no interfaces have a carrier
[   55.095126][ T5458] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.120017][ T5458] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK

syzkaller
syzkaller login: [   92.029410][ T2134] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts.
2025/12/05 09:04:39 parsed 1 programs
[  107.238806][ T5807] cgroup: Unknown subsys name 'net'
[  107.405901][ T5807] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  109.131811][ T5807] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  113.111284][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  113.122386][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  113.130531][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  113.139453][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  113.147391][ T5859] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  113.154749][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  113.904054][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.928760][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.974697][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.982956][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.601647][ T5882] chnl_net:caif_netlink_parms(): no params data found
[  114.715095][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.726484][ T5882] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.734760][ T5882] bridge_slave_0: entered allmulticast mode
[  114.742954][ T5882] bridge_slave_0: entered promiscuous mode
[  114.752127][ T5882] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.759749][ T5882] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.767070][ T5882] bridge_slave_1: entered allmulticast mode
[  114.774217][ T5882] bridge_slave_1: entered promiscuous mode
[  114.805346][ T5882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.817218][ T5882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.851144][ T5882] team0: Port device team_slave_0 added
[  114.860733][ T5882] team0: Port device team_slave_1 added
[  114.903821][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.911013][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.937370][ T5882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.965830][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.972915][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.999077][ T5882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.048294][ T5882] hsr_slave_0: entered promiscuous mode
[  115.054756][ T5882] hsr_slave_1: entered promiscuous mode
[  115.232951][ T5882] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  115.257325][ T5882] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  115.268055][ T5882] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  115.278269][ T5882] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  115.410509][ T5882] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.465746][ T5882] 8021q: adding VLAN 0 to HW filter on device team0
[  115.480401][ T3450] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.487780][ T3450] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.503680][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.510891][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.805056][ T5882] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.849901][ T5882] veth0_vlan: entered promiscuous mode
[  115.862038][ T5882] veth1_vlan: entered promiscuous mode
[  115.892929][ T5882] veth0_macvtap: entered promiscuous mode
[  115.902733][ T5882] veth1_macvtap: entered promiscuous mode
[  115.923999][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.940482][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.952529][ T5882] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.962620][ T5882] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.971548][ T5882] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.980459][ T5882] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.130670][   T55] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/12/05 09:04:51 executed programs: 0
[  116.491868][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  116.502736][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  116.512458][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  116.521085][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  116.529107][ T5859] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  116.536700][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  116.706611][ T5907] chnl_net:caif_netlink_parms(): no params data found
[  116.785326][ T5907] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.792912][ T5907] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.800492][ T5907] bridge_slave_0: entered allmulticast mode
[  116.807985][ T5907] bridge_slave_0: entered promiscuous mode
[  116.819107][ T5907] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.826293][ T5907] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.833740][ T5907] bridge_slave_1: entered allmulticast mode
[  116.841255][ T5907] bridge_slave_1: entered promiscuous mode
[  116.875000][ T5907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.887947][ T5907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.929455][ T5907] team0: Port device team_slave_0 added
[  116.939627][ T5907] team0: Port device team_slave_1 added
[  116.969729][ T5907] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.977008][ T5907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.003226][ T5907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.016205][ T5907] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.024262][ T5907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.050490][ T5907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  117.112959][ T5907] hsr_slave_0: entered promiscuous mode
[  117.119740][ T5907] hsr_slave_1: entered promiscuous mode
[  117.125908][ T5907] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  117.134097][ T5907] Cannot create hsr debugfs directory
[  118.521045][   T55] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.588283][ T5859] Bluetooth: hci0: command tx timeout
[  120.667286][ T5859] Bluetooth: hci0: command tx timeout
[  120.852406][   T55] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.902220][   T55] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.776589][   T55] hsr_slave_0: left promiscuous mode
[  121.785862][   T55] hsr_slave_1: left promiscuous mode
[  121.796181][   T55] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  121.806089][   T55] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.814847][   T55] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  121.825913][   T55] batman_adv: batadv0: Removing interface: batadv_slave_1
[  121.834047][   T55] bridge_slave_1: left allmulticast mode
[  121.842016][   T55] bridge_slave_1: left promiscuous mode
[  121.848877][   T55] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.864386][   T55] bridge_slave_0: left allmulticast mode
[  121.871830][   T55] bridge_slave_0: left promiscuous mode
[  121.879964][   T55] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.919562][   T55] veth1_macvtap: left promiscuous mode
[  121.925532][   T55] veth0_macvtap: left promiscuous mode
[  121.931301][   T55] veth1_vlan: left promiscuous mode
[  121.939297][   T55] veth0_vlan: left promiscuous mode
[  122.433092][   T55] team0 (unregistering): Port device team_slave_1 removed
[  122.474583][   T55] team0 (unregistering): Port device team_slave_0 removed
[  122.523291][   T55] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  122.600266][   T55] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.747281][ T5859] Bluetooth: hci0: command tx timeout
[  122.935140][   T55] bond0 (unregistering): Released all slaves
[  123.008082][ T5907] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  123.018567][ T5907] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  123.029616][ T5907] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  123.042947][ T5907] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  123.149882][ T5907] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.177648][ T5907] 8021q: adding VLAN 0 to HW filter on device team0
[  123.191689][ T1097] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.198871][ T1097] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.218115][ T3450] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.225285][ T3450] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.445328][ T5907] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.490432][ T5907] veth0_vlan: entered promiscuous mode
[  123.509572][ T5907] veth1_vlan: entered promiscuous mode
[  123.545228][ T5907] veth0_macvtap: entered promiscuous mode
[  123.560591][ T5907] veth1_macvtap: entered promiscuous mode
[  123.580887][ T5907] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.600856][ T5907] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.613085][ T5907] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.621890][ T5907] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.631146][ T5907] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.640449][ T5907] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.719946][ T3469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.729128][ T3469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.755334][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.763811][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.823383][ T5964] syz.0.17[5964]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  124.066549][ T5964] loop0: detected capacity change from 0 to 32768
[  124.131588][ T5964] ==================================================================
[  124.139727][ T5964] BUG: KASAN: slab-use-after-free in jfs_readdir+0x1173/0x3a90
[  124.147422][ T5964] Read of size 8 at addr ffff888077c32318 by task syz.0.17/5964
[  124.155067][ T5964] 
[  124.157418][ T5964] CPU: 0 PID: 5964 Comm: syz.0.17 Not tainted syzkaller #0
[  124.164621][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  124.174702][ T5964] Call Trace:
[  124.177995][ T5964]  <TASK>
[  124.180980][ T5964]  dump_stack_lvl+0x16c/0x230
[  124.185684][ T5964]  ? __lock_acquire+0x7c80/0x7c80
[  124.190720][ T5964]  ? show_regs_print_info+0x20/0x20
[  124.195935][ T5964]  ? load_image+0x3b0/0x3b0
[  124.200445][ T5964]  ? __virt_addr_valid+0x469/0x540
[  124.205586][ T5964]  print_report+0xac/0x220
[  124.210065][ T5964]  ? jfs_readdir+0x1173/0x3a90
[  124.214857][ T5964]  kasan_report+0x117/0x150
[  124.219394][ T5964]  ? jfs_readdir+0x1173/0x3a90
[  124.224179][ T5964]  jfs_readdir+0x1173/0x3a90
[  124.228832][ T5964]  ? dtInitRoot+0x670/0x670
[  124.233359][ T5964]  ? __up_read+0x280/0x670
[  124.237803][ T5964]  ? down_write+0x162/0x1f0
[  124.242334][ T5964]  ? down_read_killable+0x340/0x340
[  124.247573][ T5964]  ? end_current_label_crit_section+0x149/0x170
[  124.253829][ T5964]  ? dtInitRoot+0x670/0x670
[  124.258352][ T5964]  wrap_directory_iterator+0x92/0xd0
[  124.263650][ T5964]  iterate_dir+0x1c2/0x580
[  124.268085][ T5964]  __se_sys_getdents64+0xe9/0x260
[  124.273123][ T5964]  ? __x64_sys_getdents64+0x80/0x80
[  124.278333][ T5964]  ? filldir+0x680/0x680
[  124.282591][ T5964]  ? lockdep_hardirqs_on+0x98/0x150
[  124.287801][ T5964]  do_syscall_64+0x55/0xb0
[  124.292232][ T5964]  ? clear_bhb_loop+0x40/0x90
[  124.296953][ T5964]  ? clear_bhb_loop+0x40/0x90
[  124.301660][ T5964]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.307567][ T5964] RIP: 0033:0x7f4c4938f749
[  124.312004][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.331637][ T5964] RSP: 002b:00007ffed5a29fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  124.340175][ T5964] RAX: ffffffffffffffda RBX: 00007f4c495e5fa0 RCX: 00007f4c4938f749
[  124.348159][ T5964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  124.356138][ T5964] RBP: 00007f4c49413f91 R08: 0000000000000000 R09: 0000000000000000
[  124.364120][ T5964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  124.372099][ T5964] R13: 00007f4c495e5fa0 R14: 00007f4c495e5fa0 R15: 0000000000000003
[  124.380102][ T5964]  </TASK>
[  124.383129][ T5964] 
[  124.385465][ T5964] Allocated by task 5964:
[  124.389791][ T5964]  kasan_set_track+0x4e/0x70
[  124.394402][ T5964]  __kasan_slab_alloc+0x6c/0x80
[  124.399260][ T5964]  slab_post_alloc_hook+0x6e/0x4d0
[  124.404381][ T5964]  kmem_cache_alloc+0x11e/0x2e0
[  124.409245][ T5964]  mempool_alloc+0x1a1/0x4f0
[  124.413846][ T5964]  __get_metapage+0x54c/0xfa0
[  124.418532][ T5964]  dtSplitRoot+0x203/0x16b0
[  124.423048][ T5964]  dtInsert+0xeec/0x5f40
[  124.427312][ T5964]  jfs_create+0x6a1/0xa40
[  124.431653][ T5964]  path_openat+0x1277/0x3190
[  124.436259][ T5964]  do_filp_open+0x1c5/0x3d0
[  124.440775][ T5964]  do_sys_openat2+0x12c/0x1c0
[  124.445465][ T5964]  __x64_sys_openat+0x139/0x160
[  124.450321][ T5964]  do_syscall_64+0x55/0xb0
[  124.454747][ T5964]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.460653][ T5964] 
[  124.462979][ T5964] Freed by task 5964:
[  124.466973][ T5964]  kasan_set_track+0x4e/0x70
[  124.471566][ T5964]  kasan_save_free_info+0x2e/0x50
[  124.476598][ T5964]  ____kasan_slab_free+0x126/0x1e0
[  124.481713][ T5964]  slab_free_freelist_hook+0x130/0x1b0
[  124.487185][ T5964]  kmem_cache_free+0xf8/0x280
[  124.491870][ T5964]  release_metapage+0x6ed/0x870
[  124.496720][ T5964]  jfs_readdir+0xeb2/0x3a90
[  124.501243][ T5964]  wrap_directory_iterator+0x92/0xd0
[  124.506534][ T5964]  iterate_dir+0x1c2/0x580
[  124.510957][ T5964]  __se_sys_getdents64+0xe9/0x260
[  124.515988][ T5964]  do_syscall_64+0x55/0xb0
[  124.520419][ T5964]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.526312][ T5964] 
[  124.528651][ T5964] The buggy address belongs to the object at ffff888077c322e8
[  124.528651][ T5964]  which belongs to the cache jfs_mp of size 184
[  124.542272][ T5964] The buggy address is located 48 bytes inside of
[  124.542272][ T5964]  freed 184-byte region [ffff888077c322e8, ffff888077c323a0)
[  124.556078][ T5964] 
[  124.558418][ T5964] The buggy address belongs to the physical page:
[  124.564840][ T5964] page:ffffea0001df0c80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77c32
[  124.575023][ T5964] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[  124.582598][ T5964] page_type: 0xffffffff()
[  124.586948][ T5964] raw: 00fff00000000800 ffff888142ac8780 dead000000000122 0000000000000000
[  124.595547][ T5964] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  124.604136][ T5964] page dumped because: kasan: bad access detected
[  124.610559][ T5964] page_owner tracks the page as allocated
[  124.616275][ T5964] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5964, tgid 5964 (syz.0.17), ts 124113860587, free_ts 123822472099
[  124.637419][ T5964]  post_alloc_hook+0x1cd/0x210
[  124.642218][ T5964]  get_page_from_freelist+0x195c/0x19f0
[  124.647803][ T5964]  __alloc_pages+0x1e3/0x460
[  124.652514][ T5964]  alloc_slab_page+0x5d/0x170
[  124.657217][ T5964]  new_slab+0x87/0x2e0
[  124.661318][ T5964]  ___slab_alloc+0xc6d/0x1300
[  124.666033][ T5964]  kmem_cache_alloc+0x1b7/0x2e0
[  124.670912][ T5964]  mempool_alloc+0x1a1/0x4f0
[  124.675511][ T5964]  __get_metapage+0x54c/0xfa0
[  124.680276][ T5964]  diRead+0x1f7/0xb90
[  124.684271][ T5964]  jfs_iget+0x90/0x440
[  124.688350][ T5964]  jfs_fill_super+0x70c/0xac0
[  124.693031][ T5964]  mount_bdev+0x22b/0x2d0
[  124.697451][ T5964]  legacy_get_tree+0xea/0x180
[  124.702139][ T5964]  vfs_get_tree+0x8c/0x280
[  124.706565][ T5964]  do_new_mount+0x24b/0xa40
[  124.711159][ T5964] page last free stack trace:
[  124.715834][ T5964]  free_unref_page_prepare+0x7ce/0x8e0
[  124.721307][ T5964]  free_unref_page+0x32/0x2e0
[  124.726007][ T5964]  __unfreeze_partials+0x1cf/0x210
[  124.731156][ T5964]  put_cpu_partial+0x17c/0x250
[  124.735934][ T5964]  __slab_free+0x31d/0x410
[  124.740369][ T5964]  qlist_free_all+0x75/0xe0
[  124.744883][ T5964]  kasan_quarantine_reduce+0x143/0x160
[  124.750352][ T5964]  __kasan_slab_alloc+0x22/0x80
[  124.755208][ T5964]  slab_post_alloc_hook+0x6e/0x4d0
[  124.760330][ T5964]  __kmem_cache_alloc_node+0x13e/0x260
[  124.765804][ T5964]  __kmalloc+0xa4/0x240
[  124.769970][ T5964]  tomoyo_realpath_from_path+0xe3/0x5d0
[  124.775544][ T5964]  tomoyo_path_perm+0x20f/0x4b0
[  124.780412][ T5964]  security_inode_getattr+0xd3/0x120
[  124.785707][ T5964]  __x64_sys_newfstat+0x101/0x1f0
[  124.790760][ T5964]  do_syscall_64+0x55/0xb0
[  124.795199][ T5964] 
[  124.797529][ T5964] Memory state around the buggy address:
[  124.803177][ T5964]  ffff888077c32200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  124.811259][ T5964]  ffff888077c32280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fa fb fb
[  124.819338][ T5964] >ffff888077c32300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.827422][ T5964]                             ^
[  124.832278][ T5964]  ffff888077c32380: fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00
[  124.840343][ T5964]  ffff888077c32400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  124.848417][ T5964] ==================================================================
[  124.859798][ T5859] Bluetooth: hci0: command tx timeout
[  124.885704][ T5964] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  124.893218][ T5964] CPU: 0 PID: 5964 Comm: syz.0.17 Not tainted syzkaller #0
[  124.900425][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  124.910501][ T5964] Call Trace:
[  124.913790][ T5964]  <TASK>
[  124.916735][ T5964]  dump_stack_lvl+0x16c/0x230
[  124.921470][ T5964]  ? show_regs_print_info+0x20/0x20
[  124.926853][ T5964]  ? load_image+0x3b0/0x3b0
[  124.931370][ T5964]  panic+0x2c0/0x710
[  124.935271][ T5964]  ? bpf_jit_dump+0xd0/0xd0
[  124.939782][ T5964]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[  124.945682][ T5964]  ? _raw_spin_unlock+0x40/0x40
[  124.950547][ T5964]  ? print_memory_metadata+0x314/0x400
[  124.956020][ T5964]  ? jfs_readdir+0x1173/0x3a90
[  124.960801][ T5964]  check_panic_on_warn+0x84/0xa0
[  124.965754][ T5964]  ? jfs_readdir+0x1173/0x3a90
[  124.970538][ T5964]  end_report+0x6f/0x140
[  124.974793][ T5964]  kasan_report+0x128/0x150
[  124.979305][ T5964]  ? jfs_readdir+0x1173/0x3a90
[  124.984085][ T5964]  jfs_readdir+0x1173/0x3a90
[  124.988700][ T5964]  ? dtInitRoot+0x670/0x670
[  124.993246][ T5964]  ? __up_read+0x280/0x670
[  124.997669][ T5964]  ? down_write+0x162/0x1f0
[  125.002178][ T5964]  ? down_read_killable+0x340/0x340
[  125.007380][ T5964]  ? end_current_label_crit_section+0x149/0x170
[  125.013630][ T5964]  ? dtInitRoot+0x670/0x670
[  125.018251][ T5964]  wrap_directory_iterator+0x92/0xd0
[  125.023549][ T5964]  iterate_dir+0x1c2/0x580
[  125.027978][ T5964]  __se_sys_getdents64+0xe9/0x260
[  125.033026][ T5964]  ? __x64_sys_getdents64+0x80/0x80
[  125.038237][ T5964]  ? filldir+0x680/0x680
[  125.042492][ T5964]  ? lockdep_hardirqs_on+0x98/0x150
[  125.047692][ T5964]  do_syscall_64+0x55/0xb0
[  125.052126][ T5964]  ? clear_bhb_loop+0x40/0x90
[  125.056819][ T5964]  ? clear_bhb_loop+0x40/0x90
[  125.061510][ T5964]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  125.067413][ T5964] RIP: 0033:0x7f4c4938f749
[  125.071836][ T5964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.091629][ T5964] RSP: 002b:00007ffed5a29fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  125.100074][ T5964] RAX: ffffffffffffffda RBX: 00007f4c495e5fa0 RCX: 00007f4c4938f749
[  125.108057][ T5964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  125.116036][ T5964] RBP: 00007f4c49413f91 R08: 0000000000000000 R09: 0000000000000000
[  125.124015][ T5964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  125.132000][ T5964] R13: 00007f4c495e5fa0 R14: 00007f4c495e5fa0 R15: 0000000000000003
[  125.139989][ T5964]  </TASK>
[  125.143353][ T5964] Kernel Offset: disabled
[  125.147698][ T5964] Rebooting in 86400 seconds..