Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts.
2025/11/29 17:47:49 parsed 1 programs
[   92.786601][ T5832] cgroup: Unknown subsys name 'net'
[   92.923690][ T5832] cgroup: Unknown subsys name 'cpuset'
[   92.933776][ T5832] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   94.655001][ T5832] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.262312][   T10] cfg80211: failed to load regulatory.db
[   97.655912][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.664553][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.673076][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.681538][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.690193][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.820984][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   98.886500][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.900459][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.936579][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.945680][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.430170][ T5913] chnl_net:caif_netlink_parms(): no params data found
[  101.520205][ T5913] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.528179][ T5913] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.535558][ T5913] bridge_slave_0: entered allmulticast mode
[  101.543548][ T5913] bridge_slave_0: entered promiscuous mode
[  101.553128][ T5913] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.560808][ T5913] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.567995][ T5913] bridge_slave_1: entered allmulticast mode
[  101.575639][ T5913] bridge_slave_1: entered promiscuous mode
[  101.610797][ T5913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.623292][ T5913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.658960][ T5913] team0: Port device team_slave_0 added
[  101.667046][ T5913] team0: Port device team_slave_1 added
[  101.697451][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.704503][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.731630][ T5913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.745034][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.752221][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.778300][ T5913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.827537][ T5913] hsr_slave_0: entered promiscuous mode
[  101.834285][ T5913] hsr_slave_1: entered promiscuous mode
[  102.025583][ T5913] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.038636][ T5913] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.051969][ T5913] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.064389][ T5913] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.096971][ T5913] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.104307][ T5913] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.112548][ T5913] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.119803][ T5913] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.183214][ T5913] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.205592][ T1012] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.214182][ T1012] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.232961][ T5913] 8021q: adding VLAN 0 to HW filter on device team0
[  102.248055][  T156] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.255271][  T156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.270424][ T1012] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.277588][ T1012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.481945][ T5913] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.535122][ T5913] veth0_vlan: entered promiscuous mode
[  102.553268][ T5913] veth1_vlan: entered promiscuous mode
[  102.586706][ T5913] veth0_macvtap: entered promiscuous mode
[  102.597358][ T5913] veth1_macvtap: entered promiscuous mode
[  102.618581][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.637407][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.653171][ T1012] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.663832][ T1012] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.679826][ T1012] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.697811][ T1012] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.817898][ T1012] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.907529][ T1012] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.972417][ T1012] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.058722][ T1012] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/29 17:48:03 executed programs: 0
[  103.213144][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.224100][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.233005][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.242298][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.250174][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.441372][ T5939] chnl_net:caif_netlink_parms(): no params data found
[  103.531072][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.538333][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.546059][ T5939] bridge_slave_0: entered allmulticast mode
[  103.554167][ T5939] bridge_slave_0: entered promiscuous mode
[  103.563612][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.570938][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.578130][ T5939] bridge_slave_1: entered allmulticast mode
[  103.586131][ T5939] bridge_slave_1: entered promiscuous mode
[  103.627772][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.641753][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.685693][ T5939] team0: Port device team_slave_0 added
[  103.695063][ T5939] team0: Port device team_slave_1 added
[  103.730807][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.737798][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.763985][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.778183][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.785971][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  103.812541][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.870449][ T5939] hsr_slave_0: entered promiscuous mode
[  103.876970][ T5939] hsr_slave_1: entered promiscuous mode
[  103.883962][ T5939] debugfs: 'hsr0' already exists in 'hsr'
[  103.890135][ T5939] Cannot create hsr debugfs directory
[  105.341040][ T5848] Bluetooth: hci0: command tx timeout
[  105.380846][ T1012] bridge_slave_1: left allmulticast mode
[  105.386713][ T1012] bridge_slave_1: left promiscuous mode
[  105.394280][ T1012] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.406251][ T1012] bridge_slave_0: left allmulticast mode
[  105.414357][ T1012] bridge_slave_0: left promiscuous mode
[  105.420428][ T1012] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.655963][ T1012] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  105.668630][ T1012] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  105.679412][ T1012] bond0 (unregistering): Released all slaves
[  105.786148][ T1012] hsr_slave_0: left promiscuous mode
[  105.792685][ T1012] hsr_slave_1: left promiscuous mode
[  105.799286][ T1012] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.809074][ T1012] batman_adv: batadv0: Removing interface: batadv_slave_0
[  105.818408][ T1012] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.826492][ T1012] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.848887][ T1012] veth1_macvtap: left promiscuous mode
[  105.854959][ T1012] veth0_macvtap: left promiscuous mode
[  105.861181][ T1012] veth1_vlan: left promiscuous mode
[  105.866713][ T1012] veth0_vlan: left promiscuous mode
[  106.328901][ T1012] team0 (unregistering): Port device team_slave_1 removed
[  106.357472][ T1012] team0 (unregistering): Port device team_slave_0 removed
[  106.989264][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.003754][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.016138][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.028672][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.245826][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.289345][ T5939] 8021q: adding VLAN 0 to HW filter on device team0
[  107.307578][  T156] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.314807][  T156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.340878][  T156] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.348054][  T156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.420812][ T5848] Bluetooth: hci0: command tx timeout
[  107.637733][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.707302][ T5939] veth0_vlan: entered promiscuous mode
[  107.725527][ T5939] veth1_vlan: entered promiscuous mode
[  107.775806][ T5939] veth0_macvtap: entered promiscuous mode
[  107.791058][ T5939] veth1_macvtap: entered promiscuous mode
[  107.821025][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.843469][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.865534][   T66] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.885802][   T66] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.905569][   T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.935781][   T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.996805][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.008356][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.050578][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.059076][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/11/29 17:48:08 executed programs: 3
[  109.502009][ T5848] Bluetooth: hci0: command tx timeout
[  110.151045][ T5148] ==================================================================
[  110.159169][ T5148] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2b0
[  110.166648][ T5148] Write of size 4 at addr ffff88807b2a0010 by task kworker/u9:1/5148
[  110.174709][ T5148] 
[  110.177052][ T5148] CPU: 0 UID: 0 PID: 5148 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  110.177070][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  110.177081][ T5148] Workqueue: hci0 hci_cmd_sync_work
[  110.177112][ T5148] Call Trace:
[  110.177120][ T5148]  <TASK>
[  110.177128][ T5148]  dump_stack_lvl+0x189/0x250
[  110.177147][ T5148]  ? __virt_addr_valid+0x1c8/0x5c0
[  110.177167][ T5148]  ? rcu_is_watching+0x15/0xb0
[  110.177185][ T5148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.177202][ T5148]  ? rcu_is_watching+0x15/0xb0
[  110.177219][ T5148]  ? lock_release+0x4b/0x3b0
[  110.177236][ T5148]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  110.177253][ T5148]  ? __virt_addr_valid+0x1c8/0x5c0
[  110.177272][ T5148]  ? __virt_addr_valid+0x4a5/0x5c0
[  110.177292][ T5148]  print_report+0xca/0x240
[  110.177307][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  110.177325][ T5148]  kasan_report+0x118/0x150
[  110.177341][ T5148]  ? hci_conn_valid+0x21/0x230
[  110.177360][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  110.177381][ T5148]  kasan_check_range+0x2b0/0x2c0
[  110.177399][ T5148]  hci_conn_drop+0x34/0x2b0
[  110.177417][ T5148]  ? __pfx_le_read_features_complete+0x10/0x10
[  110.177433][ T5148]  hci_cmd_sync_work+0x262/0x400
[  110.177452][ T5148]  ? process_one_work+0x868/0x15a0
[  110.177465][ T5148]  process_one_work+0x93a/0x15a0
[  110.177479][ T5148]  ? do_raw_spin_unlock+0x122/0x240
[  110.177506][ T5148]  ? __pfx_process_one_work+0x10/0x10
[  110.177524][ T5148]  ? assign_work+0x3a1/0x410
[  110.177539][ T5148]  worker_thread+0x9b0/0xee0
[  110.177563][ T5148]  kthread+0x711/0x8a0
[  110.177582][ T5148]  ? __pfx_worker_thread+0x10/0x10
[  110.177597][ T5148]  ? __pfx_kthread+0x10/0x10
[  110.177615][ T5148]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.177629][ T5148]  ? lockdep_hardirqs_on+0x98/0x140
[  110.177645][ T5148]  ? __pfx_kthread+0x10/0x10
[  110.177663][ T5148]  ret_from_fork+0x599/0xb30
[  110.177678][ T5148]  ? __pfx_ret_from_fork+0x10/0x10
[  110.177695][ T5148]  ? __switch_to_asm+0x39/0x70
[  110.177713][ T5148]  ? __switch_to_asm+0x33/0x70
[  110.177731][ T5148]  ? __pfx_kthread+0x10/0x10
[  110.177749][ T5148]  ret_from_fork_asm+0x1a/0x30
[  110.177774][ T5148]  </TASK>
[  110.177780][ T5148] 
[  110.388993][ T5148] Allocated by task 5848:
[  110.393319][ T5148]  kasan_save_track+0x3e/0x80
[  110.398000][ T5148]  __kasan_kmalloc+0x93/0xb0
[  110.402949][ T5148]  __kmalloc_cache_noprof+0x3e2/0x700
[  110.408324][ T5148]  __hci_conn_add+0x3c5/0x1b30
[  110.413095][ T5148]  le_conn_complete_evt+0x6f6/0x1420
[  110.418389][ T5148]  hci_le_enh_conn_complete_evt+0x189/0x4a0
[  110.424326][ T5148]  hci_event_packet+0x78f/0x1260
[  110.429270][ T5148]  hci_rx_work+0x3ee/0x1060
[  110.433776][ T5148]  process_one_work+0x93a/0x15a0
[  110.438713][ T5148]  worker_thread+0x9b0/0xee0
[  110.443304][ T5148]  kthread+0x711/0x8a0
[  110.447383][ T5148]  ret_from_fork+0x599/0xb30
[  110.451970][ T5148]  ret_from_fork_asm+0x1a/0x30
[  110.456759][ T5148] 
[  110.459093][ T5148] Freed by task 5848:
[  110.463083][ T5148]  kasan_save_track+0x3e/0x80
[  110.467809][ T5148]  kasan_save_free_info+0x46/0x50
[  110.472842][ T5148]  __kasan_slab_free+0x5c/0x80
[  110.477610][ T5148]  kfree+0x1c0/0x660
[  110.481514][ T5148]  device_release+0x9e/0x1d0
[  110.486142][ T5148]  kobject_put+0x228/0x570
[  110.490564][ T5148]  hci_conn_del+0xc36/0x1240
[  110.495193][ T5148]  hci_disconn_complete_evt+0x64e/0x950
[  110.500742][ T5148]  hci_event_packet+0x7e3/0x1260
[  110.505680][ T5148]  hci_rx_work+0x3ee/0x1060
[  110.510192][ T5148]  process_one_work+0x93a/0x15a0
[  110.515140][ T5148]  worker_thread+0x9b0/0xee0
[  110.519731][ T5148]  kthread+0x711/0x8a0
[  110.523853][ T5148]  ret_from_fork+0x599/0xb30
[  110.528442][ T5148]  ret_from_fork_asm+0x1a/0x30
[  110.533243][ T5148] 
[  110.535574][ T5148] The buggy address belongs to the object at ffff88807b2a0000
[  110.535574][ T5148]  which belongs to the cache kmalloc-8k of size 8192
[  110.549631][ T5148] The buggy address is located 16 bytes inside of
[  110.549631][ T5148]  freed 8192-byte region [ffff88807b2a0000, ffff88807b2a2000)
[  110.563444][ T5148] 
[  110.565771][ T5148] The buggy address belongs to the physical page:
[  110.572275][ T5148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b2a0
[  110.581031][ T5148] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  110.589528][ T5148] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  110.597103][ T5148] page_type: f5(slab)
[  110.601128][ T5148] raw: 00fff00000000040 ffff88813fe27280 dead000000000122 0000000000000000
[  110.609711][ T5148] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  110.618295][ T5148] head: 00fff00000000040 ffff88813fe27280 dead000000000122 0000000000000000
[  110.626965][ T5148] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  110.635637][ T5148] head: 00fff00000000003 ffffea0001eca801 00000000ffffffff 00000000ffffffff
[  110.644321][ T5148] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  110.652990][ T5148] page dumped because: kasan: bad access detected
[  110.659409][ T5148] page_owner tracks the page as allocated
[  110.665135][ T5148] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5848, tgid 5848 (kworker/u9:2), ts 108134257211, free_ts 108012219828
[  110.686674][ T5148]  post_alloc_hook+0x234/0x290
[  110.691449][ T5148]  get_page_from_freelist+0x2365/0x2440
[  110.697001][ T5148]  __alloc_frozen_pages_noprof+0x181/0x370
[  110.702808][ T5148]  alloc_pages_mpol+0x232/0x4a0
[  110.707662][ T5148]  allocate_slab+0x86/0x3b0
[  110.712167][ T5148]  ___slab_alloc+0xf2b/0x1960
[  110.716844][ T5148]  __slab_alloc+0x65/0x100
[  110.721260][ T5148]  __kmalloc_cache_noprof+0x41e/0x700
[  110.726627][ T5148]  __hci_conn_add+0x3c5/0x1b30
[  110.731399][ T5148]  le_conn_complete_evt+0x6f6/0x1420
[  110.736690][ T5148]  hci_le_enh_conn_complete_evt+0x189/0x4a0
[  110.742608][ T5148]  hci_event_packet+0x78f/0x1260
[  110.747550][ T5148]  hci_rx_work+0x3ee/0x1060
[  110.752056][ T5148]  process_one_work+0x93a/0x15a0
[  110.756994][ T5148]  worker_thread+0x9b0/0xee0
[  110.761587][ T5148]  kthread+0x711/0x8a0
[  110.765672][ T5148] page last free pid 5999 tgid 5999 stack trace:
[  110.771991][ T5148]  __free_frozen_pages+0xbc8/0xd30
[  110.777116][ T5148]  __put_partials+0x146/0x170
[  110.781889][ T5148]  put_cpu_partial+0x1f2/0x2d0
[  110.786667][ T5148]  __slab_free+0x288/0x2a0
[  110.791087][ T5148]  qlist_free_all+0x97/0x100
[  110.795694][ T5148]  kasan_quarantine_reduce+0x148/0x160
[  110.801161][ T5148]  __kasan_slab_alloc+0x22/0x80
[  110.806013][ T5148]  kmem_cache_alloc_noprof+0x37d/0x710
[  110.811477][ T5148]  getname_flags+0xb8/0x540
[  110.815984][ T5148]  do_sys_openat2+0xbc/0x200
[  110.820578][ T5148]  __x64_sys_openat+0x138/0x170
[  110.825431][ T5148]  do_syscall_64+0xfa/0xf80
[  110.829937][ T5148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.835838][ T5148] 
[  110.838184][ T5148] Memory state around the buggy address:
[  110.843989][ T5148]  ffff88807b29ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.852063][ T5148]  ffff88807b29ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.860147][ T5148] >ffff88807b2a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.868365][ T5148]                          ^
[  110.872968][ T5148]  ffff88807b2a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.881028][ T5148]  ffff88807b2a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  110.889098][ T5148] ==================================================================
[  110.904795][ T5148] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  110.912077][ T5148] CPU: 0 UID: 0 PID: 5148 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) 
[  110.921570][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  110.931666][ T5148] Workqueue: hci0 hci_cmd_sync_work
[  110.936917][ T5148] Call Trace:
[  110.940224][ T5148]  <TASK>
[  110.943184][ T5148]  dump_stack_lvl+0x99/0x250
[  110.947807][ T5148]  ? __asan_memcpy+0x40/0x70
[  110.952424][ T5148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  110.957639][ T5148]  ? __pfx__printk+0x10/0x10
[  110.962254][ T5148]  vpanic+0x237/0x6d0
[  110.966259][ T5148]  ? __pfx_vpanic+0x10/0x10
[  110.970778][ T5148]  ? preempt_schedule+0xae/0xc0
[  110.975744][ T5148]  ? __pfx_preempt_schedule+0x10/0x10
[  110.981135][ T5148]  panic+0xb9/0xc0
[  110.984881][ T5148]  ? __pfx_panic+0x10/0x10
[  110.989341][ T5148]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  110.995256][ T5148]  ? is_module_address+0x17/0xf0
[  111.000214][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  111.004912][ T5148]  check_panic_on_warn+0x89/0xb0
[  111.009871][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  111.014585][ T5148]  end_report+0x6f/0x140
[  111.018845][ T5148]  kasan_report+0x129/0x150
[  111.023375][ T5148]  ? hci_conn_valid+0x21/0x230
[  111.028164][ T5148]  ? hci_conn_drop+0x34/0x2b0
[  111.032954][ T5148]  kasan_check_range+0x2b0/0x2c0
[  111.037907][ T5148]  hci_conn_drop+0x34/0x2b0
[  111.042429][ T5148]  ? __pfx_le_read_features_complete+0x10/0x10
[  111.048774][ T5148]  hci_cmd_sync_work+0x262/0x400
[  111.053732][ T5148]  ? process_one_work+0x868/0x15a0
[  111.058852][ T5148]  process_one_work+0x93a/0x15a0
[  111.063801][ T5148]  ? do_raw_spin_unlock+0x122/0x240
[  111.069063][ T5148]  ? __pfx_process_one_work+0x10/0x10
[  111.074545][ T5148]  ? assign_work+0x3a1/0x410
[  111.079158][ T5148]  worker_thread+0x9b0/0xee0
[  111.083772][ T5148]  kthread+0x711/0x8a0
[  111.087855][ T5148]  ? __pfx_worker_thread+0x10/0x10
[  111.092980][ T5148]  ? __pfx_kthread+0x10/0x10
[  111.097589][ T5148]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.102805][ T5148]  ? lockdep_hardirqs_on+0x98/0x140
[  111.108020][ T5148]  ? __pfx_kthread+0x10/0x10
[  111.112635][ T5148]  ret_from_fork+0x599/0xb30
[  111.117240][ T5148]  ? __pfx_ret_from_fork+0x10/0x10
[  111.122365][ T5148]  ? __switch_to_asm+0x39/0x70
[  111.127148][ T5148]  ? __switch_to_asm+0x33/0x70
[  111.131928][ T5148]  ? __pfx_kthread+0x10/0x10
[  111.136537][ T5148]  ret_from_fork_asm+0x1a/0x30
[  111.141321][ T5148]  </TASK>
[  111.144714][ T5148] Kernel Offset: disabled
[  111.149048][ T5148] Rebooting in 86400 seconds..