Warning: Permanently added '10.128.1.34' (ED25519) to the list of known hosts.
2026/01/07 16:35:12 parsed 1 programs
[   64.030530][ T5766] cgroup: Unknown subsys name 'net'
[   64.188956][ T5766] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   65.555697][ T5766] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   67.360560][ T2991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.369895][ T2991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.398292][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.406196][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.129025][ T5805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.137497][ T5805] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.147148][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.161214][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.174550][ T5805] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   68.182027][ T5805] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.203152][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   70.279675][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.291262][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.298538][ T5851] bridge_slave_0: entered allmulticast mode
[   70.305955][ T5851] bridge_slave_0: entered promiscuous mode
[   70.315127][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.322309][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.329660][ T5851] bridge_slave_1: entered allmulticast mode
[   70.336512][ T5851] bridge_slave_1: entered promiscuous mode
[   70.365225][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.377589][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.414863][ T5851] team0: Port device team_slave_0 added
[   70.423705][ T5851] team0: Port device team_slave_1 added
[   70.458384][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.465538][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.491741][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.505578][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.513028][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.538930][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.584935][ T5851] hsr_slave_0: entered promiscuous mode
[   70.591419][ T5851] hsr_slave_1: entered promiscuous mode
[   70.710504][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   70.736401][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   70.760173][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   70.789009][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   70.854255][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.876749][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   70.888416][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.895894][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.920571][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.927704][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.098232][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.146893][ T5851] veth0_vlan: entered promiscuous mode
[   71.160402][ T5851] veth1_vlan: entered promiscuous mode
[   71.191804][ T5851] veth0_macvtap: entered promiscuous mode
[   71.201651][ T5851] veth1_macvtap: entered promiscuous mode
[   71.235075][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.250253][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.271927][ T5851] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.280973][ T5851] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.290775][ T5851] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.300309][ T5851] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.479831][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[   71.491634][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[   71.662773][  T990] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/07 16:35:21 executed programs: 0
[   71.790317][ T5805] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   71.800771][ T5805] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   71.809968][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   71.819668][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   71.828510][ T5805] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   71.835946][ T5805] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   71.960028][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   72.010379][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.017983][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.026248][ T5875] bridge_slave_0: entered allmulticast mode
[   72.033215][ T5875] bridge_slave_0: entered promiscuous mode
[   72.040831][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.048279][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.055549][ T5875] bridge_slave_1: entered allmulticast mode
[   72.062186][ T5875] bridge_slave_1: entered promiscuous mode
[   72.091884][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.105225][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.135967][ T5875] team0: Port device team_slave_0 added
[   72.144294][ T5875] team0: Port device team_slave_1 added
[   72.164435][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.171398][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.197514][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.210677][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.218302][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.244377][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.284866][ T5875] hsr_slave_0: entered promiscuous mode
[   72.291344][ T5875] hsr_slave_1: entered promiscuous mode
[   72.297668][ T5875] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   72.306345][ T5875] Cannot create hsr debugfs directory
[   73.873161][ T5082] Bluetooth: hci0: command tx timeout
[   74.043116][  T990] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.953673][ T5082] Bluetooth: hci0: command tx timeout
[   76.273430][  T990] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.336700][  T990] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.378381][ T5875] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.389923][ T5875] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.400548][ T5875] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.420031][  T990] hsr_slave_0: left promiscuous mode
[   77.426675][  T990] hsr_slave_1: left promiscuous mode
[   77.433511][  T990] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.440990][  T990] batman_adv: batadv0: Removing interface: batadv_slave_0
[   77.449889][  T990] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.457714][  T990] batman_adv: batadv0: Removing interface: batadv_slave_1
[   77.467379][  T990] bridge_slave_1: left allmulticast mode
[   77.473539][  T990] bridge_slave_1: left promiscuous mode
[   77.479868][  T990] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.490317][  T990] bridge_slave_0: left allmulticast mode
[   77.496939][  T990] bridge_slave_0: left promiscuous mode
[   77.503217][  T990] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.523752][  T990] veth1_macvtap: left promiscuous mode
[   77.529461][  T990] veth0_macvtap: left promiscuous mode
[   77.535793][  T990] veth1_vlan: left promiscuous mode
[   77.541229][  T990] veth0_vlan: left promiscuous mode
[   77.877225][  T990] team0 (unregistering): Port device team_slave_1 removed
[   77.909699][  T990] team0 (unregistering): Port device team_slave_0 removed
[   77.939341][  T990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   77.974071][  T990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   78.032937][ T5082] Bluetooth: hci0: command tx timeout
[   78.253035][  T990] bond0 (unregistering): Released all slaves
[   78.331994][ T5875] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.418243][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.435957][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   78.457062][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.464447][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.489045][ T1317] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.496226][ T1317] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.688661][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.736922][ T5875] veth0_vlan: entered promiscuous mode
[   78.751196][ T5875] veth1_vlan: entered promiscuous mode
[   78.775231][ T5875] veth0_macvtap: entered promiscuous mode
[   78.784256][ T5875] veth1_macvtap: entered promiscuous mode
[   78.799759][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.815958][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.830237][ T5875] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.840098][ T5875] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.850154][ T5875] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.859150][ T5875] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.920665][ T1317] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.934070][ T1317] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.958452][ T2991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2026/01/07 16:35:28 executed programs: 2
[   78.967649][ T2991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.011066][ T5927] syz.0.17[5927]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   79.025381][ T5927] loop0: detected capacity change from 0 to 128
[   79.038232][ T5927] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   79.051651][ T5927] unable to read i-node block
[   79.059626][ T5927] syz.0.17: attempt to access beyond end of device
[   79.059626][ T5927] loop0: rw=2049, sector=6491536, nr_sectors = 2 limit=128
[   79.074616][ T5927] Buffer I/O error on dev loop0, logical block 3245768, lost async page write
[   79.084667][ T5927] sysv_free_inode: unable to read inode block on device loop0
[   79.096934][ T5875] sysv_free_block: flc_count > flc_size
[   79.103706][ T5875] sysv_free_block: flc_count > flc_size
[   79.109275][ T5875] sysv_free_block: flc_count > flc_size
[   79.114968][ T5875] sysv_free_block: flc_count > flc_size
[   79.120521][ T5875] sysv_free_block: flc_count > flc_size
[   79.127017][ T5875] sysv_free_block: flc_count > flc_size
[   79.132651][ T5875] sysv_free_block: flc_count > flc_size
[   79.138220][ T5875] sysv_free_block: flc_count > flc_size
[   79.145108][ T5875] sysv_free_block: flc_count > flc_size
[   79.150679][ T5875] sysv_free_block: flc_count > flc_size
[   79.158124][ T5875] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   79.197596][ T5928] loop0: detected capacity change from 0 to 128
[   79.214526][ T5928] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   79.225679][ T5928] unable to read i-node block
[   79.230553][ T5928] syz.0.18: attempt to access beyond end of device
[   79.230553][ T5928] loop0: rw=2049, sector=6491536, nr_sectors = 2 limit=128
[   79.244547][ T5928] Buffer I/O error on dev loop0, logical block 3245768, lost async page write
[   79.253686][ T5928] sysv_free_inode: unable to read inode block on device loop0
[   79.266722][ T5875] sysv_free_block: flc_count > flc_size
[   79.272295][ T5875] sysv_free_block: flc_count > flc_size
[   79.279054][ T5875] sysv_free_block: flc_count > flc_size
[   79.287438][ T5875] sysv_free_block: flc_count > flc_size
[   79.293410][ T5875] sysv_free_block: flc_count > flc_size
[   79.298953][ T5875] sysv_free_block: flc_count > flc_size
[   79.304650][ T5875] sysv_free_block: flc_count > flc_size
[   79.310194][ T5875] sysv_free_block: flc_count > flc_size
[   79.316129][ T5875] sysv_free_block: flc_count > flc_size
[   79.321994][ T5875] sysv_free_block: flc_count > flc_size
[   79.329786][ T5875] sysv_free_inode: inode 0,1,2 or nonexistent inode
[   79.363625][ T5929] loop0: detected capacity change from 0 to 128
[   79.371406][ T5929] VFS: Found a Xenix FS (block size = 1024) on device loop0
[   79.385393][ T5929] ==================================================================
[   79.393494][ T5929] BUG: KASAN: use-after-free in sysv_new_inode+0x10c5/0x1270
[   79.400899][ T5929] Read of size 2 at addr ffff88806ede71ce by task syz.0.19/5929
[   79.408541][ T5929] 
[   79.410883][ T5929] CPU: 0 PID: 5929 Comm: syz.0.19 Not tainted syzkaller #0
[   79.418090][ T5929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   79.428172][ T5929] Call Trace:
[   79.431461][ T5929]  <TASK>
[   79.434413][ T5929]  dump_stack_lvl+0x16c/0x230
[   79.439107][ T5929]  ? __lock_acquire+0x7c80/0x7c80
[   79.444238][ T5929]  ? show_regs_print_info+0x20/0x20
[   79.449466][ T5929]  ? load_image+0x3b0/0x3b0
[   79.454006][ T5929]  ? __virt_addr_valid+0x469/0x540
[   79.459134][ T5929]  print_report+0xac/0x220
[   79.463565][ T5929]  ? sysv_new_inode+0x10c5/0x1270
[   79.468610][ T5929]  kasan_report+0x117/0x150
[   79.473120][ T5929]  ? sysv_new_inode+0x10c5/0x1270
[   79.478160][ T5929]  sysv_new_inode+0x10c5/0x1270
[   79.483026][ T5929]  ? __lock_acquire+0x7c80/0x7c80
[   79.488032][ T5929]  ? do_raw_spin_lock+0x121/0x2c0
[   79.493041][ T5929]  ? sysv_free_inode+0x7e0/0x7e0
[   79.497973][ T5929]  ? _raw_spin_unlock+0x28/0x40
[   79.502808][ T5929]  ? __d_add+0x4ec/0x810
[   79.507032][ T5929]  ? sysv_inode_by_name+0xe1/0x140
[   79.512211][ T5929]  sysv_mknod+0x4e/0xe0
[   79.516345][ T5929]  ? sysv_lookup+0xe0/0xe0
[   79.520739][ T5929]  path_openat+0x1277/0x3190
[   79.525325][ T5929]  ? do_filp_open+0x3d0/0x3d0
[   79.529992][ T5929]  do_filp_open+0x1c5/0x3d0
[   79.534478][ T5929]  ? vfs_tmpfile+0x490/0x490
[   79.539059][ T5929]  ? _raw_spin_unlock+0x28/0x40
[   79.543892][ T5929]  ? alloc_fd+0x58f/0x630
[   79.548202][ T5929]  do_sys_openat2+0x12c/0x1c0
[   79.552868][ T5929]  ? do_sys_open+0xe0/0xe0
[   79.557286][ T5929]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[   79.563253][ T5929]  ? lock_chain_count+0x20/0x20
[   79.568083][ T5929]  __x64_sys_openat+0x139/0x160
[   79.572919][ T5929]  do_syscall_64+0x55/0xb0
[   79.577312][ T5929]  ? clear_bhb_loop+0x40/0x90
[   79.581964][ T5929]  ? clear_bhb_loop+0x40/0x90
[   79.586707][ T5929]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   79.592585][ T5929] RIP: 0033:0x7fc233b8f749
[   79.596987][ T5929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.616587][ T5929] RSP: 002b:00007ffec5b4b178 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   79.624991][ T5929] RAX: ffffffffffffffda RBX: 00007fc233de5fa0 RCX: 00007fc233b8f749
[   79.632957][ T5929] RDX: 0000000000000d40 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   79.640936][ T5929] RBP: 00007fc233c13f91 R08: 0000000000000000 R09: 0000000000000000
[   79.649081][ T5929] R10: 00000000000000d2 R11: 0000000000000246 R12: 0000000000000000
[   79.657124][ T5929] R13: 00007fc233de5fa0 R14: 00007fc233de5fa0 R15: 0000000000000004
[   79.665289][ T5929]  </TASK>
[   79.668384][ T5929] 
[   79.670858][ T5929] The buggy address belongs to the physical page:
[   79.677259][ T5929] page:ffffea0001bb79c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6ede7
[   79.687486][ T5929] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   79.694585][ T5929] page_type: 0xffffffff()
[   79.698892][ T5929] raw: 00fff00000000000 ffffea0001bb7a08 ffffea0001bc45c8 0000000000000000
[   79.707451][ T5929] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   79.716398][ T5929] page dumped because: kasan: bad access detected
[   79.722819][ T5929] page_owner tracks the page as freed
[   79.728195][ T5929] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5844, tgid 5844 (syz-executor), ts 69840468789, free_ts 70060976776
[   79.745913][ T5929]  post_alloc_hook+0x1cd/0x210
[   79.750667][ T5929]  get_page_from_freelist+0x195c/0x19f0
[   79.756198][ T5929]  __alloc_pages+0x1e3/0x460
[   79.760770][ T5929]  __folio_alloc+0x10/0x20
[   79.765178][ T5929]  vma_alloc_folio+0x47a/0x8f0
[   79.769954][ T5929]  handle_mm_fault+0x1820/0x4920
[   79.774899][ T5929]  do_user_addr_fault+0x738/0x12e0
[   79.780011][ T5929]  exc_page_fault+0x67/0x110
[   79.784614][ T5929]  asm_exc_page_fault+0x26/0x30
[   79.789468][ T5929] page last free stack trace:
[   79.794138][ T5929]  free_unref_page_prepare+0x7ce/0x8e0
[   79.799615][ T5929]  free_unref_page_list+0xbe/0x860
[   79.804726][ T5929]  release_pages+0x1fa0/0x2220
[   79.809470][ T5929]  tlb_flush_mmu+0x368/0x4f0
[   79.814060][ T5929]  tlb_finish_mmu+0xc3/0x1d0
[   79.818666][ T5929]  exit_mmap+0x3f0/0xb50
[   79.822916][ T5929]  __mmput+0x118/0x3c0
[   79.826984][ T5929]  exit_mm+0x1da/0x2c0
[   79.831060][ T5929]  do_exit+0x88e/0x23c0
[   79.835228][ T5929]  do_group_exit+0x21b/0x2d0
[   79.839842][ T5929]  get_signal+0x12fc/0x1400
[   79.844363][ T5929]  arch_do_signal_or_restart+0x9c/0x7b0
[   79.850013][ T5929]  exit_to_user_mode_loop+0x70/0x110
[   79.855555][ T5929]  exit_to_user_mode_prepare+0xf6/0x180
[   79.861091][ T5929]  syscall_exit_to_user_mode+0x1a/0x50
[   79.866539][ T5929]  do_syscall_64+0x61/0xb0
[   79.870950][ T5929] 
[   79.873263][ T5929] Memory state around the buggy address:
[   79.878888][ T5929]  ffff88806ede7080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.887020][ T5929]  ffff88806ede7100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.895062][ T5929] >ffff88806ede7180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.903121][ T5929]                                               ^
[   79.909536][ T5929]  ffff88806ede7200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.917613][ T5929]  ffff88806ede7280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   79.925970][ T5929] ==================================================================
[   79.948091][ T5929] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   79.955376][ T5929] CPU: 0 PID: 5929 Comm: syz.0.19 Not tainted syzkaller #0
[   79.962580][ T5929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   79.972635][ T5929] Call Trace:
[   79.975924][ T5929]  <TASK>
[   79.979214][ T5929]  dump_stack_lvl+0x16c/0x230
[   79.983977][ T5929]  ? show_regs_print_info+0x20/0x20
[   79.989295][ T5929]  ? load_image+0x3b0/0x3b0
[   79.993834][ T5929]  panic+0x2c0/0x710
[   79.997744][ T5929]  ? bpf_jit_dump+0xd0/0xd0
[   80.002342][ T5929]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[   80.008245][ T5929]  ? _raw_spin_unlock+0x40/0x40
[   80.013103][ T5929]  ? print_memory_metadata+0x314/0x400
[   80.018661][ T5929]  ? sysv_new_inode+0x10c5/0x1270
[   80.023699][ T5929]  check_panic_on_warn+0x84/0xa0
[   80.028642][ T5929]  ? sysv_new_inode+0x10c5/0x1270
[   80.033700][ T5929]  end_report+0x6f/0x140
[   80.037963][ T5929]  kasan_report+0x128/0x150
[   80.042490][ T5929]  ? sysv_new_inode+0x10c5/0x1270
[   80.047540][ T5929]  sysv_new_inode+0x10c5/0x1270
[   80.052426][ T5929]  ? __lock_acquire+0x7c80/0x7c80
[   80.057616][ T5929]  ? do_raw_spin_lock+0x121/0x2c0
[   80.062656][ T5929]  ? sysv_free_inode+0x7e0/0x7e0
[   80.067607][ T5929]  ? _raw_spin_unlock+0x28/0x40
[   80.072466][ T5929]  ? __d_add+0x4ec/0x810
[   80.076720][ T5929]  ? sysv_inode_by_name+0xe1/0x140
[   80.081982][ T5929]  sysv_mknod+0x4e/0xe0
[   80.086330][ T5929]  ? sysv_lookup+0xe0/0xe0
[   80.090778][ T5929]  path_openat+0x1277/0x3190
[   80.095680][ T5929]  ? do_filp_open+0x3d0/0x3d0
[   80.100377][ T5929]  do_filp_open+0x1c5/0x3d0
[   80.104895][ T5929]  ? vfs_tmpfile+0x490/0x490
[   80.109513][ T5929]  ? _raw_spin_unlock+0x28/0x40
[   80.112737][ T5082] Bluetooth: hci0: command tx timeout
[   80.119830][ T5929]  ? alloc_fd+0x58f/0x630
[   80.124874][ T5929]  do_sys_openat2+0x12c/0x1c0
[   80.129746][ T5929]  ? do_sys_open+0xe0/0xe0
[   80.134176][ T5929]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[   80.140175][ T5929]  ? lock_chain_count+0x20/0x20
[   80.145039][ T5929]  __x64_sys_openat+0x139/0x160
[   80.149908][ T5929]  do_syscall_64+0x55/0xb0
[   80.154336][ T5929]  ? clear_bhb_loop+0x40/0x90
[   80.159192][ T5929]  ? clear_bhb_loop+0x40/0x90
[   80.163974][ T5929]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   80.170059][ T5929] RIP: 0033:0x7fc233b8f749
[   80.174487][ T5929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.194177][ T5929] RSP: 002b:00007ffec5b4b178 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   80.202601][ T5929] RAX: ffffffffffffffda RBX: 00007fc233de5fa0 RCX: 00007fc233b8f749
[   80.210571][ T5929] RDX: 0000000000000d40 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   80.218536][ T5929] RBP: 00007fc233c13f91 R08: 0000000000000000 R09: 0000000000000000
[   80.226579][ T5929] R10: 00000000000000d2 R11: 0000000000000246 R12: 0000000000000000
[   80.234629][ T5929] R13: 00007fc233de5fa0 R14: 00007fc233de5fa0 R15: 0000000000000004
[   80.242616][ T5929]  </TASK>
[   80.245964][ T5929] Kernel Offset: disabled
[   80.250363][ T5929] Rebooting in 86400 seconds..