[  105.054219][ T4665]  ? __switch_to+0xc7d/0x1450
[  105.056369][ T4665]  ? __pfx_kthread+0x10/0x10
[  105.058556][ T4665]  ret_from_fork_asm+0x1a/0x30
[  105.060910][ T4665]  </TASK>
[  105.062810][ T4665] Kernel Offset: disabled
[  105.064852][ T4665] Rebooting in 86400 seconds..