Warning: Permanently added '10.128.1.225' (ED25519) to the list of known hosts.
2025/11/29 15:31:28 parsed 1 programs
[   94.637841][ T5829] cgroup: Unknown subsys name 'net'
[   94.773046][ T5829] cgroup: Unknown subsys name 'cpuset'
[   94.783364][ T5829] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   96.703260][ T5829] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.306217][   T10] cfg80211: failed to load regulatory.db
[  100.187099][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  101.182477][ T3434] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.201107][ T3434] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.234477][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.243819][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.921540][ T5868] chnl_net:caif_netlink_parms(): no params data found
[  102.019945][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.027775][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.035625][ T5868] bridge_slave_0: entered allmulticast mode
[  102.043464][ T5868] bridge_slave_0: entered promiscuous mode
[  102.056725][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.064139][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.071440][ T5868] bridge_slave_1: entered allmulticast mode
[  102.078728][ T5868] bridge_slave_1: entered promiscuous mode
[  102.118090][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.132352][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.174013][ T5868] team0: Port device team_slave_0 added
[  102.183522][ T5868] team0: Port device team_slave_1 added
[  102.214150][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.221659][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.247679][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.261617][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.268615][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.294775][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.347145][ T5868] hsr_slave_0: entered promiscuous mode
[  102.354931][ T5868] hsr_slave_1: entered promiscuous mode
[  102.545998][ T5868] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.559402][ T5868] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.571032][ T5868] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.586826][ T5868] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.676925][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.704453][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[  102.719040][ T2136] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.726685][ T2136] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.747158][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.754410][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.957126][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.012932][ T5868] veth0_vlan: entered promiscuous mode
[  103.027702][ T5868] veth1_vlan: entered promiscuous mode
[  103.061501][ T5868] veth0_macvtap: entered promiscuous mode
[  103.072436][ T5868] veth1_macvtap: entered promiscuous mode
[  103.094720][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.110071][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.126313][ T3434] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.137537][ T3434] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.148169][ T3434] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.158165][ T3434] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.294111][ T3434] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.365416][ T3434] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.467488][ T3434] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.523152][ T3434] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.676676][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.685438][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.694489][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.704164][ T5147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.713348][ T5147] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/11/29 15:31:43 executed programs: 0
[  105.374621][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.385951][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.395064][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.403219][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.410999][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.592239][ T5939] chnl_net:caif_netlink_parms(): no params data found
[  105.678323][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.685787][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.693223][ T5939] bridge_slave_0: entered allmulticast mode
[  105.700703][ T5939] bridge_slave_0: entered promiscuous mode
[  105.709421][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.716834][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.725212][ T5939] bridge_slave_1: entered allmulticast mode
[  105.732946][ T5939] bridge_slave_1: entered promiscuous mode
[  105.770131][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.783154][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  105.822513][ T5939] team0: Port device team_slave_0 added
[  105.831160][ T5939] team0: Port device team_slave_1 added
[  105.863887][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.872146][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  105.898422][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.911711][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.918891][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  105.945341][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.034031][ T5939] hsr_slave_0: entered promiscuous mode
[  106.040624][ T5939] hsr_slave_1: entered promiscuous mode
[  106.046993][ T5939] debugfs: 'hsr0' already exists in 'hsr'
[  106.053030][ T5939] Cannot create hsr debugfs directory
[  106.123087][ T3434] bridge_slave_1: left allmulticast mode
[  106.139592][ T3434] bridge_slave_1: left promiscuous mode
[  106.146169][ T3434] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.163652][ T3434] bridge_slave_0: left allmulticast mode
[  106.169810][ T3434] bridge_slave_0: left promiscuous mode
[  106.175691][ T3434] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.537468][ T3434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.550906][ T3434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.561969][ T3434] bond0 (unregistering): Released all slaves
[  106.693679][ T3434] hsr_slave_0: left promiscuous mode
[  106.710526][ T3434] hsr_slave_1: left promiscuous mode
[  106.716921][ T3434] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.727742][ T3434] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.743776][ T3434] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.751323][ T3434] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.775640][ T3434] veth1_macvtap: left promiscuous mode
[  106.781746][ T3434] veth0_macvtap: left promiscuous mode
[  106.787570][ T3434] veth1_vlan: left promiscuous mode
[  106.793636][ T3434] veth0_vlan: left promiscuous mode
[  107.217656][ T3434] team0 (unregistering): Port device team_slave_1 removed
[  107.250803][ T3434] team0 (unregistering): Port device team_slave_0 removed
[  107.470483][ T5147] Bluetooth: hci0: command tx timeout
[  108.032047][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.047243][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.070410][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.085070][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.606707][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.659870][ T5939] 8021q: adding VLAN 0 to HW filter on device team0
[  108.695254][   T79] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.703162][   T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.740973][ T2987] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.748238][ T2987] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.945719][ T5939] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.314518][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.382348][ T5939] veth0_vlan: entered promiscuous mode
[  109.401532][ T5939] veth1_vlan: entered promiscuous mode
[  109.445203][ T5939] veth0_macvtap: entered promiscuous mode
[  109.457616][ T5939] veth1_macvtap: entered promiscuous mode
[  109.492440][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.510791][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.528205][ T3434] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.538749][ T3434] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.548498][ T5147] Bluetooth: hci0: command tx timeout
[  109.567081][ T3434] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.577512][ T3434] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.684128][ T2136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.701329][ T2136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.757618][ T2136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.767021][ T2136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/29 15:31:48 executed programs: 18
[  111.619744][ T5147] Bluetooth: hci0: command tx timeout
[  111.859977][   T52] ==================================================================
[  111.868382][   T52] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0
[  111.875967][   T52] Write of size 4 at addr ffff88802a458010 by task kworker/u9:0/52
[  111.884436][   T52] 
[  111.886876][   T52] CPU: 0 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  111.886895][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  111.886907][   T52] Workqueue: hci0 hci_cmd_sync_work
[  111.886938][   T52] Call Trace:
[  111.886947][   T52]  <TASK>
[  111.886954][   T52]  dump_stack_lvl+0x189/0x250
[  111.886970][   T52]  ? __virt_addr_valid+0x1c8/0x5c0
[  111.886987][   T52]  ? rcu_is_watching+0x15/0xb0
[  111.887002][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.887033][   T52]  ? rcu_is_watching+0x15/0xb0
[  111.887046][   T52]  ? lock_release+0x4b/0x3b0
[  111.887066][   T52]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  111.887088][   T52]  ? __virt_addr_valid+0x1c8/0x5c0
[  111.887104][   T52]  ? __virt_addr_valid+0x4a5/0x5c0
[  111.887120][   T52]  print_report+0xca/0x240
[  111.887136][   T52]  ? hci_conn_drop+0x34/0x2b0
[  111.887149][   T52]  kasan_report+0x118/0x150
[  111.887162][   T52]  ? hci_conn_valid+0x21/0x230
[  111.887176][   T52]  ? hci_conn_drop+0x34/0x2b0
[  111.887193][   T52]  kasan_check_range+0x2b0/0x2c0
[  111.887207][   T52]  hci_conn_drop+0x34/0x2b0
[  111.887221][   T52]  ? __pfx_le_read_features_complete+0x10/0x10
[  111.887241][   T52]  hci_cmd_sync_work+0x262/0x400
[  111.887264][   T52]  ? process_one_work+0x868/0x15a0
[  111.887284][   T52]  process_one_work+0x93a/0x15a0
[  111.887303][   T52]  ? do_raw_spin_unlock+0x122/0x240
[  111.887327][   T52]  ? __pfx_process_one_work+0x10/0x10
[  111.887349][   T52]  ? assign_work+0x3a1/0x410
[  111.887370][   T52]  worker_thread+0x9b0/0xee0
[  111.887400][   T52]  kthread+0x711/0x8a0
[  111.887416][   T52]  ? __pfx_worker_thread+0x10/0x10
[  111.887436][   T52]  ? __pfx_kthread+0x10/0x10
[  111.887451][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.887469][   T52]  ? lockdep_hardirqs_on+0x98/0x140
[  111.887489][   T52]  ? __pfx_kthread+0x10/0x10
[  111.887503][   T52]  ret_from_fork+0x599/0xb30
[  111.887523][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  111.887546][   T52]  ? __switch_to_asm+0x39/0x70
[  111.887560][   T52]  ? __switch_to_asm+0x33/0x70
[  111.887574][   T52]  ? __pfx_kthread+0x10/0x10
[  111.887589][   T52]  ret_from_fork_asm+0x1a/0x30
[  111.887610][   T52]  </TASK>
[  111.887616][   T52] 
[  112.106773][   T52] Allocated by task 5147:
[  112.111120][   T52]  kasan_save_track+0x3e/0x80
[  112.115913][   T52]  __kasan_kmalloc+0x93/0xb0
[  112.120525][   T52]  __kmalloc_cache_noprof+0x3e2/0x700
[  112.125917][   T52]  __hci_conn_add+0x3c5/0x1b30
[  112.130692][   T52]  le_conn_complete_evt+0x6f6/0x1420
[  112.136439][   T52]  hci_le_enh_conn_complete_evt+0x189/0x4a0
[  112.142365][   T52]  hci_event_packet+0x78f/0x1260
[  112.149101][   T52]  hci_rx_work+0x3ee/0x1060
[  112.153925][   T52]  process_one_work+0x93a/0x15a0
[  112.159085][   T52]  worker_thread+0x9b0/0xee0
[  112.163743][   T52]  kthread+0x711/0x8a0
[  112.168003][   T52]  ret_from_fork+0x599/0xb30
[  112.172919][   T52]  ret_from_fork_asm+0x1a/0x30
[  112.177759][   T52] 
[  112.180121][   T52] Freed by task 5147:
[  112.184676][   T52]  kasan_save_track+0x3e/0x80
[  112.189647][   T52]  kasan_save_free_info+0x46/0x50
[  112.194883][   T52]  __kasan_slab_free+0x5c/0x80
[  112.199803][   T52]  kfree+0x1c0/0x660
[  112.204081][   T52]  device_release+0x9e/0x1d0
[  112.209067][   T52]  kobject_put+0x228/0x570
[  112.213698][   T52]  hci_conn_del+0xc36/0x1240
[  112.218495][   T52]  hci_disconn_complete_evt+0x64e/0x950
[  112.224422][   T52]  hci_event_packet+0x7e3/0x1260
[  112.229387][   T52]  hci_rx_work+0x3ee/0x1060
[  112.233931][   T52]  process_one_work+0x93a/0x15a0
[  112.238903][   T52]  worker_thread+0x9b0/0xee0
[  112.243544][   T52]  kthread+0x711/0x8a0
[  112.247651][   T52]  ret_from_fork+0x599/0xb30
[  112.252277][   T52]  ret_from_fork_asm+0x1a/0x30
[  112.257089][   T52] 
[  112.259606][   T52] The buggy address belongs to the object at ffff88802a458000
[  112.259606][   T52]  which belongs to the cache kmalloc-8k of size 8192
[  112.274579][   T52] The buggy address is located 16 bytes inside of
[  112.274579][   T52]  freed 8192-byte region [ffff88802a458000, ffff88802a45a000)
[  112.289193][   T52] 
[  112.292097][   T52] The buggy address belongs to the physical page:
[  112.299961][   T52] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a458
[  112.309812][   T52] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  112.319656][   T52] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  112.327424][   T52] page_type: f5(slab)
[  112.331713][   T52] raw: 00fff00000000040 ffff88813fe27280 ffffea0001f3dc00 0000000000000004
[  112.341558][   T52] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  112.350625][   T52] head: 00fff00000000040 ffff88813fe27280 ffffea0001f3dc00 0000000000000004
[  112.359334][   T52] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  112.368088][   T52] head: 00fff00000000003 ffffea0000a91601 00000000ffffffff 00000000ffffffff
[  112.376989][   T52] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  112.385770][   T52] page dumped because: kasan: bad access detected
[  112.392566][   T52] page_owner tracks the page as allocated
[  112.398465][   T52] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5676, tgid 5676 (sh), ts 72865810075, free_ts 72469750694
[  112.419200][   T52]  post_alloc_hook+0x234/0x290
[  112.424644][   T52]  get_page_from_freelist+0x2365/0x2440
[  112.430513][   T52]  __alloc_frozen_pages_noprof+0x181/0x370
[  112.436346][   T52]  alloc_pages_mpol+0x232/0x4a0
[  112.441214][   T52]  allocate_slab+0x86/0x3b0
[  112.445835][   T52]  ___slab_alloc+0xf2b/0x1960
[  112.450710][   T52]  __slab_alloc+0x65/0x100
[  112.455229][   T52]  __kmalloc_cache_noprof+0x41e/0x700
[  112.460726][   T52]  tomoyo_init_log+0x111f/0x1f70
[  112.465800][   T52]  tomoyo_supervisor+0x340/0x1480
[  112.470950][   T52]  tomoyo_env_perm+0x149/0x1e0
[  112.475741][   T52]  tomoyo_find_next_domain+0x15ce/0x1aa0
[  112.481556][   T52]  tomoyo_bprm_check_security+0x11c/0x180
[  112.487575][   T52]  security_bprm_check+0x89/0x270
[  112.492790][   T52]  bprm_execve+0x887/0x1400
[  112.497310][   T52]  do_execveat_common+0x510/0x6a0
[  112.502383][   T52] page last free pid 5671 tgid 5671 stack trace:
[  112.508767][   T52]  __free_frozen_pages+0xbc8/0xd30
[  112.514070][   T52]  __slab_free+0x21b/0x2a0
[  112.518513][   T52]  qlist_free_all+0x97/0x100
[  112.523138][   T52]  kasan_quarantine_reduce+0x148/0x160
[  112.528800][   T52]  __kasan_slab_alloc+0x22/0x80
[  112.533667][   T52]  __kmalloc_noprof+0x3cf/0x800
[  112.539231][   T52]  tomoyo_realpath_from_path+0xe3/0x5d0
[  112.544806][   T52]  tomoyo_path_perm+0x213/0x4b0
[  112.550034][   T52]  security_inode_getattr+0x12f/0x330
[  112.555438][   T52]  __x64_sys_newfstat+0xfc/0x200
[  112.560543][   T52]  do_syscall_64+0xfa/0xf80
[  112.565072][   T52]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.570988][   T52] 
[  112.573421][   T52] Memory state around the buggy address:
[  112.579358][   T52]  ffff88802a457f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  112.587998][   T52]  ffff88802a457f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  112.596272][   T52] >ffff88802a458000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.604708][   T52]                          ^
[  112.609720][   T52]  ffff88802a458080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.617900][   T52]  ffff88802a458100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.626536][   T52] ==================================================================
[  112.638505][   T52] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  112.646129][   T52] CPU: 0 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  112.657832][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  112.669324][   T52] Workqueue: hci0 hci_cmd_sync_work
[  112.674921][   T52] Call Trace:
[  112.678426][   T52]  <TASK>
[  112.681397][   T52]  dump_stack_lvl+0x99/0x250
[  112.686086][   T52]  ? __asan_memcpy+0x40/0x70
[  112.690700][   T52]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.695999][   T52]  ? __pfx__printk+0x10/0x10
[  112.700826][   T52]  vpanic+0x237/0x6d0
[  112.704939][   T52]  ? __pfx_vpanic+0x10/0x10
[  112.709463][   T52]  ? preempt_schedule+0xae/0xc0
[  112.714389][   T52]  ? __pfx_preempt_schedule+0x10/0x10
[  112.720140][   T52]  panic+0xb9/0xc0
[  112.723992][   T52]  ? __pfx_panic+0x10/0x10
[  112.728426][   T52]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  112.734448][   T52]  ? is_module_address+0x17/0xf0
[  112.739688][   T52]  ? hci_conn_drop+0x34/0x2b0
[  112.744410][   T52]  check_panic_on_warn+0x89/0xb0
[  112.749484][   T52]  ? hci_conn_drop+0x34/0x2b0
[  112.754339][   T52]  end_report+0x6f/0x140
[  112.758724][   T52]  kasan_report+0x129/0x150
[  112.763345][   T52]  ? hci_conn_valid+0x21/0x230
[  112.768221][   T52]  ? hci_conn_drop+0x34/0x2b0
[  112.773096][   T52]  kasan_check_range+0x2b0/0x2c0
[  112.778165][   T52]  hci_conn_drop+0x34/0x2b0
[  112.782715][   T52]  ? __pfx_le_read_features_complete+0x10/0x10
[  112.788911][   T52]  hci_cmd_sync_work+0x262/0x400
[  112.794126][   T52]  ? process_one_work+0x868/0x15a0
[  112.799359][   T52]  process_one_work+0x93a/0x15a0
[  112.804350][   T52]  ? do_raw_spin_unlock+0x122/0x240
[  112.809575][   T52]  ? __pfx_process_one_work+0x10/0x10
[  112.815021][   T52]  ? assign_work+0x3a1/0x410
[  112.819633][   T52]  worker_thread+0x9b0/0xee0
[  112.824253][   T52]  kthread+0x711/0x8a0
[  112.828371][   T52]  ? __pfx_worker_thread+0x10/0x10
[  112.833507][   T52]  ? __pfx_kthread+0x10/0x10
[  112.838199][   T52]  ? _raw_spin_unlock_irq+0x23/0x50
[  112.843506][   T52]  ? lockdep_hardirqs_on+0x98/0x140
[  112.848971][   T52]  ? __pfx_kthread+0x10/0x10
[  112.853610][   T52]  ret_from_fork+0x599/0xb30
[  112.858401][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  112.863943][   T52]  ? __switch_to_asm+0x39/0x70
[  112.868910][   T52]  ? __switch_to_asm+0x33/0x70
[  112.874178][   T52]  ? __pfx_kthread+0x10/0x10
[  112.878908][   T52]  ret_from_fork_asm+0x1a/0x30
[  112.884507][   T52]  </TASK>
[  112.888124][   T52] Kernel Offset: disabled
[  112.892906][   T52] Rebooting in 86400 seconds..