Warning: Permanently added '10.128.1.226' (ED25519) to the list of known hosts.
2025/10/06 07:03:45 parsed 1 programs
[  121.227760][ T6185] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  124.877276][ T5161] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  124.885024][ T5161] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  124.893434][ T5161] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  124.902939][ T5161] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  124.913473][ T5161] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  125.463797][ T3174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.471973][ T3174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.521471][ T3174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.529469][ T3174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.688415][ T6252] chnl_net:caif_netlink_parms(): no params data found
[  126.782627][ T6252] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.790381][ T6252] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.797942][ T6252] bridge_slave_0: entered allmulticast mode
[  126.805617][ T6252] bridge_slave_0: entered promiscuous mode
[  126.813779][ T6252] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.821118][ T6252] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.828613][ T6252] bridge_slave_1: entered allmulticast mode
[  126.835612][ T6252] bridge_slave_1: entered promiscuous mode
[  126.865261][ T6252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.878283][ T6252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.912647][ T6252] team0: Port device team_slave_0 added
[  126.920838][ T6252] team0: Port device team_slave_1 added
[  126.953864][ T6252] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.960978][ T6252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  126.987162][ T6252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.000420][ T6252] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.007924][ T6252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  127.034024][ T6252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.071547][ T6252] hsr_slave_0: entered promiscuous mode
[  127.078153][ T6252] hsr_slave_1: entered promiscuous mode
[  127.577174][ T6252] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  127.588746][ T6252] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  127.604222][ T6252] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  127.616809][ T6252] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  127.711775][ T6252] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.735966][ T6252] 8021q: adding VLAN 0 to HW filter on device team0
[  127.750508][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.757700][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.778812][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.785984][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.064359][ T6252] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.122793][ T6252] veth0_vlan: entered promiscuous mode
[  128.138080][ T6252] veth1_vlan: entered promiscuous mode
[  128.181883][ T6252] veth0_macvtap: entered promiscuous mode
[  128.199775][ T6252] veth1_macvtap: entered promiscuous mode
[  128.225480][ T6252] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.242919][ T6252] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.263438][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.284322][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.300248][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.315256][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.448228][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.541094][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.592209][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.670379][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/06 07:03:58 executed programs: 0
[  130.044635][ T5161] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  130.053780][ T5161] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  130.066438][ T5161] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  130.075000][ T5161] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  130.083239][ T5161] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  130.324961][ T6363] chnl_net:caif_netlink_parms(): no params data found
[  130.448972][ T6363] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.457311][ T6363] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.464532][ T6363] bridge_slave_0: entered allmulticast mode
[  130.473214][ T6363] bridge_slave_0: entered promiscuous mode
[  130.482897][ T6363] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.490386][ T6363] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.497999][ T6363] bridge_slave_1: entered allmulticast mode
[  130.505857][ T6363] bridge_slave_1: entered promiscuous mode
[  130.550257][ T6363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.563278][ T6363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.652142][ T6363] team0: Port device team_slave_0 added
[  130.663357][ T6363] team0: Port device team_slave_1 added
[  130.753923][ T6363] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.762460][ T6363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  130.790252][ T6363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  130.804422][   T13] bridge_slave_1: left allmulticast mode
[  130.810689][   T13] bridge_slave_1: left promiscuous mode
[  130.816899][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.828811][   T13] bridge_slave_0: left allmulticast mode
[  130.834488][   T13] bridge_slave_0: left promiscuous mode
[  130.840720][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.174463][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.185867][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.197125][   T13] bond0 (unregistering): Released all slaves
[  131.214346][ T6363] batman_adv: batadv0: Adding interface: batadv_slave_1
[  131.223000][ T6363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  131.249872][ T6363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  131.315701][   T13] hsr_slave_0: left promiscuous mode
[  131.322170][   T13] hsr_slave_1: left promiscuous mode
[  131.328843][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  131.336785][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  131.344840][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  131.354029][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  131.373335][   T13] veth1_macvtap: left promiscuous mode
[  131.379134][   T13] veth0_macvtap: left promiscuous mode
[  131.384798][   T13] veth1_vlan: left promiscuous mode
[  131.390305][   T13] veth0_vlan: left promiscuous mode
[  131.865352][   T13] team0 (unregistering): Port device team_slave_1 removed
[  131.906505][   T13] team0 (unregistering): Port device team_slave_0 removed
[  132.106495][ T5161] Bluetooth: hci0: command tx timeout
[  132.290897][ T6363] hsr_slave_0: entered promiscuous mode
[  132.306930][ T6363] hsr_slave_1: entered promiscuous mode
[  132.837357][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.843928][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.139947][ T6363] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  133.153404][ T6363] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  133.165368][ T6363] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  133.180636][ T6363] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  133.285168][ T6363] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.311458][ T6363] 8021q: adding VLAN 0 to HW filter on device team0
[  133.327038][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.334190][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.351955][ T3174] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.359146][ T3174] bridge0: port 2(bridge_slave_1) entered forwarding state
[  133.617724][ T6363] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.683389][ T6363] veth0_vlan: entered promiscuous mode
[  133.697245][ T6363] veth1_vlan: entered promiscuous mode
[  133.738350][ T6363] veth0_macvtap: entered promiscuous mode
[  133.749083][ T6363] veth1_macvtap: entered promiscuous mode
[  133.772384][ T6363] batman_adv: batadv0: Interface activated: batadv_slave_0
[  133.791175][ T6363] batman_adv: batadv0: Interface activated: batadv_slave_1
[  133.805247][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.814626][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.827045][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.839289][   T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.906512][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.915345][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.940374][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.948958][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  134.186410][ T5161] Bluetooth: hci0: command tx timeout
[  134.226469][ T5880] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  134.379306][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.390558][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.400889][ T5880] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  134.410471][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.421647][ T5880] usb 1-1: config 0 descriptor??
[  134.840496][ T5880] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  134.847816][ T5880] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  134.854785][ T5880] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  134.862384][ T5880] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  134.870543][ T5880] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  134.877662][ T5880] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  134.884635][ T5880] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  134.895136][ T5880] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[  135.034719][ T5880] cp2112 0003:10C4:EA90.0001: Part Number: 0x00 Device Version: 0x00
[  135.636732][ T6474] ==================================================================
[  135.644809][ T6474] BUG: KASAN: stack-out-of-bounds in cp2112_xfer+0x713/0xf10
[  135.652290][ T6474] Read of size 34 at addr ffffc900030a7d21 by task syz.0.17/6474
[  135.660004][ T6474] 
[  135.662344][ T6474] CPU: 1 UID: 0 PID: 6474 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  135.662367][ T6474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  135.662386][ T6474] Call Trace:
[  135.662394][ T6474]  <TASK>
[  135.662402][ T6474]  dump_stack_lvl+0x189/0x250
[  135.662419][ T6474]  ? cp2112_xfer+0x713/0xf10
[  135.662435][ T6474]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.662446][ T6474]  ? __pfx__printk+0x10/0x10
[  135.662466][ T6474]  ? __virt_addr_valid+0xdc/0x5c0
[  135.662491][ T6474]  ? __virt_addr_valid+0xdc/0x5c0
[  135.662517][ T6474]  print_report+0xca/0x240
[  135.662537][ T6474]  ? cp2112_xfer+0x713/0xf10
[  135.662558][ T6474]  kasan_report+0x118/0x150
[  135.662579][ T6474]  ? cp2112_xfer+0x713/0xf10
[  135.662594][ T6474]  kasan_check_range+0x2b0/0x2c0
[  135.662613][ T6474]  ? cp2112_xfer+0x713/0xf10
[  135.662637][ T6474]  __asan_memcpy+0x29/0x70
[  135.662660][ T6474]  cp2112_xfer+0x713/0xf10
[  135.662688][ T6474]  ? validate_chain+0x897/0x2140
[  135.662707][ T6474]  ? __pfx_cp2112_xfer+0x10/0x10
[  135.662724][ T6474]  __i2c_smbus_xfer+0x5b3/0x1e50
[  135.662734][ T6474]  ? __lock_acquire+0xab9/0xd20
[  135.662743][ T6474]  ? __pfx_cp2112_xfer+0x10/0x10
[  135.662759][ T6474]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  135.662778][ T6474]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  135.662806][ T6474]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.662825][ T6474]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  135.662855][ T6474]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  135.662872][ T6474]  ? rt_mutex_lock_nested+0x15e/0x1e0
[  135.662884][ T6474]  i2c_smbus_xfer+0x275/0x3c0
[  135.662901][ T6474]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[  135.662927][ T6474]  i2cdev_ioctl_smbus+0x43d/0x6d0
[  135.662954][ T6474]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  135.662985][ T6474]  i2cdev_ioctl+0x5d3/0x7f0
[  135.663004][ T6474]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  135.663016][ T6474]  ? __fget_files+0x2a/0x420
[  135.663030][ T6474]  ? __fget_files+0x3a0/0x420
[  135.663045][ T6474]  ? bpf_lsm_file_ioctl+0x9/0x20
[  135.663056][ T6474]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  135.663078][ T6474]  __se_sys_ioctl+0xf9/0x170
[  135.663101][ T6474]  do_syscall_64+0xfa/0x3b0
[  135.663119][ T6474]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.663136][ T6474]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.663152][ T6474]  ? clear_bhb_loop+0x60/0xb0
[  135.663163][ T6474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.663172][ T6474] RIP: 0033:0x7fb14ed8eba9
[  135.663187][ T6474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.663196][ T6474] RSP: 002b:00007fb14fcb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  135.663216][ T6474] RAX: ffffffffffffffda RBX: 00007fb14efd5fa0 RCX: 00007fb14ed8eba9
[  135.663230][ T6474] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[  135.663243][ T6474] RBP: 00007fb14ee11e19 R08: 0000000000000000 R09: 0000000000000000
[  135.663254][ T6474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  135.663266][ T6474] R13: 00007fb14efd6038 R14: 00007fb14efd5fa0 R15: 00007fff8beabc08
[  135.663288][ T6474]  </TASK>
[  135.663294][ T6474] 
[  135.970170][ T6474] The buggy address belongs to stack of task syz.0.17/6474
[  135.977361][ T6474]  and is located at offset 33 in frame:
[  135.982997][ T6474]  i2cdev_ioctl_smbus+0x0/0x6d0
[  135.987871][ T6474] 
[  135.990186][ T6474] This frame has 1 object:
[  135.994598][ T6474]  [32, 66) 'temp'
[  135.994614][ T6474] 
[  136.000637][ T6474] The buggy address belongs to a 8-page vmalloc region starting at 0xffffc900030a0000 allocated at copy_process+0x54b/0x3c00
[  136.013572][ T6474] The buggy address belongs to the physical page:
[  136.020000][ T6474] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a431
[  136.028775][ T6474] memcg:ffff88803170f302
[  136.033033][ T6474] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  136.040173][ T6474] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  136.048754][ T6474] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88803170f302
[  136.057365][ T6474] page dumped because: kasan: bad access detected
[  136.063791][ T6474] page_owner tracks the page as allocated
[  136.069515][ T6474] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 2, tgid 2 (kthreadd), ts 127630219970, free_ts 127597971257
[  136.088457][ T6474]  post_alloc_hook+0x240/0x2a0
[  136.093237][ T6474]  get_page_from_freelist+0x2365/0x2440
[  136.098779][ T6474]  __alloc_frozen_pages_noprof+0x181/0x370
[  136.104616][ T6474]  alloc_pages_mpol+0x232/0x4a0
[  136.109461][ T6474]  alloc_pages_noprof+0xa9/0x190
[  136.114407][ T6474]  __vmalloc_node_range_noprof+0x96c/0x12d0
[  136.120291][ T6474]  __vmalloc_node_noprof+0xc2/0x110
[  136.125485][ T6474]  dup_task_struct+0x3d4/0x830
[  136.130258][ T6474]  copy_process+0x54b/0x3c00
[  136.134847][ T6474]  kernel_clone+0x21e/0x840
[  136.139363][ T6474]  kernel_thread+0x10d/0x160
[  136.143961][ T6474]  kthreadd+0x575/0x770
[  136.148123][ T6474]  ret_from_fork+0x439/0x7d0
[  136.152717][ T6474]  ret_from_fork_asm+0x1a/0x30
[  136.157475][ T6474] page last free pid 23 tgid 23 stack trace:
[  136.163448][ T6474]  __free_frozen_pages+0xbc4/0xd30
[  136.168556][ T6474]  tlb_remove_table_rcu+0x85/0x100
[  136.173683][ T6474]  rcu_core+0xcab/0x1770
[  136.177941][ T6474]  handle_softirqs+0x283/0x870
[  136.182717][ T6474]  run_ksoftirqd+0x9b/0x100
[  136.187228][ T6474]  smpboot_thread_fn+0x542/0xa60
[  136.192166][ T6474]  kthread+0x70e/0x8a0
[  136.196241][ T6474]  ret_from_fork+0x439/0x7d0
[  136.200836][ T6474]  ret_from_fork_asm+0x1a/0x30
[  136.205607][ T6474] 
[  136.207914][ T6474] Memory state around the buggy address:
[  136.213542][ T6474]  ffffc900030a7c00: 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00
[  136.221599][ T6474]  ffffc900030a7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  136.229662][ T6474] >ffffc900030a7d00: f1 f1 f1 f1 00 00 00 00 02 f3 f3 f3 f3 f3 f3 f3
[  136.237727][ T6474]                                            ^
[  136.243970][ T6474]  ffffc900030a7d80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[  136.252071][ T6474]  ffffc900030a7e00: 04 f2 00 00 f2 f2 00 00 f3 f3 f3 f3 00 00 00 00
[  136.260135][ T6474] ==================================================================
[  136.266361][ T5161] Bluetooth: hci0: command tx timeout
[  136.274759][ T6474] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  136.281981][ T6474] CPU: 1 UID: 0 PID: 6474 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[  136.291089][ T6474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  136.301139][ T6474] Call Trace:
[  136.304410][ T6474]  <TASK>
[  136.307329][ T6474]  dump_stack_lvl+0x99/0x250
[  136.311914][ T6474]  ? __asan_memcpy+0x40/0x70
[  136.316497][ T6474]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.321748][ T6474]  ? __pfx__printk+0x10/0x10
[  136.326339][ T6474]  vpanic+0x237/0x6d0
[  136.330322][ T6474]  ? __pfx_vpanic+0x10/0x10
[  136.334813][ T6474]  ? preempt_schedule+0xae/0xc0
[  136.339661][ T6474]  ? __pfx_preempt_schedule+0x10/0x10
[  136.345037][ T6474]  panic+0xb9/0xc0
[  136.348775][ T6474]  ? __pfx_panic+0x10/0x10
[  136.353203][ T6474]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  136.359099][ T6474]  ? cp2112_xfer+0x713/0xf10
[  136.363690][ T6474]  check_panic_on_warn+0x89/0xb0
[  136.368626][ T6474]  ? cp2112_xfer+0x713/0xf10
[  136.373210][ T6474]  end_report+0x78/0x160
[  136.377451][ T6474]  kasan_report+0x129/0x150
[  136.381956][ T6474]  ? cp2112_xfer+0x713/0xf10
[  136.386549][ T6474]  kasan_check_range+0x2b0/0x2c0
[  136.391487][ T6474]  ? cp2112_xfer+0x713/0xf10
[  136.396079][ T6474]  __asan_memcpy+0x29/0x70
[  136.400487][ T6474]  cp2112_xfer+0x713/0xf10
[  136.404903][ T6474]  ? validate_chain+0x897/0x2140
[  136.409833][ T6474]  ? __pfx_cp2112_xfer+0x10/0x10
[  136.414776][ T6474]  __i2c_smbus_xfer+0x5b3/0x1e50
[  136.419702][ T6474]  ? __lock_acquire+0xab9/0xd20
[  136.424542][ T6474]  ? __pfx_cp2112_xfer+0x10/0x10
[  136.429480][ T6474]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  136.434841][ T6474]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  136.440739][ T6474]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.445928][ T6474]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  136.451818][ T6474]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  136.458142][ T6474]  ? rt_mutex_lock_nested+0x15e/0x1e0
[  136.463537][ T6474]  i2c_smbus_xfer+0x275/0x3c0
[  136.468252][ T6474]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[  136.473451][ T6474]  i2cdev_ioctl_smbus+0x43d/0x6d0
[  136.478470][ T6474]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  136.484015][ T6474]  i2cdev_ioctl+0x5d3/0x7f0
[  136.488508][ T6474]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  136.493532][ T6474]  ? __fget_files+0x2a/0x420
[  136.498118][ T6474]  ? __fget_files+0x3a0/0x420
[  136.502795][ T6474]  ? bpf_lsm_file_ioctl+0x9/0x20
[  136.507724][ T6474]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  136.512744][ T6474]  __se_sys_ioctl+0xf9/0x170
[  136.517328][ T6474]  do_syscall_64+0xfa/0x3b0
[  136.521847][ T6474]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.527043][ T6474]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.533107][ T6474]  ? clear_bhb_loop+0x60/0xb0
[  136.537861][ T6474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.543747][ T6474] RIP: 0033:0x7fb14ed8eba9
[  136.548185][ T6474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.567785][ T6474] RSP: 002b:00007fb14fcb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  136.576191][ T6474] RAX: ffffffffffffffda RBX: 00007fb14efd5fa0 RCX: 00007fb14ed8eba9
[  136.584150][ T6474] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[  136.592109][ T6474] RBP: 00007fb14ee11e19 R08: 0000000000000000 R09: 0000000000000000
[  136.600069][ T6474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  136.608037][ T6474] R13: 00007fb14efd6038 R14: 00007fb14efd5fa0 R15: 00007fff8beabc08
[  136.616007][ T6474]  </TASK>
[  136.619319][ T6474] Kernel Offset: disabled
[  136.623635][ T6474] Rebooting in 86400 seconds..