Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts.
[  101.457659][    T9] cfg80211: failed to load regulatory.db
2025/12/04 17:49:57 parsed 1 programs
[  108.634216][ T5838] cgroup: Unknown subsys name 'net'
[  108.806391][ T5838] cgroup: Unknown subsys name 'cpuset'
[  108.816187][ T5838] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  110.547805][ T5838] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  113.006342][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  116.833263][ T5895] chnl_net:caif_netlink_parms(): no params data found
[  116.925663][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.933638][ T5895] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.940796][ T5895] bridge_slave_0: entered allmulticast mode
[  116.948653][ T5895] bridge_slave_0: entered promiscuous mode
[  116.958640][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.966063][ T5895] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.973271][ T5895] bridge_slave_1: entered allmulticast mode
[  116.980740][ T5895] bridge_slave_1: entered promiscuous mode
[  117.019203][ T5895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  117.031367][ T5895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  117.071189][ T5895] team0: Port device team_slave_0 added
[  117.079392][ T5895] team0: Port device team_slave_1 added
[  117.112039][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_0
[  117.118975][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  117.146847][ T5895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.160008][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.167902][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  117.193827][ T5895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  117.246913][ T5895] hsr_slave_0: entered promiscuous mode
[  117.254024][ T5895] hsr_slave_1: entered promiscuous mode
[  117.434442][ T5895] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  117.449000][ T5895] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  117.460331][ T5895] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  117.473403][ T5895] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  117.511512][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.518768][ T5895] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.526764][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.533903][ T5895] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.597320][ T5895] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.619808][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.628752][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.647582][ T5895] 8021q: adding VLAN 0 to HW filter on device team0
[  117.662143][  T146] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.669294][  T146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.686009][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.693169][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.923171][ T5895] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.975286][ T5895] veth0_vlan: entered promiscuous mode
[  117.988027][ T5895] veth1_vlan: entered promiscuous mode
[  118.022008][ T5895] veth0_macvtap: entered promiscuous mode
[  118.033053][ T5895] veth1_macvtap: entered promiscuous mode
[  118.054386][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.070327][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.087957][  T146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.099844][  T146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.111057][  T146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.121313][  T146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.303044][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.375377][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.440458][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.560308][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.823054][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.831201][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.866701][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.876374][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.038779][ T5932] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.046706][ T5932] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.054981][ T5932] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.063369][ T5932] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.071115][ T5932] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/12/04 17:50:13 executed programs: 0
[  119.700893][ T5932] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.709406][ T5932] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.717972][ T5932] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.729407][ T5932] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.737809][ T5932] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.950012][ T5942] chnl_net:caif_netlink_parms(): no params data found
[  120.046778][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.054043][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.061209][ T5942] bridge_slave_0: entered allmulticast mode
[  120.069354][ T5942] bridge_slave_0: entered promiscuous mode
[  120.078837][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.086090][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.093305][ T5942] bridge_slave_1: entered allmulticast mode
[  120.100850][ T5942] bridge_slave_1: entered promiscuous mode
[  120.138802][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.151066][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.192139][ T5942] team0: Port device team_slave_0 added
[  120.200470][ T5942] team0: Port device team_slave_1 added
[  120.237312][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.244500][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.271343][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.284197][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.291171][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.318447][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.377429][ T5942] hsr_slave_0: entered promiscuous mode
[  120.384583][ T5942] hsr_slave_1: entered promiscuous mode
[  120.390835][ T5942] debugfs: 'hsr0' already exists in 'hsr'
[  120.396812][ T5942] Cannot create hsr debugfs directory
[  120.944030][   T13] bridge_slave_1: left allmulticast mode
[  120.949814][   T13] bridge_slave_1: left promiscuous mode
[  120.958979][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.975528][   T13] bridge_slave_0: left allmulticast mode
[  120.981214][   T13] bridge_slave_0: left promiscuous mode
[  120.987538][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.346718][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  121.358589][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  121.368888][   T13] bond0 (unregistering): Released all slaves
[  121.535743][   T13] hsr_slave_0: left promiscuous mode
[  121.551568][   T13] hsr_slave_1: left promiscuous mode
[  121.559998][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.573358][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.594141][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.601581][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.645719][   T13] veth1_macvtap: left promiscuous mode
[  121.651466][   T13] veth0_macvtap: left promiscuous mode
[  121.658541][   T13] veth1_vlan: left promiscuous mode
[  121.664415][   T13] veth0_vlan: left promiscuous mode
[  121.772864][ T5932] Bluetooth: hci0: command tx timeout
[  122.140855][   T13] team0 (unregistering): Port device team_slave_1 removed
[  122.175676][   T13] team0 (unregistering): Port device team_slave_0 removed
[  122.653643][ T5942] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  122.666541][ T5942] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  122.678785][ T5942] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  122.691208][ T5942] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  122.809598][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.120188][ T5942] 8021q: adding VLAN 0 to HW filter on device team0
[  123.195065][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.202281][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.218723][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.225892][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.549998][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.601231][ T5942] veth0_vlan: entered promiscuous mode
[  123.624614][ T5942] veth1_vlan: entered promiscuous mode
[  123.677515][ T5942] veth0_macvtap: entered promiscuous mode
[  123.688274][ T5942] veth1_macvtap: entered promiscuous mode
[  123.709864][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.724692][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.744089][ T1144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.754600][ T1144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.764719][ T1144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.775787][ T1144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.840284][  T146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.853055][ T5932] Bluetooth: hci0: command tx timeout
[  123.860426][  T146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.889946][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.898668][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/12/04 17:50:18 executed programs: 32
[  125.932617][ T5932] Bluetooth: hci0: command tx timeout
[  126.012515][   T52] ==================================================================
[  126.020625][   T52] BUG: KASAN: slab-use-after-free in le_read_features_complete+0x5b/0x340
[  126.029146][   T52] Write of size 4 at addr ffff8880796b0010 by task kworker/u9:0/52
[  126.037032][   T52] 
[  126.039343][   T52] CPU: 0 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  126.039374][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  126.039393][   T52] Workqueue: hci0 hci_cmd_sync_work
[  126.039438][   T52] Call Trace:
[  126.039448][   T52]  <TASK>
[  126.039459][   T52]  dump_stack_lvl+0x116/0x1f0
[  126.039504][   T52]  print_report+0xcd/0x630
[  126.039539][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.039573][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.039605][   T52]  ? __phys_addr+0xe8/0x180
[  126.039633][   T52]  ? le_read_features_complete+0x5b/0x340
[  126.039678][   T52]  kasan_report+0xe0/0x110
[  126.039715][   T52]  ? le_read_features_complete+0x5b/0x340
[  126.039766][   T52]  kasan_check_range+0x100/0x1b0
[  126.039809][   T52]  le_read_features_complete+0x5b/0x340
[  126.039856][   T52]  hci_cmd_sync_work+0x1ff/0x430
[  126.039900][   T52]  ? __pfx_le_read_features_complete+0x10/0x10
[  126.039949][   T52]  process_one_work+0x9ba/0x1b20
[  126.039995][   T52]  ? __pfx_process_one_work+0x10/0x10
[  126.040034][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.040071][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.040103][   T52]  ? assign_work+0x1a0/0x250
[  126.040140][   T52]  worker_thread+0x6c8/0xf10
[  126.040191][   T52]  ? __pfx_worker_thread+0x10/0x10
[  126.040229][   T52]  kthread+0x3c5/0x780
[  126.040265][   T52]  ? __pfx_kthread+0x10/0x10
[  126.040300][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.040333][   T52]  ? rcu_is_watching+0x12/0xc0
[  126.040363][   T52]  ? __pfx_kthread+0x10/0x10
[  126.040399][   T52]  ret_from_fork+0x983/0xb10
[  126.040427][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  126.040457][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.040489][   T52]  ? __switch_to+0x7af/0x10d0
[  126.040523][   T52]  ? __pfx_kthread+0x10/0x10
[  126.040559][   T52]  ret_from_fork_asm+0x1a/0x30
[  126.040606][   T52]  </TASK>
[  126.040615][   T52] 
[  126.226507][   T52] Allocated by task 5932:
[  126.230816][   T52]  kasan_save_stack+0x33/0x60
[  126.235493][   T52]  kasan_save_track+0x14/0x30
[  126.240168][   T52]  __kasan_kmalloc+0xaa/0xb0
[  126.244753][   T52]  __hci_conn_add+0xf8/0x1c70
[  126.249431][   T52]  hci_conn_add_unset+0x76/0x100
[  126.254372][   T52]  le_conn_complete_evt+0x639/0x1f20
[  126.259677][   T52]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  126.265571][   T52]  hci_le_meta_evt+0x357/0x5e0
[  126.270340][   T52]  hci_event_packet+0x685/0x11c0
[  126.275273][   T52]  hci_rx_work+0x2c9/0xeb0
[  126.279688][   T52]  process_one_work+0x9ba/0x1b20
[  126.284650][   T52]  worker_thread+0x6c8/0xf10
[  126.289244][   T52]  kthread+0x3c5/0x780
[  126.293308][   T52]  ret_from_fork+0x983/0xb10
[  126.297890][   T52]  ret_from_fork_asm+0x1a/0x30
[  126.302657][   T52] 
[  126.304963][   T52] Freed by task 5932:
[  126.308921][   T52]  kasan_save_stack+0x33/0x60
[  126.313597][   T52]  kasan_save_track+0x14/0x30
[  126.318271][   T52]  __kasan_save_free_info+0x3b/0x60
[  126.323457][   T52]  __kasan_slab_free+0x5f/0x80
[  126.328221][   T52]  kfree+0x2f8/0x6e0
[  126.332124][   T52]  device_release+0xa4/0x240
[  126.336709][   T52]  kobject_put+0x1e7/0x590
[  126.341114][   T52]  device_unregister+0x2f/0xc0
[  126.345878][   T52]  hci_conn_del_sysfs+0xb4/0x180
[  126.350822][   T52]  hci_conn_del+0x657/0x1180
[  126.355414][   T52]  hci_disconn_complete_evt+0x410/0xa00
[  126.360974][   T52]  hci_event_packet+0xa10/0x11c0
[  126.365913][   T52]  hci_rx_work+0x2c9/0xeb0
[  126.370331][   T52]  process_one_work+0x9ba/0x1b20
[  126.375270][   T52]  worker_thread+0x6c8/0xf10
[  126.379864][   T52]  kthread+0x3c5/0x780
[  126.383934][   T52]  ret_from_fork+0x983/0xb10
[  126.388517][   T52]  ret_from_fork_asm+0x1a/0x30
[  126.393287][   T52] 
[  126.395593][   T52] The buggy address belongs to the object at ffff8880796b0000
[  126.395593][   T52]  which belongs to the cache kmalloc-8k of size 8192
[  126.409639][   T52] The buggy address is located 16 bytes inside of
[  126.409639][   T52]  freed 8192-byte region [ffff8880796b0000, ffff8880796b2000)
[  126.423441][   T52] 
[  126.425754][   T52] The buggy address belongs to the physical page:
[  126.432145][   T52] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x796b0
[  126.440899][   T52] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  126.449393][   T52] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  126.457368][   T52] page_type: f5(slab)
[  126.461341][   T52] raw: 00fff00000000040 ffff88813ff27280 0000000000000000 0000000000000001
[  126.469919][   T52] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  126.478500][   T52] head: 00fff00000000040 ffff88813ff27280 0000000000000000 0000000000000001
[  126.487169][   T52] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  126.495836][   T52] head: 00fff00000000003 ffffea0001e5ac01 00000000ffffffff 00000000ffffffff
[  126.504501][   T52] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  126.513161][   T52] page dumped because: kasan: bad access detected
[  126.519556][   T52] page_owner tracks the page as allocated
[  126.525251][   T52] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5657, tgid 5657 (dhcpcd-run-hook), ts 79819636908, free_ts 79814310558
[  126.546095][   T52]  post_alloc_hook+0x1af/0x220
[  126.550876][   T52]  get_page_from_freelist+0xd0b/0x31a0
[  126.556345][   T52]  __alloc_frozen_pages_noprof+0x25f/0x2440
[  126.562233][   T52]  alloc_pages_mpol+0x1fb/0x550
[  126.567084][   T52]  new_slab+0x2c3/0x430
[  126.571241][   T52]  ___slab_alloc+0xe18/0x1c90
[  126.575927][   T52]  __slab_alloc.constprop.0+0x63/0x110
[  126.581423][   T52]  __kmalloc_cache_noprof+0x477/0x800
[  126.586835][   T52]  tomoyo_init_log+0xc8a/0x2140
[  126.591707][   T52]  tomoyo_supervisor+0x302/0x13b0
[  126.596764][   T52]  tomoyo_env_perm+0x191/0x200
[  126.601534][   T52]  tomoyo_find_next_domain+0xec1/0x20b0
[  126.607091][   T52]  tomoyo_bprm_check_security+0x12d/0x1d0
[  126.612843][   T52]  security_bprm_check+0x1b9/0x1e0
[  126.617980][   T52]  bprm_execve+0x81e/0x1620
[  126.622486][   T52]  do_execveat_common.isra.0+0x4a5/0x610
[  126.628124][   T52] page last free pid 5657 tgid 5657 stack trace:
[  126.634436][   T52]  __free_frozen_pages+0x7df/0x1160
[  126.639647][   T52]  __put_partials+0x130/0x170
[  126.644334][   T52]  qlist_free_all+0x4c/0xf0
[  126.648834][   T52]  kasan_quarantine_reduce+0x195/0x1e0
[  126.654287][   T52]  __kasan_slab_alloc+0x69/0x90
[  126.659138][   T52]  __kmalloc_cache_noprof+0x274/0x800
[  126.664520][   T52]  tomoyo_init_log+0x197/0x2140
[  126.669362][   T52]  tomoyo_supervisor+0x302/0x13b0
[  126.674382][   T52]  tomoyo_env_perm+0x191/0x200
[  126.679162][   T52]  tomoyo_find_next_domain+0xec1/0x20b0
[  126.684709][   T52]  tomoyo_bprm_check_security+0x12d/0x1d0
[  126.690430][   T52]  security_bprm_check+0x1b9/0x1e0
[  126.695551][   T52]  bprm_execve+0x81e/0x1620
[  126.700079][   T52]  do_execveat_common.isra.0+0x4a5/0x610
[  126.705744][   T52]  __x64_sys_execve+0x8e/0xb0
[  126.710425][   T52]  do_syscall_64+0xcd/0xf80
[  126.714922][   T52] 
[  126.717228][   T52] Memory state around the buggy address:
[  126.722841][   T52]  ffff8880796aff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  126.730908][   T52]  ffff8880796aff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  126.738968][   T52] >ffff8880796b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.747017][   T52]                          ^
[  126.751588][   T52]  ffff8880796b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.759636][   T52]  ffff8880796b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.767680][   T52] ==================================================================
[  126.781219][   T52] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  126.788961][   T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[  126.798265][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  126.808331][   T52] Workqueue: hci0 hci_cmd_sync_work
[  126.813749][   T52] Call Trace:
[  126.817012][   T52]  <TASK>
[  126.819927][   T52]  dump_stack_lvl+0x3d/0x1f0
[  126.824527][   T52]  vpanic+0x640/0x6f0
[  126.828511][   T52]  panic+0xca/0xd0
[  126.832228][   T52]  ? __pfx_panic+0x10/0x10
[  126.836639][   T52]  ? le_read_features_complete+0x5b/0x340
[  126.842371][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.848002][   T52]  ? preempt_schedule_thunk+0x16/0x30
[  126.853387][   T52]  end_report+0x13f/0x160
[  126.857726][   T52]  kasan_report+0xee/0x110
[  126.862146][   T52]  ? le_read_features_complete+0x5b/0x340
[  126.867889][   T52]  kasan_check_range+0x100/0x1b0
[  126.872845][   T52]  le_read_features_complete+0x5b/0x340
[  126.878446][   T52]  hci_cmd_sync_work+0x1ff/0x430
[  126.883427][   T52]  ? __pfx_le_read_features_complete+0x10/0x10
[  126.889641][   T52]  process_one_work+0x9ba/0x1b20
[  126.894641][   T52]  ? __pfx_process_one_work+0x10/0x10
[  126.900107][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.905777][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.911439][   T52]  ? assign_work+0x1a0/0x250
[  126.916067][   T52]  worker_thread+0x6c8/0xf10
[  126.920700][   T52]  ? __pfx_worker_thread+0x10/0x10
[  126.925824][   T52]  kthread+0x3c5/0x780
[  126.929904][   T52]  ? __pfx_kthread+0x10/0x10
[  126.934496][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.940132][   T52]  ? rcu_is_watching+0x12/0xc0
[  126.944893][   T52]  ? __pfx_kthread+0x10/0x10
[  126.949506][   T52]  ret_from_fork+0x983/0xb10
[  126.954107][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  126.959220][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  126.964850][   T52]  ? __switch_to+0x7af/0x10d0
[  126.969536][   T52]  ? __pfx_kthread+0x10/0x10
[  126.974134][   T52]  ret_from_fork_asm+0x1a/0x30
[  126.978922][   T52]  </TASK>
[  126.982242][   T52] Kernel Offset: disabled
[  126.986559][   T52] Rebooting in 86400 seconds..