Warning: Permanently added '10.128.10.18' (ED25519) to the list of known hosts.
2025/11/29 12:27:16 parsed 1 programs
[   94.602853][ T5828] cgroup: Unknown subsys name 'net'
[   94.757153][ T5828] cgroup: Unknown subsys name 'cpuset'
[   94.768206][ T5828] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   96.577638][ T5828] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.345719][   T24] cfg80211: failed to load regulatory.db
[   99.832413][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.841930][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.851407][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.872511][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.880535][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.050641][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  103.219609][ T5899] chnl_net:caif_netlink_parms(): no params data found
[  103.341816][ T5899] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.353396][ T5899] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.361508][ T5899] bridge_slave_0: entered allmulticast mode
[  103.372047][ T5899] bridge_slave_0: entered promiscuous mode
[  103.383314][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.392131][ T5899] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.401605][ T5899] bridge_slave_1: entered allmulticast mode
[  103.411956][ T5899] bridge_slave_1: entered promiscuous mode
[  103.453944][ T5899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.467446][ T5899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.502564][ T5899] team0: Port device team_slave_0 added
[  103.511703][ T5899] team0: Port device team_slave_1 added
[  103.541128][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.550026][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.577373][ T5899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.590810][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.598122][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.624605][ T5899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.677478][ T5899] hsr_slave_0: entered promiscuous mode
[  103.684245][ T5899] hsr_slave_1: entered promiscuous mode
[  103.875907][ T5899] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.890012][ T5899] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.902297][ T5899] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.918884][ T5899] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.004068][ T5899] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.031397][ T5899] 8021q: adding VLAN 0 to HW filter on device team0
[  104.047288][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.054878][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.073119][ T1334] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.080477][ T1334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.296321][ T5899] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.352822][ T5899] veth0_vlan: entered promiscuous mode
[  104.366858][ T5899] veth1_vlan: entered promiscuous mode
[  104.401293][ T5899] veth0_macvtap: entered promiscuous mode
[  104.411722][ T5899] veth1_macvtap: entered promiscuous mode
[  104.433692][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.449284][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.467616][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.477329][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.488393][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.498277][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.666386][ T1334] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.765195][ T1334] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.816009][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.833722][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.858705][ T1334] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.894744][ T3493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.904440][ T3493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.926461][ T1334] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/29 12:27:31 executed programs: 0
[  105.703540][ T5146] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.711855][ T5146] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.721444][ T5146] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.733934][ T5146] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.742192][ T5146] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.937687][ T5938] chnl_net:caif_netlink_parms(): no params data found
[  106.032953][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.041004][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.049013][ T5938] bridge_slave_0: entered allmulticast mode
[  106.056713][ T5938] bridge_slave_0: entered promiscuous mode
[  106.066555][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.074518][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.081999][ T5938] bridge_slave_1: entered allmulticast mode
[  106.089991][ T5938] bridge_slave_1: entered promiscuous mode
[  106.128359][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  106.140859][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.182526][ T5938] team0: Port device team_slave_0 added
[  106.191183][ T5938] team0: Port device team_slave_1 added
[  106.229731][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.236848][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.263935][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.276570][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.284202][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  106.311926][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.373008][ T5938] hsr_slave_0: entered promiscuous mode
[  106.386432][ T5938] hsr_slave_1: entered promiscuous mode
[  106.393855][ T5938] debugfs: 'hsr0' already exists in 'hsr'
[  106.400517][ T5938] Cannot create hsr debugfs directory
[  107.820294][ T1334] bridge_slave_1: left allmulticast mode
[  107.830033][ T1334] bridge_slave_1: left promiscuous mode
[  107.837047][ T5843] Bluetooth: hci0: command tx timeout
[  107.846005][ T1334] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.859570][ T1334] bridge_slave_0: left allmulticast mode
[  107.866976][ T1334] bridge_slave_0: left promiscuous mode
[  107.875495][ T1334] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.246867][ T1334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.259970][ T1334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.274814][ T1334] bond0 (unregistering): Released all slaves
[  108.377863][ T1334] hsr_slave_0: left promiscuous mode
[  108.388157][ T1334] hsr_slave_1: left promiscuous mode
[  108.399543][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.410340][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_0
[  108.420903][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.429221][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.453358][ T1334] veth1_macvtap: left promiscuous mode
[  108.460138][ T1334] veth0_macvtap: left promiscuous mode
[  108.468872][ T1334] veth1_vlan: left promiscuous mode
[  108.477418][ T1334] veth0_vlan: left promiscuous mode
[  108.847668][ T1334] team0 (unregistering): Port device team_slave_1 removed
[  108.882339][ T1334] team0 (unregistering): Port device team_slave_0 removed
[  109.604833][ T5938] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.631015][ T5938] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.650736][ T5938] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.663851][ T5938] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.903485][ T5843] Bluetooth: hci0: command tx timeout
[  110.092310][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.156137][ T5938] 8021q: adding VLAN 0 to HW filter on device team0
[  110.221977][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.229456][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.249705][ T2135] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.256966][ T2135] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.380015][ T5938] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  110.677314][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0
[  110.758009][ T5938] veth0_vlan: entered promiscuous mode
[  110.774214][ T5938] veth1_vlan: entered promiscuous mode
[  110.815439][ T5938] veth0_macvtap: entered promiscuous mode
[  110.830161][ T5938] veth1_macvtap: entered promiscuous mode
[  110.858153][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.875513][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.900273][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.909911][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.920570][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.935074][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.047262][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.066822][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.116453][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.126935][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/29 12:27:37 executed programs: 2
[  112.005199][ T5843] Bluetooth: hci0: command tx timeout
[  113.264160][ T5146] ==================================================================
[  113.272721][ T5146] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0
[  113.280578][ T5146] Write of size 4 at addr ffff888032b94010 by task kworker/u9:1/5146
[  113.289376][ T5146] 
[  113.292204][ T5146] CPU: 1 UID: 0 PID: 5146 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  113.292233][ T5146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  113.292248][ T5146] Workqueue: hci0 hci_cmd_sync_work
[  113.292293][ T5146] Call Trace:
[  113.292309][ T5146]  <TASK>
[  113.292317][ T5146]  dump_stack_lvl+0x189/0x250
[  113.292340][ T5146]  ? __virt_addr_valid+0x1c8/0x5c0
[  113.292363][ T5146]  ? rcu_is_watching+0x15/0xb0
[  113.292384][ T5146]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.292403][ T5146]  ? rcu_is_watching+0x15/0xb0
[  113.292424][ T5146]  ? lock_release+0x4b/0x3b0
[  113.292452][ T5146]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  113.292483][ T5146]  ? __virt_addr_valid+0x1c8/0x5c0
[  113.292506][ T5146]  ? __virt_addr_valid+0x4a5/0x5c0
[  113.292531][ T5146]  print_report+0xca/0x240
[  113.292554][ T5146]  ? hci_conn_drop+0x34/0x2b0
[  113.292573][ T5146]  kasan_report+0x118/0x150
[  113.292592][ T5146]  ? hci_conn_valid+0x21/0x230
[  113.292614][ T5146]  ? hci_conn_drop+0x34/0x2b0
[  113.292638][ T5146]  kasan_check_range+0x2b0/0x2c0
[  113.292660][ T5146]  hci_conn_drop+0x34/0x2b0
[  113.292680][ T5146]  ? __pfx_le_read_features_complete+0x10/0x10
[  113.292711][ T5146]  hci_cmd_sync_work+0x262/0x400
[  113.292746][ T5146]  ? process_one_work+0x868/0x15a0
[  113.292776][ T5146]  process_one_work+0x93a/0x15a0
[  113.292817][ T5146]  ? __pfx_process_one_work+0x10/0x10
[  113.292851][ T5146]  ? assign_work+0x3a1/0x410
[  113.292890][ T5146]  worker_thread+0x9b0/0xee0
[  113.292934][ T5146]  kthread+0x711/0x8a0
[  113.292958][ T5146]  ? __pfx_worker_thread+0x10/0x10
[  113.292987][ T5146]  ? __pfx_kthread+0x10/0x10
[  113.293010][ T5146]  ? _raw_spin_unlock_irq+0x23/0x50
[  113.293041][ T5146]  ? lockdep_hardirqs_on+0x98/0x140
[  113.293070][ T5146]  ? __pfx_kthread+0x10/0x10
[  113.293090][ T5146]  ret_from_fork+0x599/0xb30
[  113.293119][ T5146]  ? __pfx_ret_from_fork+0x10/0x10
[  113.293151][ T5146]  ? __switch_to_asm+0x39/0x70
[  113.293172][ T5146]  ? __switch_to_asm+0x33/0x70
[  113.293192][ T5146]  ? __pfx_kthread+0x10/0x10
[  113.293211][ T5146]  ret_from_fork_asm+0x1a/0x30
[  113.293242][ T5146]  </TASK>
[  113.293249][ T5146] 
[  113.510179][ T5146] Allocated by task 5843:
[  113.514620][ T5146]  kasan_save_track+0x3e/0x80
[  113.519690][ T5146]  __kasan_kmalloc+0x93/0xb0
[  113.524324][ T5146]  __kmalloc_cache_noprof+0x3e2/0x700
[  113.529832][ T5146]  __hci_conn_add+0x3c5/0x1b30
[  113.534643][ T5146]  le_conn_complete_evt+0x6f6/0x1420
[  113.540059][ T5146]  hci_le_enh_conn_complete_evt+0x189/0x4a0
[  113.546179][ T5146]  hci_event_packet+0x78f/0x1260
[  113.551181][ T5146]  hci_rx_work+0x3ee/0x1060
[  113.556187][ T5146]  process_one_work+0x93a/0x15a0
[  113.561170][ T5146]  worker_thread+0x9b0/0xee0
[  113.565803][ T5146]  kthread+0x711/0x8a0
[  113.569908][ T5146]  ret_from_fork+0x599/0xb30
[  113.574540][ T5146]  ret_from_fork_asm+0x1a/0x30
[  113.579354][ T5146] 
[  113.581801][ T5146] Freed by task 5843:
[  113.585990][ T5146]  kasan_save_track+0x3e/0x80
[  113.591348][ T5146]  kasan_save_free_info+0x46/0x50
[  113.596426][ T5146]  __kasan_slab_free+0x5c/0x80
[  113.601352][ T5146]  kfree+0x1c0/0x660
[  113.605294][ T5146]  device_release+0x9e/0x1d0
[  113.609991][ T5146]  kobject_put+0x228/0x570
[  113.614447][ T5146]  hci_conn_del+0xc36/0x1240
[  113.619334][ T5146]  hci_disconn_complete_evt+0x64e/0x950
[  113.625535][ T5146]  hci_event_packet+0x7e3/0x1260
[  113.630697][ T5146]  hci_rx_work+0x3ee/0x1060
[  113.635439][ T5146]  process_one_work+0x93a/0x15a0
[  113.640780][ T5146]  worker_thread+0x9b0/0xee0
[  113.645677][ T5146]  kthread+0x711/0x8a0
[  113.649959][ T5146]  ret_from_fork+0x599/0xb30
[  113.654598][ T5146]  ret_from_fork_asm+0x1a/0x30
[  113.659487][ T5146] 
[  113.661837][ T5146] The buggy address belongs to the object at ffff888032b94000
[  113.661837][ T5146]  which belongs to the cache kmalloc-8k of size 8192
[  113.676266][ T5146] The buggy address is located 16 bytes inside of
[  113.676266][ T5146]  freed 8192-byte region [ffff888032b94000, ffff888032b96000)
[  113.690602][ T5146] 
[  113.693047][ T5146] The buggy address belongs to the physical page:
[  113.699500][ T5146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32b90
[  113.709107][ T5146] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  113.717731][ T5146] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  113.725508][ T5146] page_type: f5(slab)
[  113.729698][ T5146] raw: 00fff00000000040 ffff88813fe27280 ffffea0000c9d000 dead000000000002
[  113.739187][ T5146] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  113.747822][ T5146] head: 00fff00000000040 ffff88813fe27280 ffffea0000c9d000 dead000000000002
[  113.757634][ T5146] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  113.766462][ T5146] head: 00fff00000000003 ffffea0000cae401 00000000ffffffff 00000000ffffffff
[  113.775254][ T5146] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  113.784181][ T5146] page dumped because: kasan: bad access detected
[  113.791235][ T5146] page_owner tracks the page as allocated
[  113.797504][ T5146] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5474, tgid 5474 (S30dbus), ts 59907210413, free_ts 59885438738
[  113.817877][ T5146]  post_alloc_hook+0x234/0x290
[  113.822681][ T5146]  get_page_from_freelist+0x2365/0x2440
[  113.828272][ T5146]  __alloc_frozen_pages_noprof+0x181/0x370
[  113.834473][ T5146]  alloc_pages_mpol+0x232/0x4a0
[  113.839541][ T5146]  allocate_slab+0x86/0x3b0
[  113.844177][ T5146]  ___slab_alloc+0xf2b/0x1960
[  113.849069][ T5146]  __slab_alloc+0x65/0x100
[  113.853522][ T5146]  __kmalloc_cache_noprof+0x41e/0x700
[  113.858938][ T5146]  tomoyo_init_log+0x111f/0x1f70
[  113.864037][ T5146]  tomoyo_supervisor+0x340/0x1480
[  113.869109][ T5146]  tomoyo_env_perm+0x149/0x1e0
[  113.873899][ T5146]  tomoyo_find_next_domain+0x15ce/0x1aa0
[  113.879561][ T5146]  tomoyo_bprm_check_security+0x11c/0x180
[  113.885560][ T5146]  security_bprm_check+0x89/0x270
[  113.890651][ T5146]  bprm_execve+0x887/0x1400
[  113.895465][ T5146]  do_execveat_common+0x510/0x6a0
[  113.900934][ T5146] page last free pid 5473 tgid 5473 stack trace:
[  113.907471][ T5146]  __free_frozen_pages+0xbc8/0xd30
[  113.912719][ T5146]  __put_partials+0x146/0x170
[  113.917987][ T5146]  put_cpu_partial+0x1f2/0x2d0
[  113.924172][ T5146]  __slab_free+0x288/0x2a0
[  113.928807][ T5146]  qlist_free_all+0x97/0x100
[  113.933533][ T5146]  kasan_quarantine_reduce+0x148/0x160
[  113.939397][ T5146]  __kasan_slab_alloc+0x22/0x80
[  113.944471][ T5146]  __kmalloc_node_track_caller_noprof+0x526/0x820
[  113.950936][ T5146]  krealloc_node_align_noprof+0x1ae/0x3a0
[  113.956800][ T5146]  ima_collect_measurement+0x4c5/0x8f0
[  113.962536][ T5146]  process_measurement+0x111e/0x1a70
[  113.968321][ T5146]  ima_file_check+0xd9/0x130
[  113.973070][ T5146]  security_file_post_open+0xbb/0x290
[  113.978860][ T5146]  path_openat+0x3456/0x3dd0
[  113.983726][ T5146]  do_filp_open+0x1fa/0x410
[  113.988373][ T5146]  do_sys_openat2+0x121/0x200
[  113.994114][ T5146] 
[  113.996464][ T5146] Memory state around the buggy address:
[  114.002310][ T5146]  ffff888032b93f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  114.011023][ T5146]  ffff888032b93f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  114.019302][ T5146] >ffff888032b94000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.028004][ T5146]                          ^
[  114.032716][ T5146]  ffff888032b94080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.041164][ T5146]  ffff888032b94100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  114.049340][ T5146] ==================================================================
[  114.063556][ T5146] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  114.071339][ T5146] CPU: 1 UID: 0 PID: 5146 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  114.081339][ T5146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  114.092588][ T5146] Workqueue: hci0 hci_cmd_sync_work
[  114.098294][ T5146] Call Trace:
[  114.101616][ T5146]  <TASK>
[  114.104596][ T5146]  dump_stack_lvl+0x99/0x250
[  114.109312][ T5146]  ? __asan_memcpy+0x40/0x70
[  114.113941][ T5146]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.119346][ T5146]  ? __pfx__printk+0x10/0x10
[  114.124070][ T5146]  vpanic+0x237/0x6d0
[  114.128270][ T5146]  ? __pfx_vpanic+0x10/0x10
[  114.133181][ T5146]  ? preempt_schedule+0xae/0xc0
[  114.138603][ T5146]  ? __pfx_preempt_schedule+0x10/0x10
[  114.144120][ T5146]  panic+0xb9/0xc0
[  114.148032][ T5146]  ? __pfx_panic+0x10/0x10
[  114.152667][ T5146]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  114.158704][ T5146]  ? is_module_address+0x17/0xf0
[  114.163794][ T5146]  ? hci_conn_drop+0x34/0x2b0
[  114.168688][ T5146]  check_panic_on_warn+0x89/0xb0
[  114.173735][ T5146]  ? hci_conn_drop+0x34/0x2b0
[  114.178630][ T5146]  end_report+0x6f/0x140
[  114.183327][ T5146]  kasan_report+0x129/0x150
[  114.188326][ T5146]  ? hci_conn_valid+0x21/0x230
[  114.193203][ T5146]  ? hci_conn_drop+0x34/0x2b0
[  114.198054][ T5146]  kasan_check_range+0x2b0/0x2c0
[  114.203152][ T5146]  hci_conn_drop+0x34/0x2b0
[  114.207799][ T5146]  ? __pfx_le_read_features_complete+0x10/0x10
[  114.214119][ T5146]  hci_cmd_sync_work+0x262/0x400
[  114.219099][ T5146]  ? process_one_work+0x868/0x15a0
[  114.224333][ T5146]  process_one_work+0x93a/0x15a0
[  114.229504][ T5146]  ? __pfx_process_one_work+0x10/0x10
[  114.234914][ T5146]  ? assign_work+0x3a1/0x410
[  114.239529][ T5146]  worker_thread+0x9b0/0xee0
[  114.244768][ T5146]  kthread+0x711/0x8a0
[  114.248962][ T5146]  ? __pfx_worker_thread+0x10/0x10
[  114.254124][ T5146]  ? __pfx_kthread+0x10/0x10
[  114.258870][ T5146]  ? _raw_spin_unlock_irq+0x23/0x50
[  114.264531][ T5146]  ? lockdep_hardirqs_on+0x98/0x140
[  114.269759][ T5146]  ? __pfx_kthread+0x10/0x10
[  114.274363][ T5146]  ret_from_fork+0x599/0xb30
[  114.279064][ T5146]  ? __pfx_ret_from_fork+0x10/0x10
[  114.284280][ T5146]  ? __switch_to_asm+0x39/0x70
[  114.289310][ T5146]  ? __switch_to_asm+0x33/0x70
[  114.294277][ T5146]  ? __pfx_kthread+0x10/0x10
[  114.299013][ T5146]  ret_from_fork_asm+0x1a/0x30
[  114.304158][ T5146]  </TASK>
[  114.307662][ T5146] Kernel Offset: disabled
[  114.312299][ T5146] Rebooting in 86400 seconds..