Warning: Permanently added '10.128.1.209' (ED25519) to the list of known hosts.
2026/02/13 01:24:35 parsed 1 programs
[ 68.893860][ T5822] cgroup: Unknown subsys name 'net'
[ 68.989147][ T5822] cgroup: Unknown subsys name 'cpuset'
[ 68.997446][ T5822] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 70.357816][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 71.293546][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.300128][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.976407][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 74.959427][ T5877] chnl_net:caif_netlink_parms(): no params data found
[ 75.063129][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.071310][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.078709][ T5877] bridge_slave_0: entered allmulticast mode
[ 75.086503][ T5877] bridge_slave_0: entered promiscuous mode
[ 75.095362][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.102730][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.110023][ T5877] bridge_slave_1: entered allmulticast mode
[ 75.121514][ T5877] bridge_slave_1: entered promiscuous mode
[ 75.160286][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 75.172423][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 75.203563][ T5877] team0: Port device team_slave_0 added
[ 75.211770][ T5877] team0: Port device team_slave_1 added
[ 75.237301][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 75.244285][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.270292][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 75.284823][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 75.292210][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 75.318183][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 75.359925][ T5877] hsr_slave_0: entered promiscuous mode
[ 75.367003][ T5877] hsr_slave_1: entered promiscuous mode
[ 75.508115][ T5877] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.520083][ T5877] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.530119][ T5877] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.540513][ T5877] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.570540][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.577747][ T5877] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.585562][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.592757][ T5877] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.653404][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.672463][ T117] bridge0: port 1(bridge_slave_0) entered disabled state
[ 75.681076][ T117] bridge0: port 2(bridge_slave_1) entered disabled state
[ 75.696703][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.710394][ T63] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.717522][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.732256][ T63] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.739391][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.905467][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.957794][ T5877] veth0_vlan: entered promiscuous mode
[ 75.970647][ T5877] veth1_vlan: entered promiscuous mode
[ 76.005021][ T5877] veth0_macvtap: entered promiscuous mode
[ 76.016731][ T5877] veth1_macvtap: entered promiscuous mode
[ 76.039719][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 76.055340][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 76.073574][ T488] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.084660][ T488] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.095300][ T488] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.104852][ T488] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.241203][ T488] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.301206][ T488] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.376200][ T488] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.438492][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 76.447574][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 76.455580][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 76.456974][ T488] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.464680][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 76.481236][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 77.148561][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 77.160888][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 77.188589][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 77.196560][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/02/13 01:24:46 executed programs: 0
[ 77.638622][ T5142] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 77.649530][ T5142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 77.657619][ T5142] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 77.665418][ T5142] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 77.673257][ T5142] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 77.810042][ T5934] chnl_net:caif_netlink_parms(): no params data found
[ 77.884990][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.893002][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.900320][ T5934] bridge_slave_0: entered allmulticast mode
[ 77.907758][ T5934] bridge_slave_0: entered promiscuous mode
[ 77.916082][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.923748][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.931392][ T5934] bridge_slave_1: entered allmulticast mode
[ 77.938798][ T5934] bridge_slave_1: entered promiscuous mode
[ 77.969880][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.983832][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.016196][ T5934] team0: Port device team_slave_0 added
[ 78.024423][ T5934] team0: Port device team_slave_1 added
[ 78.051156][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.058488][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.084581][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.098195][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.105132][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.131209][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.176621][ T5934] hsr_slave_0: entered promiscuous mode
[ 78.183313][ T5934] hsr_slave_1: entered promiscuous mode
[ 78.190188][ T5934] debugfs: 'hsr0' already exists in 'hsr'
[ 78.196329][ T5934] Cannot create hsr debugfs directory
[ 79.093132][ T488] bridge_slave_1: left allmulticast mode
[ 79.099718][ T488] bridge_slave_1: left promiscuous mode
[ 79.105971][ T488] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.118541][ T488] bridge_slave_0: left allmulticast mode
[ 79.124177][ T488] bridge_slave_0: left promiscuous mode
[ 79.130008][ T488] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.273683][ T488] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 79.284700][ T488] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 79.295622][ T488] bond0 (unregistering): Released all slaves
[ 79.394561][ T488] hsr_slave_0: left promiscuous mode
[ 79.400833][ T488] hsr_slave_1: left promiscuous mode
[ 79.407324][ T488] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 79.414701][ T488] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 79.437138][ T488] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 79.444563][ T488] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 79.460504][ T488] veth1_macvtap: left promiscuous mode
[ 79.466477][ T488] veth0_macvtap: left promiscuous mode
[ 79.472152][ T488] veth1_vlan: left promiscuous mode
[ 79.478007][ T488] veth0_vlan: left promiscuous mode
[ 79.688941][ T51] Bluetooth: hci0: command tx timeout
[ 79.784481][ T488] team0 (unregistering): Port device team_slave_1 removed
[ 79.807382][ T488] team0 (unregistering): Port device team_slave_0 removed
[ 80.170287][ T5934] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 80.186764][ T5934] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 80.199330][ T5934] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 80.221572][ T5934] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 80.603539][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.643221][ T5934] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.677156][ T117] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.684381][ T117] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.711840][ T117] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.719131][ T117] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.142940][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.219328][ T5934] veth0_vlan: entered promiscuous mode
[ 81.243574][ T5934] veth1_vlan: entered promiscuous mode
[ 81.279275][ T5934] veth0_macvtap: entered promiscuous mode
[ 81.293795][ T5934] veth1_macvtap: entered promiscuous mode
[ 81.315965][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.332130][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.348146][ T63] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.358245][ T63] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.370866][ T63] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.380724][ T63] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.436221][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.444112][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.468413][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.476548][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.517837][ T51] ==================================================================
[ 81.525935][ T51] BUG: KASAN: stack-out-of-bounds in l2cap_send_cmd+0x2a3/0xb90
[ 81.533603][ T51] Read of size 22 at addr ffffc90000bb7540 by task kworker/u9:0/51
[ 81.541481][ T51]
[ 81.543818][ T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full)
[ 81.543835][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 81.543845][ T51] Workqueue: hci0 hci_rx_work
[ 81.543872][ T51] Call Trace:
[ 81.543878][ T51]
[ 81.543887][ T51] dump_stack_lvl+0xe8/0x150
[ 81.543907][ T51] print_report+0xba/0x230
[ 81.543925][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 81.543940][ T51] kasan_report+0x117/0x150
[ 81.543955][ T51] ? trace_kmem_cache_alloc+0x29/0xf0
[ 81.543976][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 81.543993][ T51] kasan_check_range+0x264/0x2c0
[ 81.544008][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 81.544024][ T51] __asan_memcpy+0x29/0x70
[ 81.544043][ T51] l2cap_send_cmd+0x2a3/0xb90
[ 81.544062][ T51] l2cap_recv_frame+0xd352/0x10110
[ 81.544081][ T51] ? lock_release+0x4b/0x3d0
[ 81.544097][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 81.544116][ T51] ? unwind_next_frame+0xa5/0x23c0
[ 81.544134][ T51] ? rcu_is_watching+0x15/0xb0
[ 81.544152][ T51] ? lock_release+0x4b/0x3d0
[ 81.544167][ T51] ? unwind_next_frame+0x1aaf/0x23c0
[ 81.544188][ T51] ? unwind_next_frame+0xa5/0x23c0
[ 81.544205][ T51] ? unwind_next_frame+0x1aaf/0x23c0
[ 81.544226][ T51] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 81.544243][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 81.544261][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 81.544280][ T51] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 81.544298][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 81.544318][ T51] ? stack_trace_save+0xa9/0x100
[ 81.544331][ T51] ? __pfx_stack_trace_save+0x10/0x10
[ 81.544345][ T51] ? check_path+0x21/0x40
[ 81.544362][ T51] ? check_noncircular+0xda/0x150
[ 81.544381][ T51] ? add_lock_to_list+0xc7/0x100
[ 81.544400][ T51] ? lockdep_unlock+0x5d/0xd0
[ 81.544414][ T51] ? __lock_acquire+0x146e/0x2cf0
[ 81.544436][ T51] ? __mutex_trylock_common+0x158/0x260
[ 81.544462][ T51] ? __pfx___mutex_trylock_common+0x10/0x10
[ 81.544482][ T51] ? rcu_is_watching+0x15/0xb0
[ 81.544500][ T51] ? trace_contention_end+0x3d/0x150
[ 81.544519][ T51] ? __mutex_lock+0x319/0x1300
[ 81.544537][ T51] ? l2cap_recv_acldata+0x2e3/0x13e0
[ 81.544555][ T51] ? l2cap_recv_acldata+0x30b/0x13e0
[ 81.544571][ T51] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 81.544587][ T51] ? __pfx___mutex_lock+0x10/0x10
[ 81.544602][ T51] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 81.544617][ T51] ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[ 81.544636][ T51] ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[ 81.544655][ T51] ? l2cap_recv_acldata+0x41/0x13e0
[ 81.544674][ T51] l2cap_recv_acldata+0x7e9/0x13e0
[ 81.544693][ T51] hci_rx_work+0x4f9/0x1040
[ 81.544712][ T51] ? process_one_work+0x87c/0x1650
[ 81.544728][ T51] process_one_work+0x949/0x1650
[ 81.544748][ T51] ? do_raw_spin_unlock+0xf5/0x210
[ 81.544764][ T51] ? __pfx_process_one_work+0x10/0x10
[ 81.544779][ T51] ? do_raw_spin_lock+0x12b/0x2f0
[ 81.544797][ T51] worker_thread+0xb46/0x1140
[ 81.544822][ T51] kthread+0x388/0x470
[ 81.544835][ T51] ? __pfx_worker_thread+0x10/0x10
[ 81.544851][ T51] ? __pfx_kthread+0x10/0x10
[ 81.544863][ T51] ret_from_fork+0x51e/0xb90
[ 81.544882][ T51] ? __pfx_ret_from_fork+0x10/0x10
[ 81.544898][ T51] ? __switch_to+0xc7d/0x1450
[ 81.544914][ T51] ? __pfx_kthread+0x10/0x10
[ 81.544926][ T51] ret_from_fork_asm+0x1a/0x30
[ 81.544950][ T51]
[ 81.544955][ T51]
[ 81.879878][ T51] The buggy address belongs to stack of task kworker/u9:0/51
[ 81.887232][ T51] and is located at offset 128 in frame:
[ 81.892928][ T51] l2cap_recv_frame+0x0/0x10110
[ 81.897879][ T51]
[ 81.900187][ T51] This frame has 26 objects:
[ 81.904928][ T51] [32, 34) 'rsp.i238.i.i'
[ 81.904939][ T51] [48, 88) 'chan.i.i.i'
[ 81.909333][ T51] [128, 146) 'pdu_u.i.i.i'
[ 81.913564][ T51] [192, 202) 'rsp.i94.i.i'
[ 81.918051][ T51] [224, 226) 'rsp.i.i.i111'
[ 81.922532][ T51] [240, 242) 'rej.i'
[ 81.927106][ T51] [256, 258) 'rej.i145.i'
[ 81.931069][ T51] [272, 274) 'rej.i143.i'
[ 81.935465][ T51] [288, 290) 'req.i229.i.i'
[ 81.939864][ T51] [304, 312) 'buf.i222.i.i'
[ 81.944433][ T51] [336, 348) 'buf29.i.i.i'
[ 81.949002][ T51] [368, 372) 'rsp49.i.i.i'
[ 81.953482][ T51] [384, 393) 'rfc.i.i118.i.i'
[ 81.957965][ T51] [416, 480) 'buf.i119.i.i'
[ 81.962711][ T51] [512, 576) 'req.i120.i.i'
[ 81.967279][ T51] [608, 617) 'rfc.i.i.i.i'
[ 81.971848][ T51] [640, 656) 'efs.i.i.i.i'
[ 81.976343][ T51] [672, 678) 'rej.i371.i.i.i'
[ 81.980852][ T51] [704, 710) 'rej.i.i.i.i'
[ 81.985607][ T51] [736, 800) 'rsp.i.i.i'
[ 81.990105][ T51] [832, 896) 'buf.i.i.i'
[ 81.994440][ T51] [928, 1056) 'req.i.i.i'
[ 81.998748][ T51] [1088, 1096) 'rsp.i.i.i.i'
[ 82.003143][ T51] [1120, 1122) 'info.i.i.i.i'
[ 82.007806][ T51] [1136, 1264) 'buf.i.i.i.i'
[ 82.012546][ T51] [1296, 1298) 'rej.i.i'
[ 82.017201][ T51]
[ 82.023803][ T51] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90000bb0000 allocated at copy_process+0x508/0x3cf0
[ 82.036739][ T51] The buggy address belongs to the physical page:
[ 82.043149][ T51] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bfb7
[ 82.051899][ T51] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 82.059003][ T51] raw: 00fff00000000000 ffffea00006fedc8 ffffea00006fedc8 0000000000000000
[ 82.067570][ T51] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 82.076131][ T51] page dumped because: kasan: bad access detected
[ 82.082531][ T51] page_owner tracks the page as allocated
[ 82.088228][ T51] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 3588401951, free_ts 0
[ 82.106024][ T51] post_alloc_hook+0x231/0x280
[ 82.110797][ T51] get_page_from_freelist+0x24dc/0x2580
[ 82.116332][ T51] __alloc_frozen_pages_noprof+0x18d/0x380
[ 82.122147][ T51] __alloc_pages_noprof+0xa/0x30
[ 82.127072][ T51] __vmalloc_node_range_noprof+0x7be/0x1730
[ 82.132959][ T51] __vmalloc_node_noprof+0xc2/0x100
[ 82.138148][ T51] dup_task_struct+0x228/0x9a0
[ 82.142898][ T51] copy_process+0x508/0x3cf0
[ 82.147477][ T51] kernel_clone+0x248/0x8e0
[ 82.151966][ T51] kernel_thread+0x13f/0x1b0
[ 82.156551][ T51] kthreadd+0x4ec/0x6e0
[ 82.160696][ T51] ret_from_fork+0x51e/0xb90
[ 82.165270][ T51] ret_from_fork_asm+0x1a/0x30
[ 82.170030][ T51] page_owner free stack trace missing
[ 82.175382][ T51]
[ 82.177696][ T51] Memory state around the buggy address:
[ 82.183314][ T51] ffffc90000bb7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 82.191445][ T51] ffffc90000bb7480: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f2 f8 f8
[ 82.199491][ T51] >ffffc90000bb7500: f8 f8 f8 f2 f2 f2 f2 f2 00 00 02 f2 f2 f2 f2 f2
[ 82.207533][ T51] ^
[ 82.214184][ T51] ffffc90000bb7580: f8 f8 f2 f2 f8 f2 f8 f2 f8 f2 f8 f2 f8 f2 f8 f2
[ 82.222227][ T51] ffffc90000bb7600: f2 f2 f8 f8 f2 f2 f8 f2 f8 f8 f2 f2 f8 f8 f8 f8
[ 82.230273][ T51] ==================================================================
[ 82.246179][ T51] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 82.253393][ T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full)
[ 82.262672][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 82.272724][ T51] Workqueue: hci0 hci_rx_work
[ 82.277409][ T51] Call Trace:
[ 82.280683][ T51]
[ 82.283611][ T51] vpanic+0x56c/0xa60
[ 82.287605][ T51] ? __pfx_vpanic+0x10/0x10
[ 82.292122][ T51] panic+0xc5/0xd0
[ 82.295848][ T51] ? __pfx_panic+0x10/0x10
[ 82.300269][ T51] ? preempt_schedule_thunk+0x16/0x30
[ 82.305639][ T51] ? preempt_schedule_thunk+0x16/0x30
[ 82.311017][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 82.315880][ T51] check_panic_on_warn+0x89/0xb0
[ 82.320913][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 82.325760][ T51] end_report+0x73/0x180
[ 82.329999][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 82.334847][ T51] kasan_report+0x128/0x150
[ 82.339344][ T51] ? trace_kmem_cache_alloc+0x29/0xf0
[ 82.344722][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 82.349576][ T51] kasan_check_range+0x264/0x2c0
[ 82.354510][ T51] ? l2cap_send_cmd+0x2a3/0xb90
[ 82.359360][ T51] __asan_memcpy+0x29/0x70
[ 82.363782][ T51] l2cap_send_cmd+0x2a3/0xb90
[ 82.368466][ T51] l2cap_recv_frame+0xd352/0x10110
[ 82.373578][ T51] ? lock_release+0x4b/0x3d0
[ 82.378167][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 82.383108][ T51] ? unwind_next_frame+0xa5/0x23c0
[ 82.388221][ T51] ? rcu_is_watching+0x15/0xb0
[ 82.392987][ T51] ? lock_release+0x4b/0x3d0
[ 82.397581][ T51] ? unwind_next_frame+0x1aaf/0x23c0
[ 82.402876][ T51] ? unwind_next_frame+0xa5/0x23c0
[ 82.407990][ T51] ? unwind_next_frame+0x1aaf/0x23c0
[ 82.413290][ T51] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 82.418668][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 82.423617][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 82.428564][ T51] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 82.434719][ T51] ? ret_from_fork_asm+0x1a/0x30
[ 82.439664][ T51] ? stack_trace_save+0xa9/0x100
[ 82.444602][ T51] ? __pfx_stack_trace_save+0x10/0x10
[ 82.449971][ T51] ? check_path+0x21/0x40
[ 82.454302][ T51] ? check_noncircular+0xda/0x150
[ 82.459330][ T51] ? add_lock_to_list+0xc7/0x100
[ 82.464275][ T51] ? lockdep_unlock+0x5d/0xd0
[ 82.468949][ T51] ? __lock_acquire+0x146e/0x2cf0
[ 82.473984][ T51] ? __mutex_trylock_common+0x158/0x260
[ 82.479532][ T51] ? __pfx___mutex_trylock_common+0x10/0x10
[ 82.485437][ T51] ? rcu_is_watching+0x15/0xb0
[ 82.490200][ T51] ? trace_contention_end+0x3d/0x150
[ 82.495496][ T51] ? __mutex_lock+0x319/0x1300
[ 82.500272][ T51] ? l2cap_recv_acldata+0x2e3/0x13e0
[ 82.505579][ T51] ? l2cap_recv_acldata+0x30b/0x13e0
[ 82.510881][ T51] ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 82.516597][ T51] ? __pfx___mutex_lock+0x10/0x10
[ 82.521611][ T51] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 82.527579][ T51] ? l2cap_conn_hold_unless_zero+0x179/0x2b0
[ 82.533554][ T51] ? __pfx_l2cap_conn_hold_unless_zero+0x10/0x10
[ 82.539872][ T51] ? l2cap_recv_acldata+0x41/0x13e0
[ 82.545059][ T51] l2cap_recv_acldata+0x7e9/0x13e0
[ 82.550161][ T51] hci_rx_work+0x4f9/0x1040
[ 82.554655][ T51] ? process_one_work+0x87c/0x1650
[ 82.559757][ T51] process_one_work+0x949/0x1650
[ 82.564686][ T51] ? do_raw_spin_unlock+0xf5/0x210
[ 82.569785][ T51] ? __pfx_process_one_work+0x10/0x10
[ 82.575152][ T51] ? do_raw_spin_lock+0x12b/0x2f0
[ 82.580171][ T51] worker_thread+0xb46/0x1140
[ 82.584851][ T51] kthread+0x388/0x470
[ 82.588915][ T51] ? __pfx_worker_thread+0x10/0x10
[ 82.594015][ T51] ? __pfx_kthread+0x10/0x10
[ 82.598593][ T51] ret_from_fork+0x51e/0xb90
[ 82.603179][ T51] ? __pfx_ret_from_fork+0x10/0x10
[ 82.608279][ T51] ? __switch_to+0xc7d/0x1450
[ 82.612944][ T51] ? __pfx_kthread+0x10/0x10
[ 82.617519][ T51] ret_from_fork_asm+0x1a/0x30
[ 82.622278][ T51]
[ 82.625425][ T51] Kernel Offset: disabled
[ 82.629729][ T51] Rebooting in 86400 seconds..