Warning: Permanently added '10.128.1.28' (ED25519) to the list of known hosts.
2025/11/29 14:32:21 parsed 1 programs
[   92.213073][ T5830] cgroup: Unknown subsys name 'net'
[   92.328575][ T5830] cgroup: Unknown subsys name 'cpuset'
[   92.338463][ T5830] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   94.116521][ T5830] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.243798][    T9] cfg80211: failed to load regulatory.db
[   97.303607][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.562105][ T4352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.570367][ T4352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.612006][ T4352] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.619923][ T4352] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.957387][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.966790][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.974959][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.987570][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.995992][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.512950][ T5904] chnl_net:caif_netlink_parms(): no params data found
[  100.603674][ T5904] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.611683][ T5904] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.618915][ T5904] bridge_slave_0: entered allmulticast mode
[  100.626626][ T5904] bridge_slave_0: entered promiscuous mode
[  100.636668][ T5904] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.644029][ T5904] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.651689][ T5904] bridge_slave_1: entered allmulticast mode
[  100.659028][ T5904] bridge_slave_1: entered promiscuous mode
[  100.695119][ T5904] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.709318][ T5904] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.748019][ T5904] team0: Port device team_slave_0 added
[  100.757208][ T5904] team0: Port device team_slave_1 added
[  100.791397][ T5904] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.798424][ T5904] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.824680][ T5904] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.837910][ T5904] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.845155][ T5904] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.871126][ T5904] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.919470][ T5904] hsr_slave_0: entered promiscuous mode
[  100.926313][ T5904] hsr_slave_1: entered promiscuous mode
[  101.119999][ T5904] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.134068][ T5904] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.146047][ T5904] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.160451][ T5904] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.200020][ T5904] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.208172][ T5904] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.216661][ T5904] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.223929][ T5904] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.290027][ T5904] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.309966][ T1340] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.318787][ T1340] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.338899][ T5904] 8021q: adding VLAN 0 to HW filter on device team0
[  101.353652][ T1305] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.361100][ T1305] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.379877][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.387149][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.591878][ T5904] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.640096][ T5904] veth0_vlan: entered promiscuous mode
[  101.655637][ T5904] veth1_vlan: entered promiscuous mode
[  101.688305][ T5904] veth0_macvtap: entered promiscuous mode
[  101.699091][ T5904] veth1_macvtap: entered promiscuous mode
[  101.720454][ T5904] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.737157][ T5904] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.754951][ T1340] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.765005][ T1340] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.777394][ T1340] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.786877][ T1340] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.968508][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.038827][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.108959][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.184866][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/29 14:32:35 executed programs: 0
[  103.014638][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.025042][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.033383][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.041975][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.050121][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.242939][ T5939] chnl_net:caif_netlink_parms(): no params data found
[  103.356477][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.365094][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.373042][ T5939] bridge_slave_0: entered allmulticast mode
[  103.380942][ T5939] bridge_slave_0: entered promiscuous mode
[  103.389866][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.397168][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.404689][ T5939] bridge_slave_1: entered allmulticast mode
[  103.412611][ T5939] bridge_slave_1: entered promiscuous mode
[  103.449529][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.462021][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.500401][ T5939] team0: Port device team_slave_0 added
[  103.508912][ T5939] team0: Port device team_slave_1 added
[  103.543036][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.550038][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.576492][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.590748][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.597911][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.623957][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.679856][ T5939] hsr_slave_0: entered promiscuous mode
[  103.686611][ T5939] hsr_slave_1: entered promiscuous mode
[  103.693992][ T5939] debugfs: 'hsr0' already exists in 'hsr'
[  103.699866][ T5939] Cannot create hsr debugfs directory
[  104.468208][   T12] bridge_slave_1: left allmulticast mode
[  104.474208][   T12] bridge_slave_1: left promiscuous mode
[  104.480955][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.495750][   T12] bridge_slave_0: left allmulticast mode
[  104.501583][   T12] bridge_slave_0: left promiscuous mode
[  104.507416][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.828806][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.842540][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.853625][   T12] bond0 (unregistering): Released all slaves
[  104.973732][   T12] hsr_slave_0: left promiscuous mode
[  104.985742][   T12] hsr_slave_1: left promiscuous mode
[  105.003687][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.013147][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  105.022493][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.041317][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.074406][   T12] veth1_macvtap: left promiscuous mode
[  105.080251][   T12] veth0_macvtap: left promiscuous mode
[  105.086926][   T52] Bluetooth: hci0: command tx timeout
[  105.088529][   T12] veth1_vlan: left promiscuous mode
[  105.098774][   T12] veth0_vlan: left promiscuous mode
[  105.566973][   T12] team0 (unregistering): Port device team_slave_1 removed
[  105.598479][   T12] team0 (unregistering): Port device team_slave_0 removed
[  106.194448][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.224676][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.238551][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.256458][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.564102][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.596873][ T5939] 8021q: adding VLAN 0 to HW filter on device team0
[  106.610956][ T4352] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.618248][ T4352] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.646607][ T1340] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.653818][ T1340] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.858262][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.909916][ T5939] veth0_vlan: entered promiscuous mode
[  106.922907][ T5939] veth1_vlan: entered promiscuous mode
[  106.954610][ T5939] veth0_macvtap: entered promiscuous mode
[  106.965827][ T5939] veth1_macvtap: entered promiscuous mode
[  106.989013][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.006136][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.020892][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.030333][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.040921][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.052007][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.118360][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.127617][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.160544][ T1340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.168990][   T52] Bluetooth: hci0: command tx timeout
[  107.177011][ T1340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/29 14:32:40 executed programs: 28
[  109.241516][   T52] Bluetooth: hci0: command tx timeout
[  109.247856][ T5148] ==================================================================
[  109.256153][ T5148] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0
[  109.264008][ T5148] Write of size 4 at addr ffff888078cf8010 by task kworker/u9:1/5148
[  109.272369][ T5148] 
[  109.274739][ T5148] CPU: 0 UID: 0 PID: 5148 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  109.274767][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  109.274783][ T5148] Workqueue: hci0 hci_cmd_sync_work
[  109.274820][ T5148] Call Trace:
[  109.274830][ T5148]  <TASK>
[  109.274839][ T5148]  dump_stack_lvl+0x189/0x250
[  109.274867][ T5148]  ? __virt_addr_valid+0x1c8/0x5c0
[  109.274896][ T5148]  ? rcu_is_watching+0x15/0xb0
[  109.274923][ T5148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.274948][ T5148]  ? rcu_is_watching+0x15/0xb0
[  109.274973][ T5148]  ? lock_release+0x4b/0x3b0
[  109.274994][ T5148]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  109.275018][ T5148]  ? __virt_addr_valid+0x1c8/0x5c0
[  109.275046][ T5148]  ? __virt_addr_valid+0x4a5/0x5c0
[  109.275076][ T5148]  print_report+0xca/0x240
[  109.275098][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  109.275124][ T5148]  kasan_report+0x118/0x150
[  109.275148][ T5148]  ? hci_conn_valid+0x21/0x230
[  109.275177][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  109.275207][ T5148]  kasan_check_range+0x2b0/0x2c0
[  109.275235][ T5148]  hci_conn_drop+0x34/0x2b0
[  109.275261][ T5148]  ? __pfx_le_read_features_complete+0x10/0x10
[  109.275286][ T5148]  hci_cmd_sync_work+0x262/0x400
[  109.275322][ T5148]  ? process_one_work+0x868/0x15a0
[  109.275343][ T5148]  process_one_work+0x93a/0x15a0
[  109.275375][ T5148]  ? __pfx_process_one_work+0x10/0x10
[  109.275400][ T5148]  ? assign_work+0x3a1/0x410
[  109.275422][ T5148]  worker_thread+0x9b0/0xee0
[  109.275457][ T5148]  kthread+0x711/0x8a0
[  109.275486][ T5148]  ? __pfx_worker_thread+0x10/0x10
[  109.275507][ T5148]  ? __pfx_kthread+0x10/0x10
[  109.275535][ T5148]  ? _raw_spin_unlock_irq+0x23/0x50
[  109.275555][ T5148]  ? lockdep_hardirqs_on+0x98/0x140
[  109.275578][ T5148]  ? __pfx_kthread+0x10/0x10
[  109.275605][ T5148]  ret_from_fork+0x599/0xb30
[  109.275627][ T5148]  ? __pfx_ret_from_fork+0x10/0x10
[  109.275651][ T5148]  ? __switch_to_asm+0x39/0x70
[  109.275679][ T5148]  ? __switch_to_asm+0x33/0x70
[  109.275706][ T5148]  ? __pfx_kthread+0x10/0x10
[  109.275733][ T5148]  ret_from_fork_asm+0x1a/0x30
[  109.275770][ T5148]  </TASK>
[  109.275777][ T5148] 
[  109.483004][ T5148] Allocated by task 52:
[  109.487162][ T5148]  kasan_save_track+0x3e/0x80
[  109.491851][ T5148]  __kasan_kmalloc+0x93/0xb0
[  109.496468][ T5148]  __kmalloc_cache_noprof+0x3e2/0x700
[  109.501851][ T5148]  __hci_conn_add+0x3c5/0x1b30
[  109.506645][ T5148]  le_conn_complete_evt+0x6f6/0x1420
[  109.512059][ T5148]  hci_le_enh_conn_complete_evt+0x189/0x4a0
[  109.517989][ T5148]  hci_event_packet+0x78f/0x1260
[  109.523050][ T5148]  hci_rx_work+0x3ee/0x1060
[  109.527581][ T5148]  process_one_work+0x93a/0x15a0
[  109.532634][ T5148]  worker_thread+0x9b0/0xee0
[  109.537253][ T5148]  kthread+0x711/0x8a0
[  109.541375][ T5148]  ret_from_fork+0x599/0xb30
[  109.545982][ T5148]  ret_from_fork_asm+0x1a/0x30
[  109.550810][ T5148] 
[  109.553239][ T5148] Freed by task 52:
[  109.557061][ T5148]  kasan_save_track+0x3e/0x80
[  109.561838][ T5148]  kasan_save_free_info+0x46/0x50
[  109.566998][ T5148]  __kasan_slab_free+0x5c/0x80
[  109.571795][ T5148]  kfree+0x1c0/0x660
[  109.575723][ T5148]  device_release+0x9e/0x1d0
[  109.580355][ T5148]  kobject_put+0x228/0x570
[  109.584873][ T5148]  hci_conn_del+0xc36/0x1240
[  109.589774][ T5148]  hci_disconn_complete_evt+0x64e/0x950
[  109.595591][ T5148]  hci_event_packet+0x7e3/0x1260
[  109.600534][ T5148]  hci_rx_work+0x3ee/0x1060
[  109.605042][ T5148]  process_one_work+0x93a/0x15a0
[  109.609995][ T5148]  worker_thread+0x9b0/0xee0
[  109.614596][ T5148]  kthread+0x711/0x8a0
[  109.618685][ T5148]  ret_from_fork+0x599/0xb30
[  109.623287][ T5148]  ret_from_fork_asm+0x1a/0x30
[  109.628070][ T5148] 
[  109.630402][ T5148] The buggy address belongs to the object at ffff888078cf8000
[  109.630402][ T5148]  which belongs to the cache kmalloc-8k of size 8192
[  109.644468][ T5148] The buggy address is located 16 bytes inside of
[  109.644468][ T5148]  freed 8192-byte region [ffff888078cf8000, ffff888078cfa000)
[  109.658285][ T5148] 
[  109.660620][ T5148] The buggy address belongs to the physical page:
[  109.667050][ T5148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78cf8
[  109.675828][ T5148] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  109.684366][ T5148] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  109.692019][ T5148] page_type: f5(slab)
[  109.696009][ T5148] raw: 00fff00000000040 ffff88813fe27280 dead000000000122 0000000000000000
[  109.704608][ T5148] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  109.713200][ T5148] head: 00fff00000000040 ffff88813fe27280 dead000000000122 0000000000000000
[  109.721907][ T5148] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  109.730605][ T5148] head: 00fff00000000003 ffffea0001e33e01 00000000ffffffff 00000000ffffffff
[  109.739292][ T5148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  109.748143][ T5148] page dumped because: kasan: bad access detected
[  109.754574][ T5148] page_owner tracks the page as allocated
[  109.760384][ T5148] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 52, tgid 52 (kworker/u9:0), ts 107227773947, free_ts 102420273609
[  109.781674][ T5148]  post_alloc_hook+0x234/0x290
[  109.786450][ T5148]  get_page_from_freelist+0x2365/0x2440
[  109.792010][ T5148]  __alloc_frozen_pages_noprof+0x181/0x370
[  109.797852][ T5148]  alloc_pages_mpol+0x232/0x4a0
[  109.802715][ T5148]  allocate_slab+0x86/0x3b0
[  109.807233][ T5148]  ___slab_alloc+0xf2b/0x1960
[  109.811933][ T5148]  __slab_alloc+0x65/0x100
[  109.816365][ T5148]  __kmalloc_cache_noprof+0x41e/0x700
[  109.821749][ T5148]  __hci_conn_add+0x3c5/0x1b30
[  109.826529][ T5148]  le_conn_complete_evt+0x6f6/0x1420
[  109.831827][ T5148]  hci_le_enh_conn_complete_evt+0x189/0x4a0
[  109.837765][ T5148]  hci_event_packet+0x78f/0x1260
[  109.842713][ T5148]  hci_rx_work+0x3ee/0x1060
[  109.847231][ T5148]  process_one_work+0x93a/0x15a0
[  109.852207][ T5148]  worker_thread+0x9b0/0xee0
[  109.856853][ T5148]  kthread+0x711/0x8a0
[  109.860950][ T5148] page last free pid 10 tgid 10 stack trace:
[  109.866939][ T5148]  __free_frozen_pages+0xbc8/0xd30
[  109.872070][ T5148]  kasan_depopulate_vmalloc_pte+0x6d/0x90
[  109.877806][ T5148]  __apply_to_page_range+0xb66/0x13d0
[  109.883193][ T5148]  __kasan_release_vmalloc+0xa2/0xd0
[  109.888493][ T5148]  purge_vmap_node+0x214/0x8d0
[  109.893275][ T5148]  __purge_vmap_area_lazy+0x77a/0xb00
[  109.898664][ T5148]  drain_vmap_area_work+0x27/0x40
[  109.903715][ T5148]  process_one_work+0x93a/0x15a0
[  109.908664][ T5148]  worker_thread+0x9b0/0xee0
[  109.913272][ T5148]  kthread+0x711/0x8a0
[  109.917359][ T5148]  ret_from_fork+0x599/0xb30
[  109.921965][ T5148]  ret_from_fork_asm+0x1a/0x30
[  109.926763][ T5148] 
[  109.929101][ T5148] Memory state around the buggy address:
[  109.934753][ T5148]  ffff888078cf7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  109.942994][ T5148]  ffff888078cf7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  109.951064][ T5148] >ffff888078cf8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.959166][ T5148]                          ^
[  109.963773][ T5148]  ffff888078cf8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.971845][ T5148]  ffff888078cf8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.979930][ T5148] ==================================================================
[  109.996739][ T5148] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  110.004006][ T5148] CPU: 0 UID: 0 PID: 5148 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  110.013500][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  110.023585][ T5148] Workqueue: hci0 hci_cmd_sync_work
[  110.028844][ T5148] Call Trace:
[  110.032157][ T5148]  <TASK>
[  110.035117][ T5148]  dump_stack_lvl+0x99/0x250
[  110.039754][ T5148]  ? __asan_memcpy+0x40/0x70
[  110.044393][ T5148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.049634][ T5148]  ? __pfx__printk+0x10/0x10
[  110.054280][ T5148]  vpanic+0x237/0x6d0
[  110.058302][ T5148]  ? __pfx_vpanic+0x10/0x10
[  110.062844][ T5148]  ? preempt_schedule+0xae/0xc0
[  110.067732][ T5148]  ? __pfx_preempt_schedule+0x10/0x10
[  110.073144][ T5148]  panic+0xb9/0xc0
[  110.076911][ T5148]  ? __pfx_panic+0x10/0x10
[  110.081373][ T5148]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  110.087396][ T5148]  ? is_module_address+0x17/0xf0
[  110.092368][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  110.097098][ T5148]  check_panic_on_warn+0x89/0xb0
[  110.102082][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  110.106862][ T5148]  end_report+0x6f/0x140
[  110.111228][ T5148]  kasan_report+0x129/0x150
[  110.115770][ T5148]  ? hci_conn_valid+0x21/0x230
[  110.120584][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  110.125400][ T5148]  kasan_check_range+0x2b0/0x2c0
[  110.130397][ T5148]  hci_conn_drop+0x34/0x2b0
[  110.135159][ T5148]  ? __pfx_le_read_features_complete+0x10/0x10
[  110.141717][ T5148]  hci_cmd_sync_work+0x262/0x400
[  110.146921][ T5148]  ? process_one_work+0x868/0x15a0
[  110.153528][ T5148]  process_one_work+0x93a/0x15a0
[  110.158791][ T5148]  ? __pfx_process_one_work+0x10/0x10
[  110.164418][ T5148]  ? assign_work+0x3a1/0x410
[  110.169325][ T5148]  worker_thread+0x9b0/0xee0
[  110.175286][ T5148]  kthread+0x711/0x8a0
[  110.179950][ T5148]  ? __pfx_worker_thread+0x10/0x10
[  110.185393][ T5148]  ? __pfx_kthread+0x10/0x10
[  110.190046][ T5148]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.195463][ T5148]  ? lockdep_hardirqs_on+0x98/0x140
[  110.200705][ T5148]  ? __pfx_kthread+0x10/0x10
[  110.205442][ T5148]  ret_from_fork+0x599/0xb30
[  110.210105][ T5148]  ? __pfx_ret_from_fork+0x10/0x10
[  110.215268][ T5148]  ? __switch_to_asm+0x39/0x70
[  110.220080][ T5148]  ? __switch_to_asm+0x33/0x70
[  110.224895][ T5148]  ? __pfx_kthread+0x10/0x10
[  110.229538][ T5148]  ret_from_fork_asm+0x1a/0x30
[  110.234356][ T5148]  </TASK>
[  110.237705][ T5148] Kernel Offset: disabled
[  110.242166][ T5148] Rebooting in 86400 seconds..