[   81.470293][  T144] device veth1_macvtap left promiscuous mode
[   81.484338][  T144] device veth0_macvtap left promiscuous mode
[   81.490488][  T144] device veth1_vlan left promiscuous mode
[   81.514385][  T144] device veth0_vlan left promiscuous mode
[   81.788535][  T144] team0 (unregistering): Port device team_slave_1 removed
[   81.806058][  T144] team0 (unregistering): Port device team_slave_0 removed
[   81.819796][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   81.838621][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   81.879452][ T1108] cfg80211: failed to load regulatory.db
[   81.918280][  T144] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.123' (ED25519) to the list of known hosts.
2026/06/16 02:07:15 parsed 1 programs
Setting up swapspace version 1, size = 127995904 bytes
[   93.302144][ T4690] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   95.320071][ T4789] chnl_net:caif_netlink_parms(): no params data found
[   95.381327][ T4789] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.388718][ T4789] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.398245][ T4789] device bridge_slave_0 entered promiscuous mode
[   95.410910][ T4789] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.419199][ T4789] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.427583][ T4789] device bridge_slave_1 entered promiscuous mode
[   95.457963][ T4789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.469972][ T4789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.503010][ T4789] team0: Port device team_slave_0 added
[   95.511604][ T4789] team0: Port device team_slave_1 added
[   95.535191][ T4789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.542185][ T4789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.569706][ T4789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.585508][ T4789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.592492][ T4789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.618577][ T4789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.648938][ T4789] device hsr_slave_0 entered promiscuous mode
[   95.656052][ T4789] device hsr_slave_1 entered promiscuous mode
[   96.232968][ T4789] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.256594][ T4789] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.276852][ T4789] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.294708][ T4789] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.343865][ T4789] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.351162][ T4789] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.358737][ T4789] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.366069][ T4789] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.386466][  T155] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.397097][  T155] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.461956][ T4789] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.476750][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   96.486723][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   96.506714][ T4789] 8021q: adding VLAN 0 to HW filter on device team0
[   96.526700][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   96.537242][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   96.563893][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.571033][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.588213][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   96.603838][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   96.612694][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.620027][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.631345][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   96.644395][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   96.673513][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   96.692063][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   96.713793][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   96.733905][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   96.742630][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   96.765182][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   96.784997][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   96.807065][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   96.824219][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   96.845162][ T4789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   97.049972][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   97.074250][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   97.087901][ T4789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.126609][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   97.136715][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   97.158485][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   97.167778][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   97.178715][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   97.187644][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   97.199818][ T4789] device veth0_vlan entered promiscuous mode
[   97.225808][ T4789] device veth1_vlan entered promiscuous mode
[   97.260376][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   97.269052][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   97.279803][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   97.289280][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   97.302647][ T4789] device veth0_macvtap entered promiscuous mode
[   97.318391][ T4789] device veth1_macvtap entered promiscuous mode
[   97.339623][ T4789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.349519][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   97.359717][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   97.369492][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   97.378434][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   97.394195][ T4789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.404671][ T4789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.421808][ T4789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.431578][ T4789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.440802][ T4789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.455808][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   97.465987][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   99.520249][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.534776][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.542418][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   99.571861][  T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.598581][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.608500][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.618254][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2026/06/16 02:07:26 executed programs: 0
[  100.840634][ T5029] chnl_net:caif_netlink_parms(): no params data found
[  100.903086][ T5029] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.910455][ T5029] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.918726][ T5029] device bridge_slave_0 entered promiscuous mode
[  100.927649][ T5029] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.935167][ T5029] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.943676][ T5029] device bridge_slave_1 entered promiscuous mode
[  100.967562][ T5029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.979478][ T5029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.003639][ T5029] team0: Port device team_slave_0 added
[  101.012551][ T5029] team0: Port device team_slave_1 added
[  101.033742][ T5029] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.040930][ T5029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.067740][ T5029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.080569][ T5029] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.087762][ T5029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.114110][ T5029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.149405][ T5029] device hsr_slave_0 entered promiscuous mode
[  101.156980][ T5029] device hsr_slave_1 entered promiscuous mode
[  101.164123][ T5029] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.172330][ T5029] Cannot create hsr debugfs directory
[  102.753601][ T4222] Bluetooth: hci0: command 0x0409 tx timeout
[  102.767016][  T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.832086][  T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.901881][  T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.702232][ T5029] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  103.711608][ T5029] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  103.722834][ T5029] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  103.747630][ T5029] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.792070][ T5029] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.820393][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  103.828639][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.842310][ T5029] 8021q: adding VLAN 0 to HW filter on device team0
[  103.858931][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.868192][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.877293][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.884538][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.892286][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  103.917902][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  103.927248][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.936219][  T151] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.943563][  T151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.959371][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  103.968215][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  104.003729][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  104.015478][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.025140][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.035178][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.044056][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  104.053086][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.061701][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  104.071087][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  104.079593][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.090843][ T5029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  104.196365][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  104.204458][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  104.231273][ T5029] 8021q: adding VLAN 0 to HW filter on device batadv0
[  104.250145][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  104.260507][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  104.281137][  T144] device hsr_slave_0 left promiscuous mode
[  104.288129][  T144] device hsr_slave_1 left promiscuous mode
[  104.295459][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.302878][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.311063][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.319145][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.327098][  T144] device bridge_slave_1 left promiscuous mode
[  104.333647][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.341875][  T144] device bridge_slave_0 left promiscuous mode
[  104.349663][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.361219][  T144] device veth1_macvtap left promiscuous mode
[  104.367375][  T144] device veth0_macvtap left promiscuous mode
[  104.373864][  T144] device veth1_vlan left promiscuous mode
[  104.379832][  T144] device veth0_vlan left promiscuous mode
[  104.513033][  T144] team0 (unregistering): Port device team_slave_1 removed
[  104.527987][  T144] team0 (unregistering): Port device team_slave_0 removed
[  104.541291][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  104.555347][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  104.604665][  T144] bond0 (unregistering): Released all slaves
[  104.652230][ T5029] device veth0_vlan entered promiscuous mode
[  104.662373][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  104.670868][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  104.685794][ T5029] device veth1_vlan entered promiscuous mode
[  104.692845][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  104.702208][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  104.710153][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  104.737470][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  104.752727][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  104.762505][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  104.775614][ T5029] device veth0_macvtap entered promiscuous mode
[  104.785112][ T5029] device veth1_macvtap entered promiscuous mode
[  104.805561][ T5029] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.819107][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  104.827841][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  104.836568][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  104.844195][ T4222] Bluetooth: hci0: command 0x041b tx timeout
[  104.846250][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  104.862848][ T5029] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.872729][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  104.881691][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  104.893089][ T5029] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.902159][ T5029] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.911397][ T5029] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.920582][ T5029] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.981138][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.991243][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.001482][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  105.022649][  T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.030606][  T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.038408][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  105.138729][ T5240] loop0: detected capacity change from 0 to 4096
[  105.162908][ T5240] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  105.249387][ T5240] ntfs: volume version 3.1.
[  105.419178][ T5242] loop0: detected capacity change from 0 to 4096
[  105.431901][ T5242] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  105.489428][ T5242] ntfs: volume version 3.1.
[  105.671460][ T5244] loop0: detected capacity change from 0 to 4096
[  105.685705][ T5244] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  105.750092][ T5244] ntfs: volume version 3.1.
2026/06/16 02:07:31 executed programs: 5
[  105.922279][ T5246] loop0: detected capacity change from 0 to 4096
[  105.939558][ T5246] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  105.998971][ T5246] ntfs: volume version 3.1.
[  106.019293][ T5246] ==================================================================
[  106.027706][ T5246] BUG: KASAN: use-after-free in ntfs_readpage+0x7f6/0x2140
[  106.034941][ T5246] Read of size 10 at addr ffff88806efc8170 by task syz.0.20/5246
[  106.042865][ T5246] 
[  106.045212][ T5246] CPU: 1 PID: 5246 Comm: syz.0.20 Not tainted syzkaller #0
[  106.052688][ T5246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  106.062859][ T5246] Call Trace:
[  106.066141][ T5246]  <TASK>
[  106.069077][ T5246]  dump_stack_lvl+0x188/0x250
[  106.073853][ T5246]  ? show_regs_print_info+0x20/0x20
[  106.079327][ T5246]  ? _printk+0xda/0x130
[  106.083506][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.088747][ T5246]  ? load_image+0x410/0x410
[  106.093306][ T5246]  print_address_description+0x60/0x2d0
[  106.098875][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.103994][ T5246]  kasan_report+0xdf/0x130
[  106.108409][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.113256][ T5246]  kasan_check_range+0x235/0x290
[  106.118184][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.123027][ T5246]  memcpy+0x25/0x60
[  106.126827][ T5246]  ntfs_readpage+0x7f6/0x2140
[  106.131500][ T5246]  ? __lock_acquire+0x7b50/0x7b50
[  106.136520][ T5246]  ? ntfs_writepage+0x1360/0x1360
[  106.141554][ T5246]  ? xa_load+0x276/0x2a0
[  106.145787][ T5246]  ? readahead_page+0x295/0x3d0
[  106.150661][ T5246]  ? ntfs_writepage+0x1360/0x1360
[  106.155685][ T5246]  read_pages+0x60a/0x920
[  106.160027][ T5246]  ? page_cache_ra_unbounded+0x8f0/0x8f0
[  106.165653][ T5246]  ? add_to_page_cache_lru+0x2ad/0x4a0
[  106.171100][ T5246]  page_cache_ra_unbounded+0x7f4/0x8f0
[  106.176647][ T5246]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  106.183532][ T5246]  ? blk_cgroup_congested+0x30b/0x390
[  106.189015][ T5246]  filemap_read+0x5ef/0x2560
[  106.193648][ T5246]  ? rcu_lock_release+0x5/0x20
[  106.198438][ T5246]  ? find_get_pages_range_tag+0x450/0x450
[  106.204232][ T5246]  ? __kernel_text_address+0x9a/0x100
[  106.209627][ T5246]  ? unwind_get_return_address+0x49/0x80
[  106.215284][ T5246]  ? generic_file_read_iter+0x94/0x480
[  106.220733][ T5246]  ? iov_iter_kvec+0xb4/0x170
[  106.225401][ T5246]  __kernel_read+0x51d/0x980
[  106.230063][ T5246]  ? __kasan_kmalloc+0xc6/0xe0
[  106.234817][ T5246]  ? __kasan_kmalloc+0xaf/0xe0
[  106.239573][ T5246]  ? rw_verify_area+0x1b0/0x1b0
[  106.244435][ T5246]  integrity_kernel_read+0x86/0xd0
[  106.249536][ T5246]  ? integrity_inode_free+0x170/0x170
[  106.254899][ T5246]  ima_calc_file_hash+0x946/0x1940
[  106.259999][ T5246]  ? mark_lock+0x94/0x320
[  106.264420][ T5246]  ? __lock_acquire+0x13dc/0x7b50
[  106.269466][ T5246]  ? ima_alloc_tfm+0x2f0/0x2f0
[  106.274234][ T5246]  ? __kernel_text_address+0x9a/0x100
[  106.279644][ T5246]  ? __mutex_trylock_common+0x15c/0x260
[  106.285189][ T5246]  ? rcu_lock_release+0x20/0x20
[  106.290226][ T5246]  ima_collect_measurement+0x335/0x7e0
[  106.295684][ T5246]  ? ima_get_action+0xa0/0xa0
[  106.300351][ T5246]  ? is_bad_inode+0x9/0x40
[  106.304771][ T5246]  process_measurement+0x1185/0x1c20
[  106.310174][ T5246]  ? ima_file_mmap+0x140/0x140
[  106.314924][ T5246]  ? tomoyo_check_path_number_acl+0x280/0x280
[  106.321411][ T5246]  ima_file_check+0xc7/0x110
[  106.326185][ T5246]  ? ima_bprm_check+0x200/0x200
[  106.331044][ T5246]  ? vfs_open+0x2b/0x80
[  106.335193][ T5246]  path_openat+0x27cf/0x2fb0
[  106.339810][ T5246]  ? do_filp_open+0x400/0x400
[  106.344488][ T5246]  do_filp_open+0x1df/0x400
[  106.348987][ T5246]  ? vfs_tmpfile+0x300/0x300
[  106.353786][ T5246]  ? _raw_spin_unlock+0x24/0x40
[  106.358723][ T5246]  ? alloc_fd+0x59e/0x650
[  106.363051][ T5246]  do_sys_openat2+0x14b/0x500
[  106.367756][ T5246]  ? __lock_acquire+0x7b50/0x7b50
[  106.372772][ T5246]  ? do_sys_open+0xe0/0xe0
[  106.377177][ T5246]  ? lockdep_hardirqs_on_prepare+0x448/0x7c0
[  106.383152][ T5246]  ? lock_chain_count+0x20/0x20
[  106.387998][ T5246]  __x64_sys_openat+0x135/0x160
[  106.392842][ T5246]  do_syscall_64+0x4c/0xa0
[  106.397409][ T5246]  ? clear_bhb_loop+0x30/0x80
[  106.402349][ T5246]  ? clear_bhb_loop+0x30/0x80
[  106.407025][ T5246]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.413098][ T5246] RIP: 0033:0x7f3b57ef9799
[  106.417517][ T5246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  106.437374][ T5246] RSP: 002b:00007f3b5755b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  106.445781][ T5246] RAX: ffffffffffffffda RBX: 00007f3b58172fa0 RCX: 00007f3b57ef9799
[  106.453839][ T5246] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  106.461814][ T5246] RBP: 00007f3b57f8fbd9 R08: 0000000000000000 R09: 0000000000000000
[  106.469882][ T5246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  106.478102][ T5246] R13: 00007f3b58173038 R14: 00007f3b58172fa0 R15: 00007fff761344c8
[  106.486079][ T5246]  </TASK>
[  106.489091][ T5246] 
[  106.491404][ T5246] The buggy address belongs to the page:
[  106.497027][ T5246] page:ffffea0001bbf200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6efc8
[  106.507261][ T5246] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  106.514366][ T5246] raw: 00fff00000000000 ffffea0001bbf5c8 ffffea0001bbf248 0000000000000000
[  106.523062][ T5246] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  106.531768][ T5246] page dumped because: kasan: bad access detected
[  106.538292][ T5246] page_owner tracks the page as freed
[  106.543650][ T5246] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 4766, ts 105963132616, free_ts 106007993444
[  106.559600][ T5246]  get_page_from_freelist+0x24f6/0x2670
[  106.565156][ T5246]  __alloc_pages+0x1ee/0x480
[  106.569746][ T5246]  alloc_pages_vma+0x2bc/0x790
[  106.574497][ T5246]  handle_mm_fault+0x23be/0x4440
[  106.579623][ T5246]  do_user_addr_fault+0x494/0xc90
[  106.584957][ T5246]  exc_page_fault+0x60/0x100
[  106.589554][ T5246]  asm_exc_page_fault+0x22/0x30
[  106.594423][ T5246]  copy_user_enhanced_fast_string+0xe/0x40
[  106.600324][ T5246]  copy_page_to_iter+0x4c9/0x930
[  106.605344][ T5246]  filemap_read+0x1e0a/0x2560
[  106.610009][ T5246]  blkdev_read_iter+0x11d/0x150
[  106.614929][ T5246]  vfs_read+0x75e/0xd50
[  106.619068][ T5246]  ksys_read+0x153/0x260
[  106.623517][ T5246]  do_syscall_64+0x4c/0xa0
[  106.627917][ T5246]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.633795][ T5246] page last free stack trace:
[  106.638453][ T5246]  free_unref_page_prepare+0x637/0x6c0
[  106.643899][ T5246]  free_unref_page_list+0x119/0x830
[  106.649090][ T5246]  release_pages+0x185f/0x1bd0
[  106.653849][ T5246]  tlb_finish_mmu+0x1b4/0x370
[  106.658519][ T5246]  unmap_region+0x344/0x3b0
[  106.663022][ T5246]  __do_munmap+0xa29/0xe10
[  106.667422][ T5246]  __vm_munmap+0x13f/0x240
[  106.671819][ T5246]  __x64_sys_munmap+0x67/0x70
[  106.676510][ T5246]  do_syscall_64+0x4c/0xa0
[  106.681025][ T5246]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  106.686903][ T5246] 
[  106.689209][ T5246] Memory state around the buggy address:
[  106.694823][ T5246]  ffff88806efc8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  106.702880][ T5246]  ffff88806efc8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  106.710922][ T5246] >ffff88806efc8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  106.719050][ T5246]                                                              ^
[  106.726746][ T5246]  ffff88806efc8180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  106.734965][ T5246]  ffff88806efc8200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  106.743030][ T5246] ==================================================================
[  106.751068][ T5246] Disabling lock debugging due to kernel taint
[  106.758238][ T5246] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  106.765538][ T5246] CPU: 1 PID: 5246 Comm: syz.0.20 Tainted: G    B             syzkaller #0
[  106.774132][ T5246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  106.784276][ T5246] Call Trace:
[  106.787561][ T5246]  <TASK>
[  106.790665][ T5246]  dump_stack_lvl+0x188/0x250
[  106.795355][ T5246]  ? show_regs_print_info+0x20/0x20
[  106.800642][ T5246]  ? load_image+0x410/0x410
[  106.805979][ T5246]  panic+0x2f8/0x850
[  106.809893][ T5246]  ? bpf_jit_dump+0xd0/0xd0
[  106.814409][ T5246]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  106.820313][ T5246]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  106.826237][ T5246]  ? _raw_spin_unlock+0x40/0x40
[  106.831096][ T5246]  ? print_memory_metadata+0x314/0x400
[  106.836655][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.841621][ T5246]  check_panic_on_warn+0x80/0xa0
[  106.846579][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.851548][ T5246]  end_report+0x6d/0xf0
[  106.855728][ T5246]  kasan_report+0x102/0x130
[  106.860243][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.865283][ T5246]  kasan_check_range+0x235/0x290
[  106.870235][ T5246]  ? ntfs_readpage+0x7f6/0x2140
[  106.875099][ T5246]  memcpy+0x25/0x60
[  106.878922][ T5246]  ntfs_readpage+0x7f6/0x2140
[  106.883649][ T5246]  ? __lock_acquire+0x7b50/0x7b50
[  106.888783][ T5246]  ? ntfs_writepage+0x1360/0x1360
[  106.893919][ T5246]  ? xa_load+0x276/0x2a0
[  106.898184][ T5246]  ? readahead_page+0x295/0x3d0
[  106.903044][ T5246]  ? ntfs_writepage+0x1360/0x1360
[  106.908161][ T5246]  read_pages+0x60a/0x920
[  106.912607][ T5246]  ? page_cache_ra_unbounded+0x8f0/0x8f0
[  106.913455][   T13] Bluetooth: hci0: command 0x040f tx timeout
[  106.918243][ T5246]  ? add_to_page_cache_lru+0x2ad/0x4a0
[  106.929820][ T5246]  page_cache_ra_unbounded+0x7f4/0x8f0
[  106.935292][ T5246]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  106.941809][ T5246]  ? blk_cgroup_congested+0x30b/0x390
[  106.947212][ T5246]  filemap_read+0x5ef/0x2560
[  106.951995][ T5246]  ? rcu_lock_release+0x5/0x20
[  106.956877][ T5246]  ? find_get_pages_range_tag+0x450/0x450
[  106.962692][ T5246]  ? __kernel_text_address+0x9a/0x100
[  106.968074][ T5246]  ? unwind_get_return_address+0x49/0x80
[  106.973819][ T5246]  ? generic_file_read_iter+0x94/0x480
[  106.979462][ T5246]  ? iov_iter_kvec+0xb4/0x170
[  106.984161][ T5246]  __kernel_read+0x51d/0x980
[  106.988855][ T5246]  ? __kasan_kmalloc+0xc6/0xe0
[  106.993633][ T5246]  ? __kasan_kmalloc+0xaf/0xe0
[  106.998483][ T5246]  ? rw_verify_area+0x1b0/0x1b0
[  107.003360][ T5246]  integrity_kernel_read+0x86/0xd0
[  107.008574][ T5246]  ? integrity_inode_free+0x170/0x170
[  107.014211][ T5246]  ima_calc_file_hash+0x946/0x1940
[  107.019417][ T5246]  ? mark_lock+0x94/0x320
[  107.023738][ T5246]  ? __lock_acquire+0x13dc/0x7b50
[  107.028761][ T5246]  ? ima_alloc_tfm+0x2f0/0x2f0
[  107.033533][ T5246]  ? __kernel_text_address+0x9a/0x100
[  107.038928][ T5246]  ? __mutex_trylock_common+0x15c/0x260
[  107.044578][ T5246]  ? rcu_lock_release+0x20/0x20
[  107.049445][ T5246]  ima_collect_measurement+0x335/0x7e0
[  107.055147][ T5246]  ? ima_get_action+0xa0/0xa0
[  107.059909][ T5246]  ? is_bad_inode+0x9/0x40
[  107.064501][ T5246]  process_measurement+0x1185/0x1c20
[  107.069894][ T5246]  ? ima_file_mmap+0x140/0x140
[  107.074644][ T5246]  ? tomoyo_check_path_number_acl+0x280/0x280
[  107.080724][ T5246]  ima_file_check+0xc7/0x110
[  107.085300][ T5246]  ? ima_bprm_check+0x200/0x200
[  107.090137][ T5246]  ? vfs_open+0x2b/0x80
[  107.094362][ T5246]  path_openat+0x27cf/0x2fb0
[  107.099064][ T5246]  ? do_filp_open+0x400/0x400
[  107.103826][ T5246]  do_filp_open+0x1df/0x400
[  107.108357][ T5246]  ? vfs_tmpfile+0x300/0x300
[  107.113011][ T5246]  ? _raw_spin_unlock+0x24/0x40
[  107.117938][ T5246]  ? alloc_fd+0x59e/0x650
[  107.122289][ T5246]  do_sys_openat2+0x14b/0x500
[  107.127043][ T5246]  ? __lock_acquire+0x7b50/0x7b50
[  107.132053][ T5246]  ? do_sys_open+0xe0/0xe0
[  107.136514][ T5246]  ? lockdep_hardirqs_on_prepare+0x448/0x7c0
[  107.142497][ T5246]  ? lock_chain_count+0x20/0x20
[  107.147332][ T5246]  __x64_sys_openat+0x135/0x160
[  107.152206][ T5246]  do_syscall_64+0x4c/0xa0
[  107.156713][ T5246]  ? clear_bhb_loop+0x30/0x80
[  107.161441][ T5246]  ? clear_bhb_loop+0x30/0x80
[  107.166109][ T5246]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  107.172203][ T5246] RIP: 0033:0x7f3b57ef9799
[  107.176613][ T5246] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  107.196555][ T5246] RSP: 002b:00007f3b5755b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  107.204979][ T5246] RAX: ffffffffffffffda RBX: 00007f3b58172fa0 RCX: 00007f3b57ef9799
[  107.212941][ T5246] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  107.221015][ T5246] RBP: 00007f3b57f8fbd9 R08: 0000000000000000 R09: 0000000000000000
[  107.228976][ T5246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  107.236943][ T5246] R13: 00007f3b58173038 R14: 00007f3b58172fa0 R15: 00007fff761344c8
[  107.244990][ T5246]  </TASK>
[  107.248398][ T5246] Kernel Offset: disabled
[  107.252853][ T5246] Rebooting in 86400 seconds..