Warning: Permanently added '10.128.0.251' (ED25519) to the list of known hosts.
2026/04/02 08:20:01 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[   91.085889][ T4621] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   94.107438][  T144] ODEBUG: Out of memory. ODEBUG disabled
[   94.212209][ T4239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.240933][ T4239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.308666][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   94.337799][ T1200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.347427][ T1200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.363480][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   94.531290][ T4695] chnl_net:caif_netlink_parms(): no params data found
[   94.566673][ T4695] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.575041][ T4695] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.584010][ T4695] device bridge_slave_0 entered promiscuous mode
[   94.592979][ T4695] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.601546][ T4695] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.609913][ T4695] device bridge_slave_1 entered promiscuous mode
[   94.626798][ T4695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.637915][ T4695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.657137][ T4695] team0: Port device team_slave_0 added
[   94.665623][ T4695] team0: Port device team_slave_1 added
[   94.680575][ T4695] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.688059][ T4695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.715212][ T4695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.729479][ T4695] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.736792][ T4695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.764691][ T4695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.792467][ T4695] device hsr_slave_0 entered promiscuous mode
[   94.799421][ T4695] device hsr_slave_1 entered promiscuous mode
[   95.284708][ T4695] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.296008][ T4695] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.332340][ T4695] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.343706][ T4695] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.436129][ T4695] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.454955][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   95.465068][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   95.495101][ T4695] 8021q: adding VLAN 0 to HW filter on device team0
[   95.505652][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   95.516201][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   95.527324][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.534855][ T1200] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.545566][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   95.557754][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   95.569389][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   95.579411][ T4270] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.587135][ T4270] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.622519][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   95.634041][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   95.654726][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   95.668024][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   95.678055][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   95.689427][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   95.699332][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   95.713641][ T4695] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   95.727742][ T4695] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   95.738444][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   95.749235][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   95.902447][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   95.911024][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   95.926269][ T4695] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.955514][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   95.965998][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   95.992932][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   96.002644][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   96.015144][ T4695] device veth0_vlan entered promiscuous mode
[   96.022942][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   96.032564][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   96.045223][ T4695] device veth1_vlan entered promiscuous mode
[   96.073182][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   96.082713][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   96.093137][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   96.103268][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   96.114438][ T4695] device veth0_macvtap entered promiscuous mode
[   96.127293][ T4695] device veth1_macvtap entered promiscuous mode
[   96.155165][ T4695] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.164164][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   96.181837][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   96.200740][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   96.219010][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   96.233648][ T4695] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.249939][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   96.261665][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   96.274957][ T4695] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.284599][ T4695] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.295970][ T4695] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.308315][ T4695] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/04/02 08:20:10 executed programs: 0
[   97.410206][ T4814] chnl_net:caif_netlink_parms(): no params data found
[   97.521794][ T4814] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.529325][ T4814] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.544338][ T4814] device bridge_slave_0 entered promiscuous mode
[   97.553426][ T4814] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.566400][ T4814] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.581179][ T4814] device bridge_slave_1 entered promiscuous mode
[   97.634194][ T4814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.652521][ T4814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.695509][ T4814] team0: Port device team_slave_0 added
[   97.719084][ T4814] team0: Port device team_slave_1 added
[   97.744847][ T4814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.752426][ T4814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.783152][ T4814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.799269][ T4814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.809260][ T4814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.840962][ T4814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.886911][ T4814] device hsr_slave_0 entered promiscuous mode
[   97.910946][ T4814] device hsr_slave_1 entered promiscuous mode
[   97.917839][ T4814] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.933529][ T4814] Cannot create hsr debugfs directory
[   98.022636][ T4814] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.272472][ T4862] Bluetooth: hci0: command 0x0409 tx timeout
[  100.886300][ T4814] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.925343][ T4814] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.967144][ T4814] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.066343][ T4814] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.075609][ T4814] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.092141][ T4814] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.100737][ T4814] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.145902][ T4814] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.157839][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.166548][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.184909][ T4814] 8021q: adding VLAN 0 to HW filter on device team0
[  101.194604][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.203595][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.213263][ T4270] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.220467][ T4270] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.229531][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  101.249394][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.258543][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.267531][ T4239] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.275172][ T4239] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.286029][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.306589][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.317784][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.327418][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.350299][ T4861] Bluetooth: hci0: command 0x041b tx timeout
[  101.357537][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.365939][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.375611][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.384422][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.393368][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.402867][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.411926][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.428907][ T4814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.504978][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  101.513557][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  101.534944][ T4814] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.556491][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  101.565887][ T4270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.587955][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.597160][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.607374][ T4814] device veth0_vlan entered promiscuous mode
[  101.616960][  T144] device hsr_slave_0 left promiscuous mode
[  101.624231][  T144] device hsr_slave_1 left promiscuous mode
[  101.631211][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.638880][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.647115][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.655025][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.664331][  T144] device bridge_slave_1 left promiscuous mode
[  101.670876][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.679420][  T144] device bridge_slave_0 left promiscuous mode
[  101.686913][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.697070][  T144] device veth1_macvtap left promiscuous mode
[  101.703332][  T144] device veth0_macvtap left promiscuous mode
[  101.709705][  T144] device veth1_vlan left promiscuous mode
[  101.716332][  T144] device veth0_vlan left promiscuous mode
[  101.820067][  T144] team0 (unregistering): Port device team_slave_1 removed
[  101.837490][  T144] team0 (unregistering): Port device team_slave_0 removed
[  101.851557][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  101.864657][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  101.908639][  T144] bond0 (unregistering): Released all slaves
[  101.947980][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.956813][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.969526][ T4814] device veth1_vlan entered promiscuous mode
[  101.998040][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  102.008561][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  102.017018][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  102.026244][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  102.036956][ T4814] device veth0_macvtap entered promiscuous mode
[  102.046254][ T4814] device veth1_macvtap entered promiscuous mode
[  102.065277][ T4814] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.077447][ T4814] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.086846][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  102.095650][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  102.103906][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  102.112764][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  102.121978][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  102.131015][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  102.142089][ T4814] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.151276][ T4814] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.161007][ T4814] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.170522][ T4814] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.231898][ T4239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.245654][ T4239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.253726][ T1200] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  102.273971][ T4239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
2026/04/02 08:20:15 executed programs: 2
[  102.282162][ T4239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.291273][ T4239] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  102.372334][ T5065] loop0: detected capacity change from 0 to 4096
[  102.384255][ T5065] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  102.428123][ T5065] ntfs: volume version 3.1.
[  102.645273][ T5067] loop0: detected capacity change from 0 to 4096
[  102.773618][ T5067] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  102.846659][ T5067] ntfs: volume version 3.1.
[  102.865733][ T5067] ==================================================================
[  102.874870][ T5067] BUG: KASAN: use-after-free in ntfs_readpage+0x85a/0x2260
[  102.882298][ T5067] Read of size 10 at addr ffff888069da5170 by task syz.0.18/5067
[  102.890550][ T5067] 
[  102.892990][ T5067] CPU: 1 PID: 5067 Comm: syz.0.18 Not tainted syzkaller #0
[  102.900684][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  102.910854][ T5067] Call Trace:
[  102.914340][ T5067]  <TASK>
[  102.917358][ T5067]  dump_stack_lvl+0x188/0x250
[  102.922130][ T5067]  ? show_regs_print_info+0x20/0x20
[  102.927737][ T5067]  ? _printk+0xda/0x130
[  102.932162][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  102.937203][ T5067]  ? load_image+0x400/0x400
[  102.941990][ T5067]  print_address_description+0x60/0x2d0
[  102.948178][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  102.953520][ T5067]  kasan_report+0xdf/0x130
[  102.958387][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  102.963529][ T5067]  kasan_check_range+0x235/0x290
[  102.968844][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  102.974042][ T5067]  memcpy+0x25/0x60
[  102.978641][ T5067]  ntfs_readpage+0x85a/0x2260
[  102.983742][ T5067]  ? rcu_lock_release+0x5/0x20
[  102.988619][ T5067]  ? ntfs_writepage+0x1360/0x1360
[  102.993737][ T5067]  ? xa_load+0x276/0x2a0
[  102.998278][ T5067]  ? readahead_page+0x299/0x3d0
[  103.003270][ T5067]  ? ntfs_writepage+0x1360/0x1360
[  103.008626][ T5067]  read_pages+0x61f/0x930
[  103.013082][ T5067]  ? page_cache_ra_unbounded+0x940/0x940
[  103.018819][ T5067]  ? add_to_page_cache_lru+0x2a8/0x4a0
[  103.024640][ T5067]  page_cache_ra_unbounded+0x838/0x940
[  103.030417][ T5067]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  103.037648][ T5067]  filemap_read+0x5de/0x2540
[  103.042522][ T5067]  ? rcu_lock_release+0x5/0x20
[  103.047719][ T5067]  ? find_get_pages_range_tag+0x470/0x470
[  103.053636][ T5067]  ? __kernel_text_address+0x9a/0x100
[  103.059201][ T5067]  ? unwind_get_return_address+0x49/0x80
[  103.065393][ T5067]  ? generic_file_read_iter+0x96/0x490
[  103.071049][ T5067]  ? memset+0x1e/0x40
[  103.075131][ T5067]  ? iov_iter_kvec+0xb4/0x170
[  103.079956][ T5067]  __kernel_read+0x517/0x960
[  103.084655][ T5067]  ? __kasan_kmalloc+0xcc/0xf0
[  103.089577][ T5067]  ? __kasan_kmalloc+0xb5/0xf0
[  103.094590][ T5067]  ? rw_verify_area+0x1b0/0x1b0
[  103.099911][ T5067]  integrity_kernel_read+0x86/0xd0
[  103.105394][ T5067]  ? integrity_inode_free+0x170/0x170
[  103.110921][ T5067]  ima_calc_file_hash+0x931/0x1920
[  103.116253][ T5067]  ? mark_lock+0x94/0x320
[  103.120961][ T5067]  ? __lock_acquire+0x13bc/0x7d10
[  103.126185][ T5067]  ? ima_alloc_tfm+0x2f0/0x2f0
[  103.131583][ T5067]  ? __mutex_trylock_common+0x155/0x260
[  103.137318][ T5067]  ? rcu_lock_release+0x20/0x20
[  103.142461][ T5067]  ima_collect_measurement+0x337/0x7c0
[  103.148479][ T5067]  ? ima_get_action+0xa0/0xa0
[  103.153303][ T5067]  process_measurement+0x113a/0x1ba0
[  103.159401][ T5067]  ? ima_file_mmap+0x150/0x150
[  103.165044][ T5067]  ? tomoyo_check_path_number_acl+0x280/0x280
[  103.171577][ T5067]  ima_file_check+0xc7/0x110
[  103.176344][ T5067]  ? ima_bprm_check+0x200/0x200
[  103.181391][ T5067]  path_openat+0x27a8/0x2fa0
[  103.186213][ T5067]  ? do_filp_open+0x410/0x410
[  103.191104][ T5067]  do_filp_open+0x1e2/0x410
[  103.196405][ T5067]  ? vfs_tmpfile+0x300/0x300
[  103.201020][ T5067]  ? _raw_spin_unlock+0x24/0x40
[  103.206033][ T5067]  ? alloc_fd+0x598/0x630
[  103.210688][ T5067]  do_sys_openat2+0x150/0x4b0
[  103.215534][ T5067]  ? __lock_acquire+0x7d10/0x7d10
[  103.221368][ T5067]  ? do_sys_open+0xe0/0xe0
[  103.226037][ T5067]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  103.232188][ T5067]  ? lock_chain_count+0x20/0x20
[  103.237161][ T5067]  ? vtime_user_exit+0x2c8/0x3e0
[  103.242412][ T5067]  __x64_sys_openat+0x135/0x160
[  103.248094][ T5067]  do_syscall_64+0x4c/0xa0
[  103.253224][ T5067]  ? clear_bhb_loop+0x30/0x80
[  103.258168][ T5067]  ? clear_bhb_loop+0x30/0x80
[  103.263693][ T5067]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  103.269983][ T5067] RIP: 0033:0x7fbb5e704799
[  103.274592][ T5067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.294855][ T5067] RSP: 002b:00007fbb5dd66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  103.303543][ T5067] RAX: ffffffffffffffda RBX: 00007fbb5e97dfa0 RCX: 00007fbb5e704799
[  103.312062][ T5067] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  103.320213][ T5067] RBP: 00007fbb5e79ac99 R08: 0000000000000000 R09: 0000000000000000
[  103.328669][ T5067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.336898][ T5067] R13: 00007fbb5e97e038 R14: 00007fbb5e97dfa0 R15: 00007ffe067267a8
[  103.345270][ T5067]  </TASK>
[  103.348278][ T5067] 
[  103.350700][ T5067] The buggy address belongs to the page:
[  103.356500][ T5067] page:ffffea0001a76940 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x69da5
[  103.367488][ T5067] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  103.374940][ T5067] raw: 00fff00000000000 ffffea0001a76a08 ffffea0001a76988 0000000000000000
[  103.383697][ T5067] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  103.392700][ T5067] page dumped because: kasan: bad access detected
[  103.399370][ T5067] page_owner tracks the page as freed
[  103.405078][ T5067] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 5067, ts 102612906473, free_ts 102644555882
[  103.421256][ T5067]  get_page_from_freelist+0x1bbd/0x1ca0
[  103.427172][ T5067]  __alloc_pages+0x1ee/0x480
[  103.431878][ T5067]  alloc_pages_vma+0x393/0x7c0
[  103.436991][ T5067]  handle_mm_fault+0x23be/0x4410
[  103.442122][ T5067]  do_user_addr_fault+0x489/0xc80
[  103.447315][ T5067]  exc_page_fault+0x60/0x100
[  103.452308][ T5067]  asm_exc_page_fault+0x22/0x30
[  103.457332][ T5067] page last free stack trace:
[  103.462511][ T5067]  free_unref_page_prepare+0x637/0x6c0
[  103.468039][ T5067]  free_unref_page_list+0x119/0x820
[  103.473416][ T5067]  release_pages+0x186c/0x1be0
[  103.478440][ T5067]  tlb_finish_mmu+0x176/0x300
[  103.483367][ T5067]  unmap_region+0x344/0x3b0
[  103.488037][ T5067]  __do_munmap+0x9f8/0xdf0
[  103.492987][ T5067]  __vm_munmap+0x140/0x240
[  103.497559][ T5067]  __x64_sys_munmap+0x67/0x70
[  103.502307][ T5067]  do_syscall_64+0x4c/0xa0
[  103.506713][ T5067]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  103.512766][ T5067] 
[  103.515248][ T5067] Memory state around the buggy address:
[  103.521048][ T5067]  ffff888069da5000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.529900][ T5067]  ffff888069da5080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.538232][ T5067] >ffff888069da5100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.548966][ T5067]                                                              ^
[  103.557373][ T5067]  ffff888069da5180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.565689][ T5067]  ffff888069da5200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.574595][ T5067] ==================================================================
[  103.583248][ T5067] Disabling lock debugging due to kernel taint
[  103.590942][ T5067] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  103.598537][ T5067] CPU: 1 PID: 5067 Comm: syz.0.18 Tainted: G    B             syzkaller #0
[  103.607407][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  103.618259][ T5067] Call Trace:
[  103.621725][ T5067]  <TASK>
[  103.624740][ T5067]  dump_stack_lvl+0x188/0x250
[  103.629560][ T5067]  ? show_regs_print_info+0x20/0x20
[  103.635077][ T5067]  ? load_image+0x400/0x400
[  103.639874][ T5067]  panic+0x2e5/0x810
[  103.643944][ T5067]  ? bpf_jit_dump+0xd0/0xd0
[  103.648823][ T5067]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  103.655263][ T5067]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  103.661678][ T5067]  ? _raw_spin_unlock+0x40/0x40
[  103.666623][ T5067]  ? print_memory_metadata+0x314/0x400
[  103.672344][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  103.677814][ T5067]  check_panic_on_warn+0x80/0xa0
[  103.683372][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  103.688933][ T5067]  end_report+0x6d/0xf0
[  103.693467][ T5067]  kasan_report+0x102/0x130
[  103.698239][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  103.703397][ T5067]  kasan_check_range+0x235/0x290
[  103.708696][ T5067]  ? ntfs_readpage+0x85a/0x2260
[  103.713665][ T5067]  memcpy+0x25/0x60
[  103.717645][ T5067]  ntfs_readpage+0x85a/0x2260
[  103.722311][ T5067]  ? rcu_lock_release+0x5/0x20
[  103.727259][ T5067]  ? ntfs_writepage+0x1360/0x1360
[  103.732711][ T5067]  ? xa_load+0x276/0x2a0
[  103.737026][ T5067]  ? readahead_page+0x299/0x3d0
[  103.741946][ T5067]  ? ntfs_writepage+0x1360/0x1360
[  103.747069][ T5067]  read_pages+0x61f/0x930
[  103.751480][ T5067]  ? page_cache_ra_unbounded+0x940/0x940
[  103.757425][ T5067]  ? add_to_page_cache_lru+0x2a8/0x4a0
[  103.762974][ T5067]  page_cache_ra_unbounded+0x838/0x940
[  103.768893][ T5067]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  103.776286][ T5067]  filemap_read+0x5de/0x2540
[  103.781094][ T5067]  ? rcu_lock_release+0x5/0x20
[  103.786263][ T5067]  ? find_get_pages_range_tag+0x470/0x470
[  103.792319][ T5067]  ? __kernel_text_address+0x9a/0x100
[  103.798397][ T5067]  ? unwind_get_return_address+0x49/0x80
[  103.804206][ T5067]  ? generic_file_read_iter+0x96/0x490
[  103.810078][ T5067]  ? memset+0x1e/0x40
[  103.814153][ T5067]  ? iov_iter_kvec+0xb4/0x170
[  103.818906][ T5067]  __kernel_read+0x517/0x960
[  103.824223][ T5067]  ? __kasan_kmalloc+0xcc/0xf0
[  103.828979][ T5067]  ? __kasan_kmalloc+0xb5/0xf0
[  103.833906][ T5067]  ? rw_verify_area+0x1b0/0x1b0
[  103.838933][ T5067]  integrity_kernel_read+0x86/0xd0
[  103.845067][ T5067]  ? integrity_inode_free+0x170/0x170
[  103.852333][ T5067]  ima_calc_file_hash+0x931/0x1920
[  103.858001][ T5067]  ? mark_lock+0x94/0x320
[  103.862849][ T5067]  ? __lock_acquire+0x13bc/0x7d10
[  103.868956][ T5067]  ? ima_alloc_tfm+0x2f0/0x2f0
[  103.873920][ T5067]  ? __mutex_trylock_common+0x155/0x260
[  103.879905][ T5067]  ? rcu_lock_release+0x20/0x20
[  103.885184][ T5067]  ima_collect_measurement+0x337/0x7c0
[  103.891176][ T5067]  ? ima_get_action+0xa0/0xa0
[  103.896069][ T5067]  process_measurement+0x113a/0x1ba0
[  103.901716][ T5067]  ? ima_file_mmap+0x150/0x150
[  103.906752][ T5067]  ? tomoyo_check_path_number_acl+0x280/0x280
[  103.913503][ T5067]  ima_file_check+0xc7/0x110
[  103.918082][ T5067]  ? ima_bprm_check+0x200/0x200
[  103.923017][ T5067]  path_openat+0x27a8/0x2fa0
[  103.928050][ T5067]  ? do_filp_open+0x410/0x410
[  103.933551][ T5067]  do_filp_open+0x1e2/0x410
[  103.938312][ T5067]  ? vfs_tmpfile+0x300/0x300
[  103.943278][ T5067]  ? _raw_spin_unlock+0x24/0x40
[  103.948483][ T5067]  ? alloc_fd+0x598/0x630
[  103.952982][ T5067]  do_sys_openat2+0x150/0x4b0
[  103.957962][ T5067]  ? __lock_acquire+0x7d10/0x7d10
[  103.963659][ T5067]  ? do_sys_open+0xe0/0xe0
[  103.968395][ T5067]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  103.975122][ T5067]  ? lock_chain_count+0x20/0x20
[  103.980157][ T5067]  ? vtime_user_exit+0x2c8/0x3e0
[  103.985767][ T5067]  __x64_sys_openat+0x135/0x160
[  103.990981][ T5067]  do_syscall_64+0x4c/0xa0
[  103.995780][ T5067]  ? clear_bhb_loop+0x30/0x80
[  104.000893][ T5067]  ? clear_bhb_loop+0x30/0x80
[  104.006000][ T5067]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  104.011989][ T5067] RIP: 0033:0x7fbb5e704799
[  104.016490][ T5067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.036780][ T5067] RSP: 002b:00007fbb5dd66028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  104.045463][ T5067] RAX: ffffffffffffffda RBX: 00007fbb5e97dfa0 RCX: 00007fbb5e704799
[  104.053703][ T5067] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  104.062028][ T5067] RBP: 00007fbb5e79ac99 R08: 0000000000000000 R09: 0000000000000000
[  104.070961][ T5067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.079729][ T5067] R13: 00007fbb5e97e038 R14: 00007fbb5e97dfa0 R15: 00007ffe067267a8
[  104.087881][ T5067]  </TASK>
[  104.091751][ T5067] Kernel Offset: disabled
[  104.096353][ T5067] Rebooting in 86400 seconds..