Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts. 2026/06/16 01:34:12 parsed 1 programs Setting up swapspace version 1, size = 127995904 bytes [ 105.125745][ T4496] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 107.895618][ T4267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.904105][ T4267] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.912825][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 107.936445][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.945518][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.953887][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 109.053692][ T4662] chnl_net:caif_netlink_parms(): no params data found [ 109.120880][ T4662] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.129407][ T4662] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.137932][ T4662] device bridge_slave_0 entered promiscuous mode [ 109.148857][ T4662] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.156273][ T4662] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.164640][ T4662] device bridge_slave_1 entered promiscuous mode [ 109.197686][ T4662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.211726][ T4662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.235546][ T4662] team0: Port device team_slave_0 added [ 109.246035][ T4662] team0: Port device team_slave_1 added [ 109.271134][ T4662] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.278683][ T4662] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.305798][ T4662] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.318755][ T4662] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.326248][ T4662] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.354123][ T4662] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.395951][ T4662] device hsr_slave_0 entered promiscuous mode [ 109.403025][ T4662] device hsr_slave_1 entered promiscuous mode [ 110.185900][ T4662] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.198479][ T4662] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.209655][ T4662] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.222220][ T4662] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 110.369209][ T4662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.389471][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 110.400881][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 110.412589][ T4662] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.466738][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.477785][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.488831][ T3025] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.497690][ T3025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.508338][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 110.520350][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.531028][ T3025] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.538867][ T3025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.549877][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.594424][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 110.609090][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 110.620696][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 110.631681][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 110.645350][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 110.663419][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 110.674601][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 110.684758][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 110.694128][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.706065][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 110.716654][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.749095][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 110.891979][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 110.900276][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 110.943995][ T4662] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.970765][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 110.983033][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.021101][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 111.033799][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.047610][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.057809][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 111.073111][ T4662] device veth0_vlan entered promiscuous mode [ 111.109362][ T4662] device veth1_vlan entered promiscuous mode [ 111.136874][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 111.147833][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 111.162722][ T4662] device veth0_macvtap entered promiscuous mode [ 111.186542][ T4662] device veth1_macvtap entered promiscuous mode [ 111.208707][ T4662] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.233810][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 111.243801][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 111.256213][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 111.268375][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 111.294035][ T4662] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.304528][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.315620][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 111.343025][ T4662] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.354942][ T4662] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.364517][ T4662] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.376567][ T4662] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2026/06/16 01:34:24 executed programs: 0 [ 113.742021][ T144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.788546][ T4814] chnl_net:caif_netlink_parms(): no params data found [ 113.860625][ T4814] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.868215][ T4814] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.880987][ T4814] device bridge_slave_0 entered promiscuous mode [ 113.890505][ T4814] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.900966][ T4814] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.910979][ T4814] device bridge_slave_1 entered promiscuous mode [ 113.944371][ T4814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.958655][ T4814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.991050][ T4814] team0: Port device team_slave_0 added [ 114.002519][ T4814] team0: Port device team_slave_1 added [ 114.028746][ T4814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 114.038671][ T4814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.069334][ T4814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 114.082443][ T4814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 114.092742][ T4814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.126724][ T4814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.178833][ T4814] device hsr_slave_0 entered promiscuous mode [ 114.188681][ T4814] device hsr_slave_1 entered promiscuous mode [ 114.196215][ T4814] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 114.203925][ T4814] Cannot create hsr debugfs directory [ 115.625169][ T4683] Bluetooth: hci0: command 0x0409 tx timeout [ 115.904527][ T144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.962970][ T144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.043059][ T144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.876585][ T4814] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 116.890920][ T4814] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 116.924951][ T4814] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.940568][ T4814] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 117.044651][ T4814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.084719][ T4814] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.096330][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 117.108068][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 117.128051][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 117.141137][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 117.151322][ T3025] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.158501][ T3025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.171414][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 117.180828][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 117.190861][ T3025] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.198462][ T3025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.207895][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 117.220181][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 117.249952][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 117.264467][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 117.274130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 117.294435][ T4814] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 117.306647][ T4814] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 117.321041][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 117.329891][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 117.339150][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 117.349424][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 117.358945][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.368062][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 117.379726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.396491][ T144] device hsr_slave_0 left promiscuous mode [ 117.410768][ T144] device hsr_slave_1 left promiscuous mode [ 117.418658][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.429357][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.438748][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.449524][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.459737][ T144] device bridge_slave_1 left promiscuous mode [ 117.469116][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.479438][ T144] device bridge_slave_0 left promiscuous mode [ 117.488934][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.504329][ T144] device veth1_macvtap left promiscuous mode [ 117.513131][ T144] device veth0_macvtap left promiscuous mode [ 117.520604][ T144] device veth1_vlan left promiscuous mode [ 117.529925][ T144] device veth0_vlan left promiscuous mode [ 117.707690][ T1108] Bluetooth: hci0: command 0x041b tx timeout [ 117.788409][ T144] team0 (unregistering): Port device team_slave_1 removed [ 117.803381][ T144] team0 (unregistering): Port device team_slave_0 removed [ 117.820469][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.835516][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.904120][ T144] bond0 (unregistering): Released all slaves [ 117.951470][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 118.124970][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 118.135101][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 118.152998][ T4814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.179187][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 118.193743][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 118.223019][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 118.234059][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 118.250015][ T4814] device veth0_vlan entered promiscuous mode [ 118.261218][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 118.274263][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 118.290446][ T4814] device veth1_vlan entered promiscuous mode [ 118.316887][ T4814] device veth0_macvtap entered promiscuous mode [ 118.329677][ T4814] device veth1_macvtap entered promiscuous mode [ 118.350153][ T4814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.361678][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 118.371238][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 118.380437][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 118.389968][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 118.399559][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 118.408183][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 118.417063][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 118.428644][ T4814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.438826][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 118.447477][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 118.457130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 118.469167][ T4814] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.480634][ T4814] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.490860][ T4814] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.502861][ T4814] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.588543][ T4267] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.608183][ T4267] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.618245][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 2026/06/16 01:34:30 executed programs: 2 [ 118.646172][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.654232][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.663907][ T3025] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 118.795125][ T5056] loop0: detected capacity change from 0 to 4096 [ 118.857329][ T5056] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 118.929149][ T5056] ntfs: volume version 3.1. [ 119.118587][ T5058] loop0: detected capacity change from 0 to 4096 [ 119.186161][ T5058] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 119.256518][ T5058] ntfs: volume version 3.1. [ 119.280336][ T5058] ================================================================== [ 119.289378][ T5058] BUG: KASAN: use-after-free in ntfs_readpage+0x7f6/0x2140 [ 119.296788][ T5058] Read of size 10 at addr ffff888059a0b170 by task syz.0.18/5058 [ 119.305205][ T5058] [ 119.307658][ T5058] CPU: 1 PID: 5058 Comm: syz.0.18 Not tainted syzkaller #0 [ 119.314875][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 119.325441][ T5058] Call Trace: [ 119.328933][ T5058] [ 119.332172][ T5058] dump_stack_lvl+0x188/0x250 [ 119.337122][ T5058] ? show_regs_print_info+0x20/0x20 [ 119.342492][ T5058] ? _printk+0xda/0x130 [ 119.346871][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 119.351827][ T5058] ? load_image+0x410/0x410 [ 119.356473][ T5058] print_address_description+0x60/0x2d0 [ 119.362418][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 119.367599][ T5058] kasan_report+0xdf/0x130 [ 119.372047][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 119.377903][ T5058] kasan_check_range+0x235/0x290 [ 119.383149][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 119.388134][ T5058] memcpy+0x25/0x60 [ 119.392064][ T5058] ntfs_readpage+0x7f6/0x2140 [ 119.396779][ T5058] ? __lock_acquire+0x7b50/0x7b50 [ 119.401932][ T5058] ? ntfs_writepage+0x1360/0x1360 [ 119.407687][ T5058] ? xa_load+0x276/0x2a0 [ 119.412194][ T5058] ? readahead_page+0x295/0x3d0 [ 119.417270][ T5058] ? ntfs_writepage+0x1360/0x1360 [ 119.422591][ T5058] read_pages+0x60a/0x920 [ 119.427086][ T5058] ? page_cache_ra_unbounded+0x8f0/0x8f0 [ 119.432865][ T5058] ? add_to_page_cache_lru+0x2ad/0x4a0 [ 119.439332][ T5058] page_cache_ra_unbounded+0x7f4/0x8f0 [ 119.445299][ T5058] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 119.452090][ T5058] ? blk_cgroup_congested+0x30b/0x390 [ 119.458103][ T5058] filemap_read+0x5ef/0x2560 [ 119.462812][ T5058] ? rcu_lock_release+0x5/0x20 [ 119.468246][ T5058] ? find_get_pages_range_tag+0x450/0x450 [ 119.475161][ T5058] ? __kernel_text_address+0x9a/0x100 [ 119.480617][ T5058] ? unwind_get_return_address+0x49/0x80 [ 119.486728][ T5058] ? generic_file_read_iter+0x94/0x480 [ 119.492912][ T5058] ? iov_iter_kvec+0xb4/0x170 [ 119.498101][ T5058] __kernel_read+0x51d/0x980 [ 119.503014][ T5058] ? __kasan_kmalloc+0xc6/0xe0 [ 119.508661][ T5058] ? __kasan_kmalloc+0xaf/0xe0 [ 119.513478][ T5058] ? rw_verify_area+0x1b0/0x1b0 [ 119.518985][ T5058] integrity_kernel_read+0x86/0xd0 [ 119.524297][ T5058] ? integrity_inode_free+0x170/0x170 [ 119.529790][ T5058] ima_calc_file_hash+0x946/0x1940 [ 119.535114][ T5058] ? mark_lock+0x94/0x320 [ 119.540463][ T5058] ? __lock_acquire+0x13dc/0x7b50 [ 119.546257][ T5058] ? ima_alloc_tfm+0x2f0/0x2f0 [ 119.551637][ T5058] ? __kernel_text_address+0x9a/0x100 [ 119.557660][ T5058] ? __mutex_trylock_common+0x15c/0x260 [ 119.563697][ T5058] ? rcu_lock_release+0x20/0x20 [ 119.568795][ T5058] ima_collect_measurement+0x335/0x7e0 [ 119.574730][ T5058] ? ima_get_action+0xa0/0xa0 [ 119.579459][ T5058] ? is_bad_inode+0x9/0x40 [ 119.584117][ T5058] process_measurement+0x1185/0x1c20 [ 119.589480][ T5058] ? ima_file_mmap+0x140/0x140 [ 119.594303][ T5058] ? tomoyo_check_path_number_acl+0x280/0x280 [ 119.601303][ T5058] ima_file_check+0xc7/0x110 [ 119.606289][ T5058] ? ima_bprm_check+0x200/0x200 [ 119.611443][ T5058] ? vfs_open+0x2b/0x80 [ 119.615863][ T5058] path_openat+0x27cf/0x2fb0 [ 119.620543][ T5058] ? do_filp_open+0x400/0x400 [ 119.626705][ T5058] do_filp_open+0x1df/0x400 [ 119.631541][ T5058] ? vfs_tmpfile+0x300/0x300 [ 119.636469][ T5058] ? _raw_spin_unlock+0x24/0x40 [ 119.641840][ T5058] ? alloc_fd+0x59e/0x650 [ 119.646286][ T5058] do_sys_openat2+0x14b/0x500 [ 119.651422][ T5058] ? __lock_acquire+0x7b50/0x7b50 [ 119.656553][ T5058] ? do_sys_open+0xe0/0xe0 [ 119.661274][ T5058] ? lockdep_hardirqs_on_prepare+0x448/0x7c0 [ 119.667741][ T5058] ? lock_chain_count+0x20/0x20 [ 119.672730][ T5058] __x64_sys_openat+0x135/0x160 [ 119.677920][ T5058] do_syscall_64+0x4c/0xa0 [ 119.682569][ T5058] ? clear_bhb_loop+0x30/0x80 [ 119.687521][ T5058] ? clear_bhb_loop+0x30/0x80 [ 119.692242][ T5058] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 119.698881][ T5058] RIP: 0033:0x7f1b79f7f629 [ 119.703908][ T5058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.724518][ T5058] RSP: 002b:00007f1b795e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 119.733664][ T5058] RAX: ffffffffffffffda RBX: 00007f1b7a1f8fa0 RCX: 00007f1b79f7f629 [ 119.742443][ T5058] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 119.751179][ T5058] RBP: 00007f1b7a015b39 R08: 0000000000000000 R09: 0000000000000000 [ 119.759540][ T5058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.768184][ T5058] R13: 00007f1b7a1f9038 R14: 00007f1b7a1f8fa0 R15: 00007ffffce59938 [ 119.776784][ T5058] [ 119.779901][ T5058] [ 119.782320][ T5058] The buggy address belongs to the page: [ 119.788149][ T5058] page:ffffea00016682c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x59a0b [ 119.798490][ T5058] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 119.805609][ T5058] raw: 00fff00000000000 ffffea0001668308 ffffea0001668288 0000000000000000 [ 119.815117][ T5058] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 119.824081][ T5058] page dumped because: kasan: bad access detected [ 119.831245][ T5058] page_owner tracks the page as freed [ 119.837174][ T5058] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 5058, ts 119236420620, free_ts 119243723461 [ 119.852770][ T5058] get_page_from_freelist+0x24f6/0x2670 [ 119.858536][ T5058] __alloc_pages+0x1ee/0x480 [ 119.863870][ T5058] __page_cache_alloc+0xce/0x440 [ 119.869035][ T5058] do_read_cache_page+0x1d4/0x1010 [ 119.874246][ T5058] ntfs_map_page+0x24/0x390 [ 119.879120][ T5058] load_system_files+0x1ca7/0x54b0 [ 119.884608][ T5058] ntfs_fill_super+0x19c9/0x2c90 [ 119.889657][ T5058] mount_bdev+0x28a/0x3c0 [ 119.894623][ T5058] legacy_get_tree+0xe6/0x180 [ 119.900016][ T5058] vfs_get_tree+0x88/0x270 [ 119.905251][ T5058] do_new_mount+0x247/0xa40 [ 119.910211][ T5058] __se_sys_mount+0x2e3/0x3d0 [ 119.915018][ T5058] do_syscall_64+0x4c/0xa0 [ 119.919558][ T5058] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 119.925673][ T5058] page last free stack trace: [ 119.930520][ T5058] free_unref_page_prepare+0x637/0x6c0 [ 119.936512][ T5058] free_unref_page_list+0x119/0x830 [ 119.942134][ T5058] release_pages+0x185f/0x1bd0 [ 119.947415][ T5058] __pagevec_release+0x6d/0xe0 [ 119.952384][ T5058] truncate_inode_pages_range+0x335/0xf90 [ 119.958662][ T5058] ntfs_evict_big_inode+0x2c/0x490 [ 119.964333][ T5058] evict+0x4b6/0x8b0 [ 119.968694][ T5058] load_system_files+0x26b6/0x54b0 [ 119.974452][ T5058] ntfs_fill_super+0x19c9/0x2c90 [ 119.979942][ T5058] mount_bdev+0x28a/0x3c0 [ 119.985123][ T5058] legacy_get_tree+0xe6/0x180 [ 119.989916][ T5058] vfs_get_tree+0x88/0x270 [ 119.994826][ T5058] do_new_mount+0x247/0xa40 [ 119.999830][ T5058] __se_sys_mount+0x2e3/0x3d0 [ 120.004734][ T5058] do_syscall_64+0x4c/0xa0 [ 120.009383][ T5058] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 120.015780][ T5058] [ 120.018332][ T5058] Memory state around the buggy address: [ 120.025159][ T5058] ffff888059a0b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.034181][ T5058] ffff888059a0b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.046854][ T5058] >ffff888059a0b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.055369][ T5058] ^ [ 120.063284][ T5058] ffff888059a0b180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.072221][ T5058] ffff888059a0b200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 120.081223][ T5058] ================================================================== [ 120.090096][ T5058] Disabling lock debugging due to kernel taint [ 120.097356][ T5058] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 120.099096][ T4982] Bluetooth: hci0: command 0x040f tx timeout [ 120.105695][ T5058] CPU: 1 PID: 5058 Comm: syz.0.18 Tainted: G B syzkaller #0 [ 120.105722][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 120.105731][ T5058] Call Trace: [ 120.105740][ T5058] [ 120.105748][ T5058] dump_stack_lvl+0x188/0x250 [ 120.145199][ T5058] ? show_regs_print_info+0x20/0x20 [ 120.150882][ T5058] ? load_image+0x410/0x410 [ 120.155517][ T5058] panic+0x2f8/0x850 [ 120.159572][ T5058] ? bpf_jit_dump+0xd0/0xd0 [ 120.164319][ T5058] ? _raw_spin_unlock_irqrestore+0xbc/0x120 [ 120.170472][ T5058] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 120.176836][ T5058] ? _raw_spin_unlock+0x40/0x40 [ 120.182459][ T5058] ? print_memory_metadata+0x314/0x400 [ 120.188554][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 120.194246][ T5058] check_panic_on_warn+0x80/0xa0 [ 120.200278][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 120.205913][ T5058] end_report+0x6d/0xf0 [ 120.210944][ T5058] kasan_report+0x102/0x130 [ 120.216244][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 120.221799][ T5058] kasan_check_range+0x235/0x290 [ 120.227305][ T5058] ? ntfs_readpage+0x7f6/0x2140 [ 120.232548][ T5058] memcpy+0x25/0x60 [ 120.236514][ T5058] ntfs_readpage+0x7f6/0x2140 [ 120.241637][ T5058] ? __lock_acquire+0x7b50/0x7b50 [ 120.247148][ T5058] ? ntfs_writepage+0x1360/0x1360 [ 120.252644][ T5058] ? xa_load+0x276/0x2a0 [ 120.256940][ T5058] ? readahead_page+0x295/0x3d0 [ 120.262508][ T5058] ? ntfs_writepage+0x1360/0x1360 [ 120.267854][ T5058] read_pages+0x60a/0x920 [ 120.273570][ T5058] ? page_cache_ra_unbounded+0x8f0/0x8f0 [ 120.280194][ T5058] ? add_to_page_cache_lru+0x2ad/0x4a0 [ 120.286398][ T5058] page_cache_ra_unbounded+0x7f4/0x8f0 [ 120.292422][ T5058] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 120.299117][ T5058] ? blk_cgroup_congested+0x30b/0x390 [ 120.304842][ T5058] filemap_read+0x5ef/0x2560 [ 120.309580][ T5058] ? rcu_lock_release+0x5/0x20 [ 120.314817][ T5058] ? find_get_pages_range_tag+0x450/0x450 [ 120.320988][ T5058] ? __kernel_text_address+0x9a/0x100 [ 120.327365][ T5058] ? unwind_get_return_address+0x49/0x80 [ 120.333716][ T5058] ? generic_file_read_iter+0x94/0x480 [ 120.339454][ T5058] ? iov_iter_kvec+0xb4/0x170 [ 120.344409][ T5058] __kernel_read+0x51d/0x980 [ 120.349555][ T5058] ? __kasan_kmalloc+0xc6/0xe0 [ 120.354507][ T5058] ? __kasan_kmalloc+0xaf/0xe0 [ 120.359385][ T5058] ? rw_verify_area+0x1b0/0x1b0 [ 120.364637][ T5058] integrity_kernel_read+0x86/0xd0 [ 120.370251][ T5058] ? integrity_inode_free+0x170/0x170 [ 120.375876][ T5058] ima_calc_file_hash+0x946/0x1940 [ 120.381598][ T5058] ? mark_lock+0x94/0x320 [ 120.386619][ T5058] ? __lock_acquire+0x13dc/0x7b50 [ 120.391843][ T5058] ? ima_alloc_tfm+0x2f0/0x2f0 [ 120.396734][ T5058] ? __kernel_text_address+0x9a/0x100 [ 120.402360][ T5058] ? __mutex_trylock_common+0x15c/0x260 [ 120.408540][ T5058] ? rcu_lock_release+0x20/0x20 [ 120.413595][ T5058] ima_collect_measurement+0x335/0x7e0 [ 120.419418][ T5058] ? ima_get_action+0xa0/0xa0 [ 120.424399][ T5058] ? is_bad_inode+0x9/0x40 [ 120.428909][ T5058] process_measurement+0x1185/0x1c20 [ 120.434468][ T5058] ? ima_file_mmap+0x140/0x140 [ 120.439313][ T5058] ? tomoyo_check_path_number_acl+0x280/0x280 [ 120.445482][ T5058] ima_file_check+0xc7/0x110 [ 120.450112][ T5058] ? ima_bprm_check+0x200/0x200 [ 120.454968][ T5058] ? vfs_open+0x2b/0x80 [ 120.459409][ T5058] path_openat+0x27cf/0x2fb0 [ 120.464131][ T5058] ? do_filp_open+0x400/0x400 [ 120.469733][ T5058] do_filp_open+0x1df/0x400 [ 120.475313][ T5058] ? vfs_tmpfile+0x300/0x300 [ 120.480135][ T5058] ? _raw_spin_unlock+0x24/0x40 [ 120.485899][ T5058] ? alloc_fd+0x59e/0x650 [ 120.490913][ T5058] do_sys_openat2+0x14b/0x500 [ 120.495620][ T5058] ? __lock_acquire+0x7b50/0x7b50 [ 120.500849][ T5058] ? do_sys_open+0xe0/0xe0 [ 120.505646][ T5058] ? lockdep_hardirqs_on_prepare+0x448/0x7c0 [ 120.511999][ T5058] ? lock_chain_count+0x20/0x20 [ 120.516952][ T5058] __x64_sys_openat+0x135/0x160 [ 120.522002][ T5058] do_syscall_64+0x4c/0xa0 [ 120.527015][ T5058] ? clear_bhb_loop+0x30/0x80 [ 120.531930][ T5058] ? clear_bhb_loop+0x30/0x80 [ 120.537194][ T5058] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 120.543623][ T5058] RIP: 0033:0x7f1b79f7f629 [ 120.548281][ T5058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 120.569442][ T5058] RSP: 002b:00007f1b795e1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 120.577958][ T5058] RAX: ffffffffffffffda RBX: 00007f1b7a1f8fa0 RCX: 00007f1b79f7f629 [ 120.586568][ T5058] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 120.594584][ T5058] RBP: 00007f1b7a015b39 R08: 0000000000000000 R09: 0000000000000000 [ 120.603235][ T5058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.611933][ T5058] R13: 00007f1b7a1f9038 R14: 00007f1b7a1f8fa0 R15: 00007ffffce59938 [ 120.620086][ T5058] [ 120.623450][ T5058] Kernel Offset: disabled [ 120.628458][ T5058] Rebooting in 86400 seconds..