Warning: Permanently added '10.128.1.229' (ED25519) to the list of known hosts.
2025/09/14 06:17:32 parsed 1 programs
[   92.771886][ T5872] cgroup: Unknown subsys name 'net'
[   92.887357][ T5872] cgroup: Unknown subsys name 'cpuset'
[   92.896220][ T5872] cgroup: Unknown subsys name 'rlimit'
[   94.661020][ T5872] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.094927][   T44] cfg80211: failed to load regulatory.db
[   97.667003][ T5886] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   98.328339][ T5186] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.336609][ T5186] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.345060][ T5186] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.354052][ T5186] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.362853][ T5186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.721353][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.734041][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.782619][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.790880][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.583927][ T5935] chnl_net:caif_netlink_parms(): no params data found
[   99.688350][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.695700][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.704805][ T5935] bridge_slave_0: entered allmulticast mode
[   99.712266][ T5935] bridge_slave_0: entered promiscuous mode
[   99.722151][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.730201][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.737438][ T5935] bridge_slave_1: entered allmulticast mode
[   99.745453][ T5935] bridge_slave_1: entered promiscuous mode
[   99.783550][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.827035][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.870394][ T5935] team0: Port device team_slave_0 added
[   99.884299][ T5935] team0: Port device team_slave_1 added
[   99.922221][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.929248][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.956407][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.969586][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.977369][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.003787][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.057605][ T5935] hsr_slave_0: entered promiscuous mode
[  100.064604][ T5935] hsr_slave_1: entered promiscuous mode
[  100.236042][ T5935] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.248589][ T5935] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.259766][ T5935] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.270622][ T5935] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.354821][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.376401][ T5935] 8021q: adding VLAN 0 to HW filter on device team0
[  100.389912][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.397232][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.413878][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.421040][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.620153][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.666113][ T5935] veth0_vlan: entered promiscuous mode
[  100.678767][ T5935] veth1_vlan: entered promiscuous mode
[  100.713486][ T5935] veth0_macvtap: entered promiscuous mode
[  100.724430][ T5935] veth1_macvtap: entered promiscuous mode
[  100.745070][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.759939][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.776880][   T69] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.787297][   T69] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.796731][   T69] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.806909][   T69] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.934171][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.018865][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.076452][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.136613][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/14 06:17:46 executed programs: 0
[  103.276704][ T5186] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.285608][ T5186] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.295636][ T5186] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.303974][ T5186] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.311703][ T5186] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.482336][ T5981] chnl_net:caif_netlink_parms(): no params data found
[  103.566243][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.573730][ T5981] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.580891][ T5981] bridge_slave_0: entered allmulticast mode
[  103.588391][ T5981] bridge_slave_0: entered promiscuous mode
[  103.596327][ T5981] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.604214][ T5981] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.611372][ T5981] bridge_slave_1: entered allmulticast mode
[  103.619515][ T5981] bridge_slave_1: entered promiscuous mode
[  103.652321][ T5981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.665485][ T5981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.700497][ T5981] team0: Port device team_slave_0 added
[  103.709078][ T5981] team0: Port device team_slave_1 added
[  103.741488][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.748615][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.774688][ T5981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.787311][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.794628][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.821607][ T5981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.869603][ T5981] hsr_slave_0: entered promiscuous mode
[  103.876594][ T5981] hsr_slave_1: entered promiscuous mode
[  103.883212][ T5981] debugfs: 'hsr0' already exists in 'hsr'
[  103.889416][ T5981] Cannot create hsr debugfs directory
[  104.194702][   T12] bridge_slave_1: left allmulticast mode
[  104.200476][   T12] bridge_slave_1: left promiscuous mode
[  104.207394][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.223831][   T12] bridge_slave_0: left allmulticast mode
[  104.229865][   T12] bridge_slave_0: left promiscuous mode
[  104.236474][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.590522][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.602174][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.612424][   T12] bond0 (unregistering): Released all slaves
[  104.694731][   T12] hsr_slave_0: left promiscuous mode
[  104.701023][   T12] hsr_slave_1: left promiscuous mode
[  104.707563][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.717360][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.726020][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.733576][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.757832][   T12] veth1_macvtap: left promiscuous mode
[  104.764559][   T12] veth0_macvtap: left promiscuous mode
[  104.770387][   T12] veth1_vlan: left promiscuous mode
[  104.777152][   T12] veth0_vlan: left promiscuous mode
[  105.291643][   T12] team0 (unregistering): Port device team_slave_1 removed
[  105.327761][   T12] team0 (unregistering): Port device team_slave_0 removed
[  105.333973][   T51] Bluetooth: hci0: command tx timeout
[  105.979658][ T5981] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.007570][ T5981] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.029788][ T5981] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.045353][ T5981] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.511854][ T5981] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.586008][ T5981] 8021q: adding VLAN 0 to HW filter on device team0
[  106.618838][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.626100][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.661290][  T197] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.668496][  T197] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.001883][ T5981] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.061995][ T5981] veth0_vlan: entered promiscuous mode
[  107.082449][ T5981] veth1_vlan: entered promiscuous mode
[  107.129382][ T5981] veth0_macvtap: entered promiscuous mode
[  107.140589][ T5981] veth1_macvtap: entered promiscuous mode
[  107.167110][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.183652][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.200333][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.226851][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.250727][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.280835][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.334877][  T197] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.351525][  T197] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.396607][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.405183][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.425013][   T51] Bluetooth: hci0: command tx timeout
[  107.733331][ T1222] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  107.899121][ T1222] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  107.910230][ T1222] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  107.920083][ T1222] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  107.929196][ T1222] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.940721][ T1222] usb 1-1: config 0 descriptor??
[  108.355867][ T1222] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  108.363455][ T1222] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  108.370444][ T1222] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  108.377796][ T1222] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  108.384840][ T1222] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  108.392806][ T1222] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  108.399823][ T1222] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  108.410950][ T1222] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[  108.550728][ T1222] cp2112 0003:10C4:EA90.0001: Part Number: 0x00 Device Version: 0x00
[  109.152970][ T6050] ==================================================================
[  109.161089][ T6050] BUG: KASAN: stack-out-of-bounds in cp2112_xfer+0x713/0xf10
[  109.168503][ T6050] Read of size 34 at addr ffffc90003967d21 by task syz.0.17/6050
[  109.176248][ T6050] 
[  109.178604][ T6050] CPU: 1 UID: 0 PID: 6050 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  109.178628][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  109.178647][ T6050] Call Trace:
[  109.178655][ T6050]  <TASK>
[  109.178663][ T6050]  dump_stack_lvl+0x189/0x250
[  109.178687][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.178706][ T6050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.178725][ T6050]  ? __pfx__printk+0x10/0x10
[  109.178757][ T6050]  ? __virt_addr_valid+0xdc/0x5c0
[  109.178783][ T6050]  ? __virt_addr_valid+0xdc/0x5c0
[  109.178806][ T6050]  print_report+0xca/0x240
[  109.178821][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.178837][ T6050]  kasan_report+0x118/0x150
[  109.178862][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.178882][ T6050]  kasan_check_range+0x2b0/0x2c0
[  109.178909][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.178928][ T6050]  __asan_memcpy+0x29/0x70
[  109.178947][ T6050]  cp2112_xfer+0x713/0xf10
[  109.178965][ T6050]  ? validate_chain+0x897/0x2140
[  109.178982][ T6050]  ? __pfx_cp2112_xfer+0x10/0x10
[  109.179008][ T6050]  __i2c_smbus_xfer+0x5b6/0x1e50
[  109.179034][ T6050]  ? __pfx_cp2112_xfer+0x10/0x10
[  109.179060][ T6050]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  109.179087][ T6050]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  109.179114][ T6050]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  109.179140][ T6050]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  109.179170][ T6050]  ? rt_mutex_lock_nested+0x15e/0x1e0
[  109.179198][ T6050]  i2c_smbus_xfer+0x275/0x3c0
[  109.179222][ T6050]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[  109.179248][ T6050]  i2cdev_ioctl_smbus+0x43d/0x6d0
[  109.179270][ T6050]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  109.179295][ T6050]  i2cdev_ioctl+0x5d3/0x7f0
[  109.179313][ T6050]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  109.179339][ T6050]  ? bpf_lsm_file_ioctl+0x9/0x20
[  109.179361][ T6050]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  109.179378][ T6050]  __se_sys_ioctl+0xfc/0x170
[  109.179400][ T6050]  do_syscall_64+0xfa/0x3b0
[  109.179418][ T6050]  ? lockdep_hardirqs_on+0x9c/0x150
[  109.179434][ T6050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.179451][ T6050]  ? clear_bhb_loop+0x60/0xb0
[  109.179474][ T6050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.179492][ T6050] RIP: 0033:0x7f975b78eba9
[  109.179512][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.179526][ T6050] RSP: 002b:00007fffe2e6c958 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  109.179545][ T6050] RAX: ffffffffffffffda RBX: 00007f975b9d5fa0 RCX: 00007f975b78eba9
[  109.179558][ T6050] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[  109.179569][ T6050] RBP: 00007f975b811e19 R08: 0000000000000000 R09: 0000000000000000
[  109.179579][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  109.179589][ T6050] R13: 00007f975b9d5fa0 R14: 00007f975b9d5fa0 R15: 0000000000000003
[  109.179613][ T6050]  </TASK>
[  109.179619][ T6050] 
[  109.467586][ T6050] The buggy address belongs to stack of task syz.0.17/6050
[  109.474783][ T6050]  and is located at offset 33 in frame:
[  109.480423][ T6050]  i2cdev_ioctl_smbus+0x0/0x6d0
[  109.485285][ T6050] 
[  109.487645][ T6050] This frame has 1 object:
[  109.492061][ T6050]  [32, 66) 'temp'
[  109.492073][ T6050] 
[  109.498114][ T6050] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003960000 allocated at copy_process+0x54b/0x3c00
[  109.511096][ T6050] The buggy address belongs to the physical page:
[  109.517533][ T6050] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807567ec80 pfn:0x7567e
[  109.527620][ T6050] memcg:ffff888077b7cd82
[  109.531876][ T6050] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  109.539100][ T6050] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  109.547701][ T6050] raw: ffff88807567ec80 0000000000000000 00000001ffffffff ffff888077b7cd82
[  109.556292][ T6050] page dumped because: kasan: bad access detected
[  109.562723][ T6050] page_owner tracks the page as allocated
[  109.568446][ T6050] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 5981, tgid 5981 (syz-executor), ts 107463971620, free_ts 107242006531
[  109.588169][ T6050]  post_alloc_hook+0x240/0x2a0
[  109.593041][ T6050]  get_page_from_freelist+0x21e4/0x22c0
[  109.598599][ T6050]  __alloc_frozen_pages_noprof+0x181/0x370
[  109.604415][ T6050]  alloc_pages_mpol+0x232/0x4a0
[  109.609275][ T6050]  alloc_pages_noprof+0xa9/0x190
[  109.614229][ T6050]  __vmalloc_node_range_noprof+0x97d/0x12f0
[  109.620226][ T6050]  __vmalloc_node_noprof+0xc2/0x110
[  109.625625][ T6050]  dup_task_struct+0x3e7/0x860
[  109.630397][ T6050]  copy_process+0x54b/0x3c00
[  109.634989][ T6050]  kernel_clone+0x21e/0x840
[  109.639510][ T6050]  __x64_sys_clone+0x18b/0x1e0
[  109.644280][ T6050]  do_syscall_64+0xfa/0x3b0
[  109.648792][ T6050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.654688][ T6050] page last free pid 6044 tgid 6044 stack trace:
[  109.661100][ T6050]  __free_frozen_pages+0xbc4/0xd30
[  109.666237][ T6050]  __put_partials+0x156/0x1a0
[  109.670918][ T6050]  put_cpu_partial+0x17c/0x250
[  109.675684][ T6050]  __slab_free+0x2d5/0x3c0
[  109.680101][ T6050]  qlist_free_all+0x97/0x140
[  109.684722][ T6050]  kasan_quarantine_reduce+0x148/0x160
[  109.690203][ T6050]  __kasan_slab_alloc+0x22/0x80
[  109.695075][ T6050]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  109.700679][ T6050]  vm_area_alloc+0x24/0x140
[  109.705297][ T6050]  mmap_region+0xdc7/0x20c0
[  109.709904][ T6050]  do_mmap+0xc45/0x10d0
[  109.714094][ T6050]  vm_mmap_pgoff+0x2a6/0x4d0
[  109.718699][ T6050]  ksys_mmap_pgoff+0x51f/0x760
[  109.723485][ T6050]  do_syscall_64+0xfa/0x3b0
[  109.728007][ T6050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.733928][ T6050] 
[  109.736259][ T6050] Memory state around the buggy address:
[  109.741894][ T6050]  ffffc90003967c00: 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00
[  109.749958][ T6050]  ffffc90003967c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  109.758034][ T6050] >ffffc90003967d00: f1 f1 f1 f1 00 00 00 00 02 f3 f3 f3 f3 f3 f3 f3
[  109.766186][ T6050]                                            ^
[  109.772375][ T6050]  ffffc90003967d80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[  109.780448][ T6050]  ffffc90003967e00: 04 f2 00 00 f2 f2 00 00 f3 f3 f3 f3 00 00 00 00
[  109.788511][ T6050] ==================================================================
[  109.802998][   T51] Bluetooth: hci0: command tx timeout
[  109.803506][ T6050] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  109.803527][ T6050] CPU: 0 UID: 0 PID: 6050 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  109.803555][ T6050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  109.803571][ T6050] Call Trace:
[  109.803581][ T6050]  <TASK>
[  109.803592][ T6050]  dump_stack_lvl+0x99/0x250
[  109.803632][ T6050]  ? __asan_memcpy+0x40/0x70
[  109.803661][ T6050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.803689][ T6050]  ? __pfx__printk+0x10/0x10
[  109.803754][ T6050]  vpanic+0x281/0x750
[  109.803780][ T6050]  ? preempt_schedule+0xae/0xc0
[  109.803802][ T6050]  ? __pfx_vpanic+0x10/0x10
[  109.803828][ T6050]  ? preempt_schedule_common+0x83/0xd0
[  109.803850][ T6050]  ? preempt_schedule+0xae/0xc0
[  109.803872][ T6050]  ? __pfx_preempt_schedule+0x10/0x10
[  109.803896][ T6050]  panic+0xb9/0xc0
[  109.803923][ T6050]  ? __pfx_panic+0x10/0x10
[  109.803952][ T6050]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  109.803993][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.804018][ T6050]  check_panic_on_warn+0x89/0xb0
[  109.804052][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.804074][ T6050]  end_report+0x78/0x160
[  109.804108][ T6050]  kasan_report+0x129/0x150
[  109.804143][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.804172][ T6050]  kasan_check_range+0x2b0/0x2c0
[  109.804205][ T6050]  ? cp2112_xfer+0x713/0xf10
[  109.804230][ T6050]  __asan_memcpy+0x29/0x70
[  109.804257][ T6050]  cp2112_xfer+0x713/0xf10
[  109.804283][ T6050]  ? validate_chain+0x897/0x2140
[  109.804307][ T6050]  ? __pfx_cp2112_xfer+0x10/0x10
[  109.804342][ T6050]  __i2c_smbus_xfer+0x5b6/0x1e50
[  109.804379][ T6050]  ? __pfx_cp2112_xfer+0x10/0x10
[  109.804411][ T6050]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  109.804449][ T6050]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  109.804486][ T6050]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  109.804523][ T6050]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  109.804568][ T6050]  ? rt_mutex_lock_nested+0x15e/0x1e0
[  109.804600][ T6050]  i2c_smbus_xfer+0x275/0x3c0
[  109.804636][ T6050]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[  109.804673][ T6050]  i2cdev_ioctl_smbus+0x43d/0x6d0
[  109.804706][ T6050]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  109.804749][ T6050]  i2cdev_ioctl+0x5d3/0x7f0
[  109.804773][ T6050]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  109.804804][ T6050]  ? bpf_lsm_file_ioctl+0x9/0x20
[  109.804834][ T6050]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  109.804859][ T6050]  __se_sys_ioctl+0xfc/0x170
[  109.804890][ T6050]  do_syscall_64+0xfa/0x3b0
[  109.804916][ T6050]  ? lockdep_hardirqs_on+0x9c/0x150
[  109.804938][ T6050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.804961][ T6050]  ? clear_bhb_loop+0x60/0xb0
[  109.804989][ T6050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.805013][ T6050] RIP: 0033:0x7f975b78eba9
[  109.805034][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.805055][ T6050] RSP: 002b:00007fffe2e6c958 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  109.805081][ T6050] RAX: ffffffffffffffda RBX: 00007f975b9d5fa0 RCX: 00007f975b78eba9
[  109.805100][ T6050] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[  109.805116][ T6050] RBP: 00007f975b811e19 R08: 0000000000000000 R09: 0000000000000000
[  109.805131][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  109.805146][ T6050] R13: 00007f975b9d5fa0 R14: 00007f975b9d5fa0 R15: 0000000000000003
[  109.805173][ T6050]  </TASK>
[  109.808678][ T6050] Kernel Offset: disabled