Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts.
2025/11/29 16:18:45 parsed 1 programs
[   88.946731][ T5833] cgroup: Unknown subsys name 'net'
[   89.144873][ T5833] cgroup: Unknown subsys name 'cpuset'
[   89.154344][ T5833] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   90.826377][ T5833] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   93.907322][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   94.556543][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   94.644970][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.653568][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.660939][ T5857] bridge_slave_0: entered allmulticast mode
[   94.668386][ T5857] bridge_slave_0: entered promiscuous mode
[   94.678089][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.685397][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.692640][ T5857] bridge_slave_1: entered allmulticast mode
[   94.699926][ T5857] bridge_slave_1: entered promiscuous mode
[   94.738285][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.751860][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.788203][ T5857] team0: Port device team_slave_0 added
[   94.797284][ T5857] team0: Port device team_slave_1 added
[   94.828413][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.835565][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.861509][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.874580][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.881592][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   94.907534][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.955316][ T5857] hsr_slave_0: entered promiscuous mode
[   94.962022][ T5857] hsr_slave_1: entered promiscuous mode
[   95.147077][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.162671][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.174321][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.184966][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.220759][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.228095][ T5857] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.236328][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.243509][ T5857] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.309018][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.330606][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.339976][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.359599][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   95.376347][ T4445] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.383583][ T4445] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.398699][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.405972][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.606903][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.656836][ T5857] veth0_vlan: entered promiscuous mode
[   95.672282][ T5857] veth1_vlan: entered promiscuous mode
[   95.707760][ T5857] veth0_macvtap: entered promiscuous mode
[   95.718563][ T5857] veth1_macvtap: entered promiscuous mode
[   95.740752][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.757156][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.774044][ T4373] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.786043][ T4373] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.795508][ T4373] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.805352][ T4373] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.954641][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.024385][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.127907][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.221791][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.767772][ T1324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.781607][ T1324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.827702][ T4445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.840846][ T4445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.026404][  T794] cfg80211: failed to load regulatory.db
[   98.504821][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.513244][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.521209][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.529660][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.537953][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.186450][   T12] bridge_slave_1: left allmulticast mode
[   99.200906][   T12] bridge_slave_1: left promiscuous mode
[   99.212448][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.245923][   T12] bridge_slave_0: left allmulticast mode
[   99.253163][   T12] bridge_slave_0: left promiscuous mode
[   99.259420][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
2025/11/29 16:18:59 executed programs: 0
[   99.536123][ T5149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.547188][ T5149] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.555068][ T5149] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.564738][ T5149] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.575999][ T5149] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.636907][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   99.648664][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   99.659168][   T12] bond0 (unregistering): Released all slaves
[   99.783339][   T12] hsr_slave_0: left promiscuous mode
[   99.789884][   T12] hsr_slave_1: left promiscuous mode
[   99.797011][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.805231][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.814865][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.823282][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.851304][   T12] veth1_macvtap: left promiscuous mode
[   99.857160][   T12] veth0_macvtap: left promiscuous mode
[   99.863241][   T12] veth1_vlan: left promiscuous mode
[   99.868772][   T12] veth0_vlan: left promiscuous mode
[  100.340273][   T12] team0 (unregistering): Port device team_slave_1 removed
[  100.375411][   T12] team0 (unregistering): Port device team_slave_0 removed
[  100.838461][ T5945] chnl_net:caif_netlink_parms(): no params data found
[  101.078121][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.090531][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.100506][ T5945] bridge_slave_0: entered allmulticast mode
[  101.108825][ T5945] bridge_slave_0: entered promiscuous mode
[  101.125556][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.132931][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.140203][ T5945] bridge_slave_1: entered allmulticast mode
[  101.148736][ T5945] bridge_slave_1: entered promiscuous mode
[  101.671951][   T52] Bluetooth: hci0: command tx timeout
[  101.687795][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.729112][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.795471][ T5945] team0: Port device team_slave_0 added
[  101.807434][ T5945] team0: Port device team_slave_1 added
[  101.883031][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.890417][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.920085][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.934433][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.942100][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.968581][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.172693][ T5945] hsr_slave_0: entered promiscuous mode
[  102.179711][ T5945] hsr_slave_1: entered promiscuous mode
[  103.076787][ T5945] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.091979][ T5945] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.104054][ T5945] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.119369][ T5945] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.261725][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.293251][ T5945] 8021q: adding VLAN 0 to HW filter on device team0
[  103.309275][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.316680][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.338997][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.346271][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.642300][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.715933][ T5945] veth0_vlan: entered promiscuous mode
[  103.730554][ T5945] veth1_vlan: entered promiscuous mode
[  103.741544][   T52] Bluetooth: hci0: command tx timeout
[  103.792197][ T5945] veth0_macvtap: entered promiscuous mode
[  103.804480][ T5945] veth1_macvtap: entered promiscuous mode
[  103.843315][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.859787][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.879088][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.888998][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.902614][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.912202][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.006148][ T4445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.019853][ T4445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.067746][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.077491][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/29 16:19:04 executed programs: 7
[  105.821571][ T5149] Bluetooth: hci0: command tx timeout
[  106.221108][   T52] ==================================================================
[  106.229237][   T52] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0
[  106.236747][   T52] Write of size 4 at addr ffff888033488010 by task kworker/u9:0/52
[  106.244670][   T52] 
[  106.247052][   T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  106.247078][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  106.247092][   T52] Workqueue: hci0 hci_cmd_sync_work
[  106.247129][   T52] Call Trace:
[  106.247138][   T52]  <TASK>
[  106.247148][   T52]  dump_stack_lvl+0x189/0x250
[  106.247176][   T52]  ? __virt_addr_valid+0x1c8/0x5c0
[  106.247205][   T52]  ? rcu_is_watching+0x15/0xb0
[  106.247232][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.247254][   T52]  ? rcu_is_watching+0x15/0xb0
[  106.247278][   T52]  ? lock_release+0x4b/0x3b0
[  106.247297][   T52]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  106.247320][   T52]  ? __virt_addr_valid+0x1c8/0x5c0
[  106.247348][   T52]  ? __virt_addr_valid+0x4a5/0x5c0
[  106.247377][   T52]  print_report+0xca/0x240
[  106.247398][   T52]  ? hci_conn_drop+0x34/0x2b0
[  106.247424][   T52]  kasan_report+0x118/0x150
[  106.247447][   T52]  ? hci_conn_valid+0x21/0x230
[  106.247474][   T52]  ? hci_conn_drop+0x34/0x2b0
[  106.247505][   T52]  kasan_check_range+0x2b0/0x2c0
[  106.247531][   T52]  hci_conn_drop+0x34/0x2b0
[  106.247557][   T52]  ? __pfx_le_read_features_complete+0x10/0x10
[  106.247580][   T52]  hci_cmd_sync_work+0x262/0x400
[  106.247606][   T52]  ? process_one_work+0x868/0x15a0
[  106.247626][   T52]  process_one_work+0x93a/0x15a0
[  106.247657][   T52]  ? __pfx_process_one_work+0x10/0x10
[  106.247682][   T52]  ? assign_work+0x3a1/0x410
[  106.247704][   T52]  worker_thread+0x9b0/0xee0
[  106.247737][   T52]  kthread+0x711/0x8a0
[  106.247765][   T52]  ? __pfx_worker_thread+0x10/0x10
[  106.247786][   T52]  ? __pfx_kthread+0x10/0x10
[  106.247813][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  106.247833][   T52]  ? lockdep_hardirqs_on+0x98/0x140
[  106.247854][   T52]  ? __pfx_kthread+0x10/0x10
[  106.247880][   T52]  ret_from_fork+0x599/0xb30
[  106.247901][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  106.247925][   T52]  ? __switch_to_asm+0x39/0x70
[  106.247951][   T52]  ? __switch_to_asm+0x33/0x70
[  106.247978][   T52]  ? __pfx_kthread+0x10/0x10
[  106.248013][   T52]  ret_from_fork_asm+0x1a/0x30
[  106.248049][   T52]  </TASK>
[  106.248057][   T52] 
[  106.454353][   T52] Allocated by task 52:
[  106.458518][   T52]  kasan_save_track+0x3e/0x80
[  106.463231][   T52]  __kasan_kmalloc+0x93/0xb0
[  106.467843][   T52]  __kmalloc_cache_noprof+0x3e2/0x700
[  106.473247][   T52]  __hci_conn_add+0x3c5/0x1b30
[  106.478039][   T52]  le_conn_complete_evt+0x6f6/0x1420
[  106.483353][   T52]  hci_le_enh_conn_complete_evt+0x189/0x4a0
[  106.489264][   T52]  hci_event_packet+0x78f/0x1260
[  106.494219][   T52]  hci_rx_work+0x3ee/0x1060
[  106.498739][   T52]  process_one_work+0x93a/0x15a0
[  106.503697][   T52]  worker_thread+0x9b0/0xee0
[  106.508318][   T52]  kthread+0x711/0x8a0
[  106.512417][   T52]  ret_from_fork+0x599/0xb30
[  106.517050][   T52]  ret_from_fork_asm+0x1a/0x30
[  106.521829][   T52] 
[  106.524179][   T52] Freed by task 5149:
[  106.528253][   T52]  kasan_save_track+0x3e/0x80
[  106.532953][   T52]  kasan_save_free_info+0x46/0x50
[  106.537999][   T52]  __kasan_slab_free+0x5c/0x80
[  106.542778][   T52]  kfree+0x1c0/0x660
[  106.546686][   T52]  device_release+0x9e/0x1d0
[  106.551296][   T52]  kobject_put+0x228/0x570
[  106.555725][   T52]  hci_conn_del+0xc36/0x1240
[  106.560329][   T52]  hci_disconn_complete_evt+0x64e/0x950
[  106.565888][   T52]  hci_event_packet+0x7e3/0x1260
[  106.570835][   T52]  hci_rx_work+0x3ee/0x1060
[  106.575354][   T52]  process_one_work+0x93a/0x15a0
[  106.580301][   T52]  worker_thread+0x9b0/0xee0
[  106.584946][   T52]  kthread+0x711/0x8a0
[  106.589028][   T52]  ret_from_fork+0x599/0xb30
[  106.593622][   T52]  ret_from_fork_asm+0x1a/0x30
[  106.598397][   T52] 
[  106.600723][   T52] The buggy address belongs to the object at ffff888033488000
[  106.600723][   T52]  which belongs to the cache kmalloc-8k of size 8192
[  106.614783][   T52] The buggy address is located 16 bytes inside of
[  106.614783][   T52]  freed 8192-byte region [ffff888033488000, ffff88803348a000)
[  106.628587][   T52] 
[  106.630923][   T52] The buggy address belongs to the physical page:
[  106.637355][   T52] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33488
[  106.646208][   T52] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  106.654718][   T52] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  106.662624][   T52] page_type: f5(slab)
[  106.666612][   T52] raw: 00fff00000000040 ffff88813fe27280 ffffea0001e63200 0000000000000003
[  106.675203][   T52] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  106.683798][   T52] head: 00fff00000000040 ffff88813fe27280 ffffea0001e63200 0000000000000003
[  106.692472][   T52] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  106.701156][   T52] head: 00fff00000000003 ffffea0000cd2201 00000000ffffffff 00000000ffffffff
[  106.709835][   T52] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  106.718517][   T52] page dumped because: kasan: bad access detected
[  106.724941][   T52] page_owner tracks the page as allocated
[  106.730743][   T52] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5833, tgid 5833 (syz-execprog), ts 85370755414, free_ts 83402699543
[  106.751336][   T52]  post_alloc_hook+0x234/0x290
[  106.756113][   T52]  get_page_from_freelist+0x2365/0x2440
[  106.761689][   T52]  __alloc_frozen_pages_noprof+0x181/0x370
[  106.767502][   T52]  alloc_pages_mpol+0x232/0x4a0
[  106.772359][   T52]  allocate_slab+0x86/0x3b0
[  106.776873][   T52]  ___slab_alloc+0xf2b/0x1960
[  106.781562][   T52]  __slab_alloc+0x65/0x100
[  106.785987][   T52]  __kmalloc_cache_noprof+0x41e/0x700
[  106.791365][   T52]  tomoyo_init_log+0x111f/0x1f70
[  106.796310][   T52]  tomoyo_supervisor+0x340/0x1480
[  106.801368][   T52]  tomoyo_env_perm+0x149/0x1e0
[  106.806161][   T52]  tomoyo_find_next_domain+0x15ce/0x1aa0
[  106.811805][   T52]  tomoyo_bprm_check_security+0x11c/0x180
[  106.817550][   T52]  security_bprm_check+0x89/0x270
[  106.822599][   T52]  bprm_execve+0x887/0x1400
[  106.827126][   T52]  do_execveat_common+0x510/0x6a0
[  106.832165][   T52] page last free pid 5822 tgid 5822 stack trace:
[  106.838494][   T52]  __free_frozen_pages+0xbc8/0xd30
[  106.843614][   T52]  __put_partials+0x146/0x170
[  106.848304][   T52]  put_cpu_partial+0x1f2/0x2d0
[  106.853077][   T52]  __slab_free+0x288/0x2a0
[  106.857503][   T52]  qlist_free_all+0x97/0x100
[  106.862095][   T52]  kasan_quarantine_reduce+0x148/0x160
[  106.867557][   T52]  __kasan_slab_alloc+0x22/0x80
[  106.872417][   T52]  kmem_cache_alloc_noprof+0x37d/0x710
[  106.877893][   T52]  ptlock_alloc+0x20/0x70
[  106.882237][   T52]  pte_alloc_one+0x7a/0x370
[  106.886753][   T52]  __pte_alloc+0x25/0x1a0
[  106.891089][   T52]  do_pte_missing+0x2b2f/0x3330
[  106.895977][   T52]  handle_mm_fault+0x1b26/0x32b0
[  106.900932][   T52]  do_user_addr_fault+0xa7c/0x1380
[  106.906061][   T52]  exc_page_fault+0x82/0x100
[  106.910663][   T52]  asm_exc_page_fault+0x26/0x30
[  106.915531][   T52] 
[  106.917861][   T52] Memory state around the buggy address:
[  106.923495][   T52]  ffff888033487f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.931570][   T52]  ffff888033487f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  106.939645][   T52] >ffff888033488000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.947795][   T52]                          ^
[  106.952390][   T52]  ffff888033488080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.960623][   T52]  ffff888033488100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.968736][   T52] ==================================================================
[  106.984096][   T52] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  106.991378][   T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  107.000693][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  107.010781][   T52] Workqueue: hci0 hci_cmd_sync_work
[  107.016024][   T52] Call Trace:
[  107.019314][   T52]  <TASK>
[  107.022250][   T52]  dump_stack_lvl+0x99/0x250
[  107.026853][   T52]  ? __asan_memcpy+0x40/0x70
[  107.031463][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.036672][   T52]  ? __pfx__printk+0x10/0x10
[  107.041284][   T52]  vpanic+0x237/0x6d0
[  107.045280][   T52]  ? __pfx_vpanic+0x10/0x10
[  107.049801][   T52]  ? preempt_schedule+0xae/0xc0
[  107.054660][   T52]  ? __pfx_preempt_schedule+0x10/0x10
[  107.060089][   T52]  panic+0xb9/0xc0
[  107.063852][   T52]  ? __pfx_panic+0x10/0x10
[  107.068281][   T52]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  107.074185][   T52]  ? is_module_address+0x17/0xf0
[  107.079133][   T52]  ? hci_conn_drop+0x34/0x2b0
[  107.083830][   T52]  check_panic_on_warn+0x89/0xb0
[  107.088782][   T52]  ? hci_conn_drop+0x34/0x2b0
[  107.093471][   T52]  end_report+0x6f/0x140
[  107.097723][   T52]  kasan_report+0x129/0x150
[  107.102239][   T52]  ? hci_conn_valid+0x21/0x230
[  107.107019][   T52]  ? hci_conn_drop+0x34/0x2b0
[  107.111715][   T52]  kasan_check_range+0x2b0/0x2c0
[  107.116667][   T52]  hci_conn_drop+0x34/0x2b0
[  107.121187][   T52]  ? __pfx_le_read_features_complete+0x10/0x10
[  107.127355][   T52]  hci_cmd_sync_work+0x262/0x400
[  107.132313][   T52]  ? process_one_work+0x868/0x15a0
[  107.137437][   T52]  process_one_work+0x93a/0x15a0
[  107.142388][   T52]  ? __pfx_process_one_work+0x10/0x10
[  107.147772][   T52]  ? assign_work+0x3a1/0x410
[  107.152368][   T52]  worker_thread+0x9b0/0xee0
[  107.156974][   T52]  kthread+0x711/0x8a0
[  107.161055][   T52]  ? __pfx_worker_thread+0x10/0x10
[  107.166174][   T52]  ? __pfx_kthread+0x10/0x10
[  107.170785][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  107.175996][   T52]  ? lockdep_hardirqs_on+0x98/0x140
[  107.181206][   T52]  ? __pfx_kthread+0x10/0x10
[  107.185807][   T52]  ret_from_fork+0x599/0xb30
[  107.190404][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  107.195529][   T52]  ? __switch_to_asm+0x39/0x70
[  107.200309][   T52]  ? __switch_to_asm+0x33/0x70
[  107.205084][   T52]  ? __pfx_kthread+0x10/0x10
[  107.209736][   T52]  ret_from_fork_asm+0x1a/0x30
[  107.214527][   T52]  </TASK>
[  107.217711][   T52] Kernel Offset: disabled
[  107.222307][   T52] Rebooting in 86400 seconds..