Warning: Permanently added '10.128.0.126' (ED25519) to the list of known hosts.
2025/11/13 06:50:27 parsed 1 programs
syzkaller login: [   77.136112][ T4271] cgroup: Unknown subsys name 'net'
[   77.264213][ T4271] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   78.783260][ T4271] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   80.499212][ T4281] chnl_net:caif_netlink_parms(): no params data found
[   80.553070][ T4281] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.561076][ T4281] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.569127][ T4281] device bridge_slave_0 entered promiscuous mode
[   80.581946][ T4281] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.589258][ T4281] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.597006][ T4281] device bridge_slave_1 entered promiscuous mode
[   80.623150][ T4281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.634789][ T4281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.660355][ T4281] team0: Port device team_slave_0 added
[   80.667508][ T4281] team0: Port device team_slave_1 added
[   80.690518][ T4281] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.697496][ T4281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.724037][ T4281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.736816][ T4281] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.743967][ T4281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.770093][ T4281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.806420][ T4281] device hsr_slave_0 entered promiscuous mode
[   80.813590][ T4281] device hsr_slave_1 entered promiscuous mode
[   80.917517][ T4281] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.930967][ T4281] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.940540][ T4281] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.950011][ T4281] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.975410][ T4281] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.982904][ T4281] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.990699][ T4281] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.997902][ T4281] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.049283][ T4281] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.065613][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   81.079755][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.087886][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.103561][ T4281] 8021q: adding VLAN 0 to HW filter on device team0
[   81.119946][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   81.129906][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.137127][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.160488][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   81.170743][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.178240][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.193117][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   81.201986][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   81.215406][   T57] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   81.227316][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   81.242725][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   81.257640][ T4281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   81.442720][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   81.450667][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   81.462739][ T4281] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.481865][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   81.490784][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   81.509397][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   81.518686][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   81.527132][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   81.535176][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   81.551471][ T4281] device veth0_vlan entered promiscuous mode
[   81.566076][ T4281] device veth1_vlan entered promiscuous mode
[   81.595266][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   81.605952][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   81.615069][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   81.625177][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   81.636489][ T4281] device veth0_macvtap entered promiscuous mode
[   81.650927][ T4281] device veth1_macvtap entered promiscuous mode
[   81.672667][ T4281] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.681391][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   81.691592][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   81.705262][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   81.714433][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   81.728840][ T4281] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.736608][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   81.747195][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   81.764987][ T4281] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.782040][ T4281] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.791666][ T4281] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.801511][ T4281] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.990047][   T57] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.497597][ T4320] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.506705][ T4320] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.514636][ T4320] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.524080][ T4320] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.531960][ T4320] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   82.539921][ T4320] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   82.749535][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.757600][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.773856][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   82.786408][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.795100][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.804008][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   84.140882][   T57] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/13 06:50:37 executed programs: 0
[   84.976385][ T4318] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.986813][ T4318] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.995839][ T4318] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   85.006394][ T4318] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   85.014171][ T4318] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   85.021649][ T4318] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   85.150900][ T4365] chnl_net:caif_netlink_parms(): no params data found
[   85.199252][ T4365] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.206392][ T4365] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.215398][ T4365] device bridge_slave_0 entered promiscuous mode
[   85.224390][ T4365] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.231770][ T4365] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.239874][ T4365] device bridge_slave_1 entered promiscuous mode
[   85.263502][ T4365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.275009][ T4365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   85.301261][ T4365] team0: Port device team_slave_0 added
[   85.309095][ T4365] team0: Port device team_slave_1 added
[   85.330012][ T4365] batman_adv: batadv0: Adding interface: batadv_slave_0
[   85.336997][ T4365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.363102][ T4365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   85.375437][ T4365] batman_adv: batadv0: Adding interface: batadv_slave_1
[   85.382453][ T4365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   85.408728][ T4365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   85.440799][ T4365] device hsr_slave_0 entered promiscuous mode
[   85.447573][ T4365] device hsr_slave_1 entered promiscuous mode
[   85.454371][ T4365] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   85.462423][ T4365] Cannot create hsr debugfs directory
[   86.410468][   T57] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.491651][   T57] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.650164][  T127] cfg80211: failed to load regulatory.db
[   87.049584][ T4318] Bluetooth: hci0: command 0x0409 tx timeout
[   87.317419][ T4365] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.342876][ T4365] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.353524][ T4365] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.365950][ T4365] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.421991][   T57] device hsr_slave_0 left promiscuous mode
[   87.429511][   T57] device hsr_slave_1 left promiscuous mode
[   87.436209][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.446289][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[   87.455686][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.466618][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[   87.475920][   T57] device bridge_slave_1 left promiscuous mode
[   87.485288][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.497323][   T57] device bridge_slave_0 left promiscuous mode
[   87.506583][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.535824][   T57] device veth1_macvtap left promiscuous mode
[   87.545477][   T57] device veth0_macvtap left promiscuous mode
[   87.552085][   T57] device veth1_vlan left promiscuous mode
[   87.560450][   T57] device veth0_vlan left promiscuous mode
[   87.899036][   T57] team0 (unregistering): Port device team_slave_1 removed
[   87.926876][   T57] team0 (unregistering): Port device team_slave_0 removed
[   87.955799][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   87.985880][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   88.245428][   T57] bond0 (unregistering): Released all slaves
[   88.340056][ T4365] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.359403][ T4365] 8021q: adding VLAN 0 to HW filter on device team0
[   88.366352][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   88.376845][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   88.393413][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   88.402351][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   88.412047][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.419195][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.428036][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   88.440096][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   88.449415][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   88.458021][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.465130][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.491537][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   88.500297][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   88.512745][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   88.523022][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   88.533034][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   88.560447][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   88.570348][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   88.580272][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   88.589231][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.604730][ T4365] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.616587][ T4365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   88.624835][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   88.633778][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.873350][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   88.881255][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   88.895780][ T4365] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.925844][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   88.934845][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   88.964053][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   88.975062][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   88.987694][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   88.995988][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   89.006540][ T4365] device veth0_vlan entered promiscuous mode
[   89.021633][ T4365] device veth1_vlan entered promiscuous mode
[   89.059373][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   89.067798][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   89.077293][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   89.086293][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   89.102783][ T4365] device veth0_macvtap entered promiscuous mode
[   89.125522][ T4365] device veth1_macvtap entered promiscuous mode
[   89.133215][ T4318] Bluetooth: hci0: command 0x041b tx timeout
[   89.148764][ T4365] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.156127][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   89.165878][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   89.174482][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   89.183570][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   89.196126][ T4365] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.203995][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   89.213036][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   89.224948][ T4365] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.234713][ T4365] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.243474][ T4365] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.252603][ T4365] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.306721][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.319624][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.332810][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   89.346292][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.354587][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.364803][   T32] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   89.688423][ T4412] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   89.882072][ T4412] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   89.893389][ T4412] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   89.904325][ T4412] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   89.913872][ T4412] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.929696][ T4412] usb 1-1: config 0 descriptor??
[   90.343081][ T4412] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[   90.355251][ T4412] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[   90.540080][ T4412] cp2112 0003:10C4:EA90.0001: Part Number: 0x82 Device Version: 0xFE
[   91.155970][ T4436] ==================================================================
[   91.164077][ T4436] BUG: KASAN: stack-out-of-bounds in cp2112_xfer+0x60b/0xdd0
[   91.171576][ T4436] Read of size 42 at addr ffffc90004097d41 by task syz.0.17/4436
[   91.179323][ T4436] 
[   91.181685][ T4436] CPU: 0 PID: 4436 Comm: syz.0.17 Not tainted syzkaller #0
[   91.188909][ T4436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   91.199184][ T4436] Call Trace:
[   91.202478][ T4436]  <TASK>
[   91.205418][ T4436]  dump_stack_lvl+0x168/0x22e
[   91.210374][ T4436]  ? cp2112_xfer+0x60b/0xdd0
[   91.214983][ T4436]  ? show_regs_print_info+0x12/0x12
[   91.220197][ T4436]  ? load_image+0x3b0/0x3b0
[   91.224720][ T4436]  ? __virt_addr_valid+0xbf/0x540
[   91.229764][ T4436]  ? cp2112_xfer+0x60b/0xdd0
[   91.234364][ T4436]  print_report+0xa8/0x210
[   91.238803][ T4436]  kasan_report+0x10b/0x140
[   91.243322][ T4436]  ? _find_first_zero_bit+0xcf/0x100
[   91.248627][ T4436]  ? cp2112_xfer+0x60b/0xdd0
[   91.253255][ T4436]  ? cp2112_xfer+0x60b/0xdd0
[   91.257870][ T4436]  kasan_check_range+0x27b/0x290
[   91.262849][ T4436]  memcpy+0x25/0x60
[   91.266686][ T4436]  cp2112_xfer+0x60b/0xdd0
[   91.271127][ T4436]  ? cp2112_i2c_xfer+0xed0/0xed0
[   91.276083][ T4436]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   91.282107][ T4436]  __i2c_smbus_xfer+0x771/0x1fc0
[   91.287067][ T4436]  ? _raw_spin_unlock+0x40/0x40
[   91.291937][ T4436]  ? cp2112_i2c_xfer+0xed0/0xed0
[   91.296892][ T4436]  ? i2c_smbus_write_i2c_block_data+0x1a0/0x1a0
[   91.303183][ T4436]  ? rt_mutex_adjust_prio_chain+0x22c0/0x22c0
[   91.309268][ T4436]  ? __might_fault+0xa6/0x120
[   91.313951][ T4436]  ? i2c_smbus_xfer+0x11d/0x3a0
[   91.318824][ T4436]  i2c_smbus_xfer+0x263/0x3a0
[   91.323518][ T4436]  ? i2c_smbus_read_byte+0x1b0/0x1b0
[   91.328829][ T4436]  ? __might_fault+0xc2/0x120
[   91.333514][ T4436]  ? __might_fault+0xa6/0x120
[   91.338197][ T4436]  i2cdev_ioctl_smbus+0x3e3/0x650
[   91.343332][ T4436]  ? i2cdev_ioctl_rdwr+0x6c0/0x6c0
[   91.348468][ T4436]  ? __might_fault+0xa6/0x120
[   91.353241][ T4436]  ? __might_fault+0xc2/0x120
[   91.357924][ T4436]  ? __might_fault+0xa6/0x120
[   91.362619][ T4436]  i2cdev_ioctl+0x545/0x750
[   91.367139][ T4436]  ? i2cdev_write+0x120/0x120
[   91.371831][ T4436]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   91.377826][ T4436]  ? lock_chain_count+0x20/0x20
[   91.382690][ T4436]  ? bpf_lsm_file_ioctl+0x5/0x10
[   91.387642][ T4436]  ? security_file_ioctl+0x7c/0xa0
[   91.392763][ T4436]  ? i2cdev_write+0x120/0x120
[   91.397464][ T4436]  __se_sys_ioctl+0xfa/0x170
[   91.402067][ T4436]  do_syscall_64+0x4c/0xa0
[   91.406492][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   91.411174][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   91.415858][ T4436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   91.421765][ T4436] RIP: 0033:0x7f602e98f6c9
[   91.426195][ T4436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.445916][ T4436] RSP: 002b:00007ffefb4d9468 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.454376][ T4436] RAX: ffffffffffffffda RBX: 00007f602ebe5fa0 RCX: 00007f602e98f6c9
[   91.462355][ T4436] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000004
[   91.470350][ T4436] RBP: 00007f602ea11f91 R08: 0000000000000000 R09: 0000000000000000
[   91.478372][ T4436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   91.486450][ T4436] R13: 00007f602ebe5fa0 R14: 00007f602ebe5fa0 R15: 0000000000000003
[   91.494532][ T4436]  </TASK>
[   91.497562][ T4436] 
[   91.499891][ T4436] The buggy address belongs to stack of task syz.0.17/4436
[   91.507091][ T4436]  and is located at offset 33 in frame:
[   91.512726][ T4436]  i2cdev_ioctl_smbus+0x0/0x650
[   91.517598][ T4436] 
[   91.519925][ T4436] This frame has 1 object:
[   91.524341][ T4436]  [32, 66) 'temp'
[   91.524351][ T4436] 
[   91.530391][ T4436] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90004090000 allocated at copy_process+0x5bd/0x4020
[   91.543346][ T4436] The buggy address belongs to the physical page:
[   91.549774][ T4436] page:ffffea0001efa640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7be99
[   91.559932][ T4436] memcg:ffff88802fe54f82
[   91.564173][ T4436] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   91.571303][ T4436] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   91.579897][ T4436] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88802fe54f82
[   91.588481][ T4436] page dumped because: kasan: bad access detected
[   91.594904][ T4436] page_owner tracks the page as allocated
[   91.600620][ T4436] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 80965016314, free_ts 66080083383
[   91.618102][ T4436]  post_alloc_hook+0x173/0x1a0
[   91.622888][ T4436]  get_page_from_freelist+0x1a26/0x1ac0
[   91.628454][ T4436]  __alloc_pages+0x1df/0x4e0
[   91.633055][ T4436]  __vmalloc_node_range+0x959/0x1390
[   91.638365][ T4436]  dup_task_struct+0x3d3/0x6b0
[   91.643136][ T4436]  copy_process+0x5bd/0x4020
[   91.647732][ T4436]  kernel_clone+0x225/0x8b0
[   91.652241][ T4436]  kernel_thread+0xe5/0x140
[   91.656748][ T4436]  kthreadd+0x536/0x6e0
[   91.660920][ T4436]  ret_from_fork+0x1f/0x30
[   91.665347][ T4436] page last free stack trace:
[   91.670023][ T4436]  free_unref_page_prepare+0x8b4/0x9a0
[   91.675491][ T4436]  free_unref_page_list+0xbb/0x8e0
[   91.680616][ T4436]  release_pages+0x1f92/0x2200
[   91.685399][ T4436]  tlb_flush_mmu+0xff/0x210
[   91.689917][ T4436]  tlb_finish_mmu+0xbd/0x1c0
[   91.694521][ T4436]  exit_mmap+0x343/0x8e0
[   91.698772][ T4436]  __mmput+0x118/0x3c0
[   91.702848][ T4436]  exit_mm+0x1e6/0x2c0
[   91.707013][ T4436]  do_exit+0x8c1/0x2400
[   91.711180][ T4436]  do_group_exit+0x217/0x2d0
[   91.715777][ T4436]  __x64_sys_exit_group+0x3b/0x40
[   91.720820][ T4436]  do_syscall_64+0x4c/0xa0
[   91.725249][ T4436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   91.731148][ T4436] 
[   91.733470][ T4436] Memory state around the buggy address:
[   91.739101][ T4436]  ffffc90004097c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3
[   91.747169][ T4436]  ffffc90004097c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.755231][ T4436] >ffffc90004097d00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 02 f3 f3 f3
[   91.763303][ T4436]                                                        ^
[   91.770496][ T4436]  ffffc90004097d80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   91.778562][ T4436]  ffffc90004097e00: f1 f1 f1 f1 04 f2 00 00 f2 f2 00 00 f3 f3 f3 f3
[   91.786625][ T4436] ==================================================================
[   91.795381][ T4318] Bluetooth: hci0: command 0x040f tx timeout
[   91.805829][ T4436] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   91.813104][ T4436] CPU: 1 PID: 4436 Comm: syz.0.17 Not tainted syzkaller #0
[   91.820329][ T4436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   91.830431][ T4436] Call Trace:
[   91.833797][ T4436]  <TASK>
[   91.836758][ T4436]  dump_stack_lvl+0x168/0x22e
[   91.841460][ T4436]  ? memcpy+0x3c/0x60
[   91.845484][ T4436]  ? show_regs_print_info+0x12/0x12
[   91.850698][ T4436]  ? load_image+0x3b0/0x3b0
[   91.855232][ T4436]  panic+0x2c9/0x710
[   91.859301][ T4436]  ? bpf_jit_dump+0xd0/0xd0
[   91.863820][ T4436]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[   91.869730][ T4436]  ? _raw_spin_unlock+0x40/0x40
[   91.874609][ T4436]  ? print_memory_metadata+0x314/0x400
[   91.880076][ T4436]  check_panic_on_warn+0x80/0xa0
[   91.885036][ T4436]  ? cp2112_xfer+0x60b/0xdd0
[   91.889824][ T4436]  end_report+0x66/0x110
[   91.894081][ T4436]  kasan_report+0x118/0x140
[   91.898596][ T4436]  ? _find_first_zero_bit+0xcf/0x100
[   91.903913][ T4436]  ? cp2112_xfer+0x60b/0xdd0
[   91.908519][ T4436]  ? cp2112_xfer+0x60b/0xdd0
[   91.913128][ T4436]  kasan_check_range+0x27b/0x290
[   91.918090][ T4436]  memcpy+0x25/0x60
[   91.921920][ T4436]  cp2112_xfer+0x60b/0xdd0
[   91.926435][ T4436]  ? cp2112_i2c_xfer+0xed0/0xed0
[   91.931398][ T4436]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   91.937396][ T4436]  __i2c_smbus_xfer+0x771/0x1fc0
[   91.942433][ T4436]  ? _raw_spin_unlock+0x40/0x40
[   91.947415][ T4436]  ? cp2112_i2c_xfer+0xed0/0xed0
[   91.952367][ T4436]  ? i2c_smbus_write_i2c_block_data+0x1a0/0x1a0
[   91.958619][ T4436]  ? rt_mutex_adjust_prio_chain+0x22c0/0x22c0
[   91.964710][ T4436]  ? __might_fault+0xa6/0x120
[   91.969390][ T4436]  ? i2c_smbus_xfer+0x11d/0x3a0
[   91.974254][ T4436]  i2c_smbus_xfer+0x263/0x3a0
[   91.978942][ T4436]  ? i2c_smbus_read_byte+0x1b0/0x1b0
[   91.984238][ T4436]  ? __might_fault+0xc2/0x120
[   91.988917][ T4436]  ? __might_fault+0xa6/0x120
[   91.993596][ T4436]  i2cdev_ioctl_smbus+0x3e3/0x650
[   91.998644][ T4436]  ? i2cdev_ioctl_rdwr+0x6c0/0x6c0
[   92.003774][ T4436]  ? __might_fault+0xa6/0x120
[   92.008454][ T4436]  ? __might_fault+0xc2/0x120
[   92.013133][ T4436]  ? __might_fault+0xa6/0x120
[   92.017838][ T4436]  i2cdev_ioctl+0x545/0x750
[   92.022371][ T4436]  ? i2cdev_write+0x120/0x120
[   92.027060][ T4436]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[   92.033062][ T4436]  ? lock_chain_count+0x20/0x20
[   92.037923][ T4436]  ? bpf_lsm_file_ioctl+0x5/0x10
[   92.042893][ T4436]  ? security_file_ioctl+0x7c/0xa0
[   92.048016][ T4436]  ? i2cdev_write+0x120/0x120
[   92.052710][ T4436]  __se_sys_ioctl+0xfa/0x170
[   92.057312][ T4436]  do_syscall_64+0x4c/0xa0
[   92.061734][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   92.066425][ T4436]  ? clear_bhb_loop+0x60/0xb0
[   92.071124][ T4436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.077045][ T4436] RIP: 0033:0x7f602e98f6c9
[   92.081473][ T4436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.101102][ T4436] RSP: 002b:00007ffefb4d9468 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.109525][ T4436] RAX: ffffffffffffffda RBX: 00007f602ebe5fa0 RCX: 00007f602e98f6c9
[   92.117505][ T4436] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000004
[   92.125493][ T4436] RBP: 00007f602ea11f91 R08: 0000000000000000 R09: 0000000000000000
[   92.133468][ T4436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.141459][ T4436] R13: 00007f602ebe5fa0 R14: 00007f602ebe5fa0 R15: 0000000000000003
[   92.149614][ T4436]  </TASK>
[   92.152873][ T4436] Kernel Offset: disabled
[   92.157237][ T4436] Rebooting in 86400 seconds..