Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts.
2025/11/21 06:10:33 parsed 1 programs
[   65.608537][ T5789] cgroup: Unknown subsys name 'net'
[   65.740589][ T5789] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   67.142700][ T5789] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   69.581849][ T3466] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.589894][ T3466] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.615274][ T3466] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.623746][ T3466] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.101935][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.110506][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.124115][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.135200][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.148030][ T5829] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   70.155614][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.599947][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[   71.609901][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[   71.754150][ T5858] chnl_net:caif_netlink_parms(): no params data found
[   71.828657][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.837040][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.845888][ T5858] bridge_slave_0: entered allmulticast mode
[   71.854070][ T5858] bridge_slave_0: entered promiscuous mode
[   71.873901][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.881018][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.888877][ T5858] bridge_slave_1: entered allmulticast mode
[   71.899927][ T5858] bridge_slave_1: entered promiscuous mode
[   71.927973][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.940252][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.974755][ T5858] team0: Port device team_slave_0 added
[   71.985819][ T5858] team0: Port device team_slave_1 added
[   72.014881][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.021844][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.047881][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.062067][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.069996][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.096454][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.143688][ T5858] hsr_slave_0: entered promiscuous mode
[   72.150074][ T5858] hsr_slave_1: entered promiscuous mode
[   72.283357][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.298056][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.314789][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.324186][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.349685][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.357188][ T5858] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.365473][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.372553][ T5858] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.431538][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.450008][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.459175][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.480263][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[   72.495528][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.502693][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.518448][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.525622][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.695279][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.740143][ T5858] veth0_vlan: entered promiscuous mode
[   72.750976][ T5858] veth1_vlan: entered promiscuous mode
[   72.782897][ T5858] veth0_macvtap: entered promiscuous mode
[   72.792311][ T5858] veth1_macvtap: entered promiscuous mode
[   72.815675][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.829747][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.850961][ T5858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.859948][ T5858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.869066][ T5858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.877959][ T5858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.012885][ T5858] syz-executor (5858) used greatest stack depth: 19856 bytes left
[   73.071362][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/21 06:10:43 executed programs: 0
[   74.057799][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.066194][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.074452][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.084650][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.092725][ T5829] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   74.100235][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.231975][ T5898] chnl_net:caif_netlink_parms(): no params data found
[   74.296723][ T5898] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.304712][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.311877][ T5898] bridge_slave_0: entered allmulticast mode
[   74.319480][ T5898] bridge_slave_0: entered promiscuous mode
[   74.328971][ T5898] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.336400][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.343575][ T5898] bridge_slave_1: entered allmulticast mode
[   74.350550][ T5898] bridge_slave_1: entered promiscuous mode
[   74.384164][ T5898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.395746][ T5898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.433297][ T5898] team0: Port device team_slave_0 added
[   74.442315][ T5898] team0: Port device team_slave_1 added
[   74.465276][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.472254][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.498706][ T5898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.512879][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.520173][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.548268][ T5898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.593502][ T5898] hsr_slave_0: entered promiscuous mode
[   74.599936][ T5898] hsr_slave_1: entered promiscuous mode
[   74.607472][ T5898] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   74.615351][ T5898] Cannot create hsr debugfs directory
[   75.594281][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.155275][ T5105] Bluetooth: hci0: command tx timeout
[   77.805316][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.867373][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.238443][ T5105] Bluetooth: hci0: command tx timeout
[   78.659984][   T11] hsr_slave_0: left promiscuous mode
[   78.667067][   T11] hsr_slave_1: left promiscuous mode
[   78.681584][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   78.692350][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[   78.701588][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   78.711339][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[   78.720482][   T11] bridge_slave_1: left allmulticast mode
[   78.728370][   T11] bridge_slave_1: left promiscuous mode
[   78.735409][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.750297][   T11] bridge_slave_0: left allmulticast mode
[   78.758214][   T11] bridge_slave_0: left promiscuous mode
[   78.766222][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.789440][   T11] veth1_macvtap: left promiscuous mode
[   78.796087][   T11] veth0_macvtap: left promiscuous mode
[   78.801654][   T11] veth1_vlan: left promiscuous mode
[   78.808449][   T11] veth0_vlan: left promiscuous mode
[   79.136704][   T11] team0 (unregistering): Port device team_slave_1 removed
[   79.168404][   T11] team0 (unregistering): Port device team_slave_0 removed
[   79.198680][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   79.229365][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   79.509020][   T11] bond0 (unregistering): Released all slaves
[   79.594233][ T5898] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.603401][ T5898] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.616101][ T5898] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.627705][ T5898] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.715810][ T5898] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.733017][ T5898] 8021q: adding VLAN 0 to HW filter on device team0
[   79.751325][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.758499][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.781042][ T3466] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.788188][ T3466] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.978588][ T5898] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.031477][ T5898] veth0_vlan: entered promiscuous mode
[   80.043263][ T5898] veth1_vlan: entered promiscuous mode
[   80.069800][ T5898] veth0_macvtap: entered promiscuous mode
[   80.078507][ T5898] veth1_macvtap: entered promiscuous mode
[   80.095007][ T5898] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.110178][ T5898] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.121870][ T5898] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.131221][ T5898] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.140266][ T5898] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.149541][ T5898] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.233069][ T3466] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.244689][ T3466] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.282605][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.290525][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.313955][ T5105] Bluetooth: hci0: command tx timeout
[   80.624205][ T5821] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   80.837087][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   80.848323][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   80.858148][ T5821] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   80.867280][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.879755][ T5821] usb 1-1: config 0 descriptor??
[   81.294324][ T5821] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[   81.308925][ T5821] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[   81.490975][ T5821] cp2112 0003:10C4:EA90.0001: Part Number: 0x82 Device Version: 0xFE
[   81.836231][    T9] cfg80211: failed to load regulatory.db
[   82.092576][ T5948] ==================================================================
[   82.100686][ T5948] BUG: KASAN: stack-out-of-bounds in cp2112_xfer+0x714/0xf00
[   82.108067][ T5948] Read of size 42 at addr ffffc90003267d41 by task syz.0.17/5948
[   82.115867][ T5948] 
[   82.118232][ T5948] CPU: 1 PID: 5948 Comm: syz.0.17 Not tainted syzkaller #0
[   82.125437][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   82.135510][ T5948] Call Trace:
[   82.138806][ T5948]  <TASK>
[   82.141755][ T5948]  dump_stack_lvl+0x16c/0x230
[   82.146440][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.151026][ T5948]  ? show_regs_print_info+0x20/0x20
[   82.156235][ T5948]  ? load_image+0x3b0/0x3b0
[   82.160727][ T5948]  ? __virt_addr_valid+0xc3/0x540
[   82.165752][ T5948]  print_report+0xac/0x220
[   82.170173][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.174770][ T5948]  kasan_report+0x117/0x150
[   82.179269][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.183849][ T5948]  kasan_check_range+0x288/0x290
[   82.188789][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.193390][ T5948]  __asan_memcpy+0x29/0x70
[   82.197819][ T5948]  cp2112_xfer+0x714/0xf00
[   82.202249][ T5948]  ? cp2112_i2c_xfer+0xe70/0xe70
[   82.207188][ T5948]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[   82.213167][ T5948]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[   82.219064][ T5948]  __i2c_smbus_xfer+0x888/0x1d90
[   82.223996][ T5948]  ? cp2112_i2c_xfer+0xe70/0xe70
[   82.228930][ T5948]  ? i2c_smbus_write_i2c_block_data+0x1b0/0x1b0
[   82.235178][ T5948]  ? rt_mutex_adjust_prio_chain+0x2400/0x2400
[   82.241257][ T5948]  ? i2c_smbus_xfer+0x121/0x3a0
[   82.246118][ T5948]  i2c_smbus_xfer+0x267/0x3a0
[   82.250885][ T5948]  ? i2c_smbus_read_byte+0x1b0/0x1b0
[   82.256162][ T5948]  ? __might_fault+0xaa/0x120
[   82.260842][ T5948]  ? __might_fault+0xc6/0x120
[   82.265520][ T5948]  ? __might_fault+0xaa/0x120
[   82.270192][ T5948]  i2cdev_ioctl_smbus+0x423/0x670
[   82.275232][ T5948]  ? i2cdev_ioctl_rdwr+0x690/0x690
[   82.280358][ T5948]  ? __might_fault+0xaa/0x120
[   82.285030][ T5948]  ? __might_fault+0xc6/0x120
[   82.289715][ T5948]  ? __might_fault+0xaa/0x120
[   82.294400][ T5948]  i2cdev_ioctl+0x5d1/0x7e0
[   82.298910][ T5948]  ? i2cdev_write+0x120/0x120
[   82.303585][ T5948]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[   82.309556][ T5948]  ? bpf_lsm_file_ioctl+0x9/0x10
[   82.314496][ T5948]  ? security_file_ioctl+0x80/0xa0
[   82.319600][ T5948]  ? i2cdev_write+0x120/0x120
[   82.324276][ T5948]  __se_sys_ioctl+0xfd/0x170
[   82.328872][ T5948]  do_syscall_64+0x55/0xb0
[   82.333287][ T5948]  ? clear_bhb_loop+0x40/0x90
[   82.337982][ T5948]  ? clear_bhb_loop+0x40/0x90
[   82.342659][ T5948]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   82.348551][ T5948] RIP: 0033:0x7fee68f8f749
[   82.352989][ T5948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.372602][ T5948] RSP: 002b:00007ffe1934d5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.381013][ T5948] RAX: ffffffffffffffda RBX: 00007fee691e5fa0 RCX: 00007fee68f8f749
[   82.388987][ T5948] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000004
[   82.396974][ T5948] RBP: 00007fee69013f91 R08: 0000000000000000 R09: 0000000000000000
[   82.404946][ T5948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   82.412904][ T5948] R13: 00007fee691e5fa0 R14: 00007fee691e5fa0 R15: 0000000000000003
[   82.420887][ T5948]  </TASK>
[   82.423902][ T5948] 
[   82.426216][ T5948] The buggy address belongs to stack of task syz.0.17/5948
[   82.433394][ T5948]  and is located at offset 33 in frame:
[   82.439008][ T5948]  i2cdev_ioctl_smbus+0x0/0x670
[   82.443859][ T5948] 
[   82.446193][ T5948] This frame has 1 object:
[   82.450599][ T5948]  [32, 66) 'temp'
[   82.450611][ T5948] 
[   82.456642][ T5948] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc90003260000 allocated at copy_process+0x549/0x3d70
[   82.469581][ T5948] The buggy address belongs to the physical page:
[   82.475993][ T5948] page:ffffea000071d500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c754
[   82.486152][ T5948] memcg:ffff88807331f382
[   82.490377][ T5948] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   82.497486][ T5948] page_type: 0xffffffff()
[   82.501809][ T5948] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   82.510396][ T5948] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88807331f382
[   82.519000][ T5948] page dumped because: kasan: bad access detected
[   82.525422][ T5948] page_owner tracks the page as allocated
[   82.531127][ T5948] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 72338514479, free_ts 72294243818
[   82.548583][ T5948]  post_alloc_hook+0x1cd/0x210
[   82.553345][ T5948]  get_page_from_freelist+0x195c/0x19f0
[   82.558895][ T5948]  __alloc_pages+0x1e3/0x460
[   82.563483][ T5948]  __vmalloc_node_range+0x96b/0x1320
[   82.568773][ T5948]  dup_task_struct+0x3d0/0x7c0
[   82.573520][ T5948]  copy_process+0x549/0x3d70
[   82.578090][ T5948]  kernel_clone+0x21b/0x840
[   82.582581][ T5948]  kernel_thread+0x10d/0x160
[   82.587167][ T5948]  kthreadd+0x560/0x730
[   82.591320][ T5948]  ret_from_fork+0x48/0x80
[   82.595727][ T5948]  ret_from_fork_asm+0x11/0x20
[   82.600494][ T5948] page last free stack trace:
[   82.605153][ T5948]  free_unref_page_prepare+0x7ce/0x8e0
[   82.610609][ T5948]  free_unref_page+0x32/0x2e0
[   82.615281][ T5948]  __slab_free+0x35e/0x410
[   82.619688][ T5948]  qlist_free_all+0x75/0xe0
[   82.624183][ T5948]  kasan_quarantine_reduce+0x143/0x160
[   82.629643][ T5948]  __kasan_slab_alloc+0x22/0x80
[   82.634501][ T5948]  slab_post_alloc_hook+0x6e/0x4d0
[   82.639623][ T5948]  kmem_cache_alloc_node+0x150/0x330
[   82.644922][ T5948]  __alloc_skb+0x108/0x2c0
[   82.649345][ T5948]  inet_netconf_notify_devconf+0x173/0x230
[   82.655155][ T5948]  inetdev_event+0xf0f/0x15c0
[   82.659840][ T5948]  notifier_call_chain+0x197/0x390
[   82.664956][ T5948]  dev_change_name+0x5d4/0x8a0
[   82.669725][ T5948]  do_setlink+0xa15/0x3fb0
[   82.674131][ T5948]  rtnl_newlink+0x175b/0x2020
[   82.678807][ T5948]  rtnetlink_rcv_msg+0x7c7/0xf10
[   82.683752][ T5948] 
[   82.686086][ T5948] Memory state around the buggy address:
[   82.691724][ T5948]  ffffc90003267c00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3
[   82.699791][ T5948]  ffffc90003267c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   82.707859][ T5948] >ffffc90003267d00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 02 f3 f3 f3
[   82.715929][ T5948]                                                        ^
[   82.723109][ T5948]  ffffc90003267d80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[   82.731258][ T5948]  ffffc90003267e00: f1 f1 f1 f1 04 f2 00 00 f2 f2 00 00 f3 f3 f3 f3
[   82.739360][ T5948] ==================================================================
[   82.748935][ T5105] Bluetooth: hci0: command tx timeout
[   82.763585][ T5948] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   82.770807][ T5948] CPU: 1 PID: 5948 Comm: syz.0.17 Not tainted syzkaller #0
[   82.778009][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   82.788057][ T5948] Call Trace:
[   82.791339][ T5948]  <TASK>
[   82.794264][ T5948]  dump_stack_lvl+0x16c/0x230
[   82.798974][ T5948]  ? show_regs_print_info+0x20/0x20
[   82.804189][ T5948]  ? load_image+0x3b0/0x3b0
[   82.808692][ T5948]  panic+0x2c0/0x710
[   82.812590][ T5948]  ? bpf_jit_dump+0xd0/0xd0
[   82.817104][ T5948]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[   82.823006][ T5948]  ? _raw_spin_unlock+0x40/0x40
[   82.827857][ T5948]  ? print_memory_metadata+0x314/0x400
[   82.833310][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.837894][ T5948]  check_panic_on_warn+0x84/0xa0
[   82.842833][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.847436][ T5948]  end_report+0x6f/0x140
[   82.851685][ T5948]  kasan_report+0x128/0x150
[   82.856184][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.860778][ T5948]  kasan_check_range+0x288/0x290
[   82.865714][ T5948]  ? cp2112_xfer+0x714/0xf00
[   82.870386][ T5948]  __asan_memcpy+0x29/0x70
[   82.874799][ T5948]  cp2112_xfer+0x714/0xf00
[   82.879206][ T5948]  ? cp2112_i2c_xfer+0xe70/0xe70
[   82.884126][ T5948]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[   82.890100][ T5948]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[   82.895981][ T5948]  __i2c_smbus_xfer+0x888/0x1d90
[   82.900908][ T5948]  ? cp2112_i2c_xfer+0xe70/0xe70
[   82.905833][ T5948]  ? i2c_smbus_write_i2c_block_data+0x1b0/0x1b0
[   82.912069][ T5948]  ? rt_mutex_adjust_prio_chain+0x2400/0x2400
[   82.918126][ T5948]  ? i2c_smbus_xfer+0x121/0x3a0
[   82.922962][ T5948]  i2c_smbus_xfer+0x267/0x3a0
[   82.927636][ T5948]  ? i2c_smbus_read_byte+0x1b0/0x1b0
[   82.932907][ T5948]  ? __might_fault+0xaa/0x120
[   82.937570][ T5948]  ? __might_fault+0xc6/0x120
[   82.942236][ T5948]  ? __might_fault+0xaa/0x120
[   82.946899][ T5948]  i2cdev_ioctl_smbus+0x423/0x670
[   82.951913][ T5948]  ? i2cdev_ioctl_rdwr+0x690/0x690
[   82.957011][ T5948]  ? __might_fault+0xaa/0x120
[   82.961674][ T5948]  ? __might_fault+0xc6/0x120
[   82.966331][ T5948]  ? __might_fault+0xaa/0x120
[   82.970995][ T5948]  i2cdev_ioctl+0x5d1/0x7e0
[   82.975490][ T5948]  ? i2cdev_write+0x120/0x120
[   82.980160][ T5948]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[   82.986125][ T5948]  ? bpf_lsm_file_ioctl+0x9/0x10
[   82.991047][ T5948]  ? security_file_ioctl+0x80/0xa0
[   82.996151][ T5948]  ? i2cdev_write+0x120/0x120
[   83.000812][ T5948]  __se_sys_ioctl+0xfd/0x170
[   83.005391][ T5948]  do_syscall_64+0x55/0xb0
[   83.009793][ T5948]  ? clear_bhb_loop+0x40/0x90
[   83.014474][ T5948]  ? clear_bhb_loop+0x40/0x90
[   83.019138][ T5948]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   83.025016][ T5948] RIP: 0033:0x7fee68f8f749
[   83.029427][ T5948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.049016][ T5948] RSP: 002b:00007ffe1934d5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   83.057419][ T5948] RAX: ffffffffffffffda RBX: 00007fee691e5fa0 RCX: 00007fee68f8f749
[   83.065381][ T5948] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000004
[   83.073358][ T5948] RBP: 00007fee69013f91 R08: 0000000000000000 R09: 0000000000000000
[   83.081327][ T5948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   83.089288][ T5948] R13: 00007fee691e5fa0 R14: 00007fee691e5fa0 R15: 0000000000000003
[   83.097256][ T5948]  </TASK>
[   83.100551][ T5948] Kernel Offset: disabled
[   83.104866][ T5948] Rebooting in 86400 seconds..