[  411.118103][ T4953] Bluetooth: hci1: command 0x1003 tx timeout
[  411.118113][ T5332] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  413.197973][ T4953] Bluetooth: hci1: command 0x1003 tx timeout
[  413.208013][ T5332] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  413.230947][ T5953] Bluetooth: hci1: sending frame failed (-49)
[  413.237416][ T5332] Bluetooth: hci1: Opcode 0x1003 failed: -49
Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts.
[  415.124742][ T4953] Bluetooth: hci2: sending frame failed (-49)
[  415.131387][ T5953] Bluetooth: hci2: Opcode 0x1003 failed: -49
[  415.184266][   T10] Bluetooth: hci2: Frame reassembly failed (-84)
[  415.357996][ T5332] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  416.087124][   T10] hsr_slave_0: left promiscuous mode
[  416.092938][   T10] hsr_slave_1: left promiscuous mode
[  416.098685][   T10] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  416.106071][   T10] batman_adv: batadv0: Removing interface: batadv_slave_0
[  416.114412][   T10] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  416.122016][   T10] batman_adv: batadv0: Removing interface: batadv_slave_1
[  416.130642][   T10] bridge_slave_1: left allmulticast mode
[  416.136358][   T10] bridge_slave_1: left promiscuous mode
[  416.142084][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.150252][   T10] bridge_slave_0: left allmulticast mode
[  416.155870][   T10] bridge_slave_0: left promiscuous mode
[  416.161904][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.171524][   T10] veth1_macvtap: left promiscuous mode
[  416.177011][   T10] veth0_macvtap: left promiscuous mode
[  416.182583][   T10] veth1_vlan: left promiscuous mode
[  416.187833][   T10] veth0_vlan: left promiscuous mode
[  416.244185][   T10] team0 (unregistering): Port device team_slave_1 removed
[  416.257052][   T10] team0 (unregistering): Port device team_slave_0 removed
[  416.267073][   T10] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  416.279449][   T10] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  416.307665][   T10] bond0 (unregistering): Released all slaves
[  417.198069][ T5332] Bluetooth: hci2: command 0x1003 tx timeout
[  417.205587][ T5953] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  417.224562][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  419.277966][ T4953] Bluetooth: hci0: command 0x1003 tx timeout
[  419.278021][ T5953] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  419.301599][ T5332] Bluetooth: hci0: sending frame failed (-49)
[  419.308112][ T5953] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  419.351733][ T6068] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  419.354202][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  419.363450][ T6068] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  419.363456][ T6068] CPU: 1 PID: 6068 Comm: syz-executor567 Not tainted 6.3.0-syzkaller #0
[  419.363461][ T6068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[  419.363464][ T6068] RIP: 0010:hci_uart_tty_ioctl+0x1d6/0xaa0
[  419.363474][ T6068] Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b0 07 00 00 48 8b 9b b8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 4d 07 00 00 44 8b 23 e9 31 ff
[  419.363479][ T6068] RSP: 0018:ffffc9000b53fd28 EFLAGS: 00010256
[  419.363484][ T6068] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff864c3135
[  419.435895][ T6068] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880293c34b8
[  419.443839][ T6068] RBP: ffff8880293c3418 R08: 0000000000000000 R09: ffff8880293c341f
[  419.451780][ T6068] R10: ffffed1005278683 R11: 0000000000080001 R12: ffff888078069000
[  419.459723][ T6068] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffffffffea
[  419.467666][ T6068] FS:  00007f212b604700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  419.476570][ T6068] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  419.483135][ T6068] CR2: 00007ffc5a58a8f0 CR3: 0000000027042000 CR4: 0000000000350ee0
[  419.491085][ T6068] Call Trace:
[  419.494342][ T6068]  <TASK>
[  419.497253][ T6068]  tty_ioctl+0x548/0x1280
[  419.501570][ T6068]  ? tty_release_struct+0xd0/0xd0
[  419.506576][ T6068]  ? lock_downgrade+0x690/0x690
[  419.511395][ T6068]  ? __ct_user_enter+0xf9/0x130
[  419.516213][ T6068]  ? lock_downgrade+0x690/0x690
[  419.521033][ T6068]  ? __fget_files+0x1bf/0x3c0
[  419.525675][ T6068]  __x64_sys_ioctl+0x11f/0x190
[  419.530405][ T6068]  do_syscall_64+0x35/0xb0
[  419.534785][ T6068]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  419.540645][ T6068] RIP: 0033:0x7f212b673ed9
[  419.545024][ T6068] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  419.564685][ T6068] RSP: 002b:00007f212b604318 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  419.573061][ T6068] RAX: ffffffffffffffda RBX: 00007f212b6fc3f8 RCX: 00007f212b673ed9
[  419.581083][ T6068] RDX: 0000000000000000 RSI: 00000000800455c9 RDI: 0000000000000003
[  419.589021][ T6068] RBP: 00007f212b6fc3f0 R08: 00007f212b604700 R09: 0000000000000000
[  419.596954][ T6068] R10: 00007f212b604700 R11: 0000000000000246 R12: 6d74702f7665642f
[  419.604894][ T6068] R13: 00007ffc5a48d87f R14: 00007f212b604400 R15: 0000000000022000
[  419.612833][ T6068]  </TASK>
[  419.615817][ T6068] Modules linked in:
[  419.619805][ T6068] ---[ end trace 0000000000000000 ]---
[  419.625246][ T6068] RIP: 0010:hci_uart_tty_ioctl+0x1d6/0xaa0
[  419.631055][ T6068] Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b0 07 00 00 48 8b 9b b8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 4d 07 00 00 44 8b 23 e9 31 ff
[  419.650685][ T6068] RSP: 0018:ffffc9000b53fd28 EFLAGS: 00010256
[  419.656738][ T6068] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff864c3135
[  419.664720][ T6068] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8880293c34b8
[  419.672706][ T6068] RBP: ffff8880293c3418 R08: 0000000000000000 R09: ffff8880293c341f
[  419.680672][ T6068] R10: ffffed1005278683 R11: 0000000000080001 R12: ffff888078069000
[  419.688640][ T6068] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffffffffea
[  419.696593][ T6068] FS:  00007f212b604700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
[  419.705615][ T6068] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  419.712194][ T6068] CR2: 00007ffc5a58a8f0 CR3: 0000000027042000 CR4: 0000000000350ee0
[  419.720267][ T6068] Kernel panic - not syncing: Fatal exception
[  419.727180][ T6068] Kernel Offset: disabled
[  419.731478][ T6068] Rebooting in 86400 seconds..