[   86.632394][ T1165] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.647254][ T1165] device veth1_macvtap left promiscuous mode
[   86.653932][ T1165] device veth0_macvtap left promiscuous mode
[   86.660228][ T1165] device veth1_vlan left promiscuous mode
[   86.666912][ T1165] device veth0_vlan left promiscuous mode
[   86.835204][ T1165] team0 (unregistering): Port device team_slave_1 removed
[   86.848478][ T1165] team0 (unregistering): Port device team_slave_0 removed
[   86.863863][ T1165] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   86.878641][ T1165] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   86.941139][ T1165] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.90' (ED25519) to the list of known hosts.
2025/04/14 19:20:40 ignoring optional flag "sandboxArg"="0"
2025/04/14 19:20:41 parsed 1 programs
[  108.173370][ T4599] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  109.987931][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.997787][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.013557][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  110.029325][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.037718][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.046683][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  110.242491][ T4629] chnl_net:caif_netlink_parms(): no params data found
[  110.303904][ T4629] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.311660][ T4629] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.319785][ T4629] device bridge_slave_0 entered promiscuous mode
[  110.328679][ T4629] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.336114][ T4629] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.344456][ T4629] device bridge_slave_1 entered promiscuous mode
[  110.372380][ T4629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.384149][ T4629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.416967][ T4629] team0: Port device team_slave_0 added
[  110.425115][ T4629] team0: Port device team_slave_1 added
[  110.454084][ T4629] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.461993][ T4629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.491039][ T4629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.504135][ T4629] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.512759][ T4629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.540834][ T4629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.594883][ T4629] device hsr_slave_0 entered promiscuous mode
[  110.603332][ T4629] device hsr_slave_1 entered promiscuous mode
[  111.425331][ T4629] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  111.443020][ T4629] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  111.465826][ T4629] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.485701][ T4629] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  111.644919][ T4629] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.664795][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  111.673815][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  111.688787][ T4629] 8021q: adding VLAN 0 to HW filter on device team0
[  111.723612][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  111.750752][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  111.771094][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.778241][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.833245][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  111.851549][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  111.865163][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  111.876541][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.883705][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.892819][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  111.902576][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  111.920707][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  111.932560][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  111.941957][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  111.954776][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  111.963740][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  111.983974][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  111.994213][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  112.009174][ T4629] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  112.022390][ T4629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  112.030924][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  112.040386][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  112.205363][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  112.215197][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  112.246032][ T4629] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.270033][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  112.282301][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  112.320169][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  112.339055][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  112.350480][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  112.359445][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  112.373322][ T4629] device veth0_vlan entered promiscuous mode
[  112.399888][ T4629] device veth1_vlan entered promiscuous mode
[  112.426489][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  112.436464][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  112.447933][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  112.459029][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  112.486293][ T4629] device veth0_macvtap entered promiscuous mode
[  112.498233][ T4629] device veth1_macvtap entered promiscuous mode
[  112.519240][ T4629] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.530846][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  112.540021][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  112.551171][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  112.568232][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  112.582739][ T4629] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.603903][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  112.614603][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  112.628088][ T4629] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.639884][ T4629] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.652554][ T4629] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.661994][ T4629] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.286913][ T1165] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/04/14 19:20:53 executed programs: 0
[  115.980764][ T4859] chnl_net:caif_netlink_parms(): no params data found
[  116.044497][ T4859] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.051925][ T4859] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.060288][ T4859] device bridge_slave_0 entered promiscuous mode
[  116.069397][ T4859] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.076777][ T4859] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.085607][ T4859] device bridge_slave_1 entered promiscuous mode
[  116.117394][ T4859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.133513][ T4859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.172498][ T4859] team0: Port device team_slave_0 added
[  116.182760][ T4859] team0: Port device team_slave_1 added
[  116.213252][ T4859] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.220241][ T4859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.249863][ T4859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.266329][ T4859] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.273862][ T4859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.303094][ T4859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.346815][ T4859] device hsr_slave_0 entered promiscuous mode
[  116.353980][ T4859] device hsr_slave_1 entered promiscuous mode
[  116.367463][ T4859] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  116.375341][ T4859] Cannot create hsr debugfs directory
[  116.927692][ T1165] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.969882][ T1165] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.023171][ T1165] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.918220][ T4859] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  117.925931][ T4292] Bluetooth: hci0: command 0x0409 tx timeout
[  117.937573][ T4859] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  117.960272][ T4859] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  117.971031][ T4859] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  118.099001][ T4859] 8021q: adding VLAN 0 to HW filter on device bond0
[  118.116057][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  118.124430][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  118.136449][ T4859] 8021q: adding VLAN 0 to HW filter on device team0
[  118.181176][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  118.190141][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  118.203566][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.210932][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  118.219828][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  118.231730][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  118.242881][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.249976][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  118.270232][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  118.281735][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  118.295793][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  118.306262][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  118.319547][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  118.365078][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  118.374183][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  118.387246][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  118.397945][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  118.411219][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  118.420120][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  118.432432][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  118.446928][ T4859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  118.528259][ T1165] device hsr_slave_0 left promiscuous mode
[  118.554135][ T1165] device hsr_slave_1 left promiscuous mode
[  118.561456][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  118.568981][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_0
[  118.590025][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  118.598825][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.609730][ T1165] device bridge_slave_1 left promiscuous mode
[  118.616956][ T1165] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.628662][ T1165] device bridge_slave_0 left promiscuous mode
[  118.635337][ T1165] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.652233][ T1165] device veth1_macvtap left promiscuous mode
[  118.658619][ T1165] device veth0_macvtap left promiscuous mode
[  118.667931][ T1165] device veth1_vlan left promiscuous mode
[  118.674789][ T1165] device veth0_vlan left promiscuous mode
[  118.837839][ T1165] team0 (unregistering): Port device team_slave_1 removed
[  118.850101][ T1165] team0 (unregistering): Port device team_slave_0 removed
[  118.863124][ T1165] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  118.879167][ T1165] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  118.939193][ T1165] bond0 (unregistering): Released all slaves
[  119.045609][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  119.053646][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  119.073824][ T4859] 8021q: adding VLAN 0 to HW filter on device batadv0
[  119.092496][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  119.101680][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  119.126016][ T4859] device veth0_vlan entered promiscuous mode
[  119.139716][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  119.148795][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  119.164042][ T4859] device veth1_vlan entered promiscuous mode
[  119.172826][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  119.182666][ T4214] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  119.205252][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  119.214427][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  119.225621][ T4859] device veth0_macvtap entered promiscuous mode
[  119.234967][ T4859] device veth1_macvtap entered promiscuous mode
[  119.254610][ T4859] batman_adv: batadv0: Interface activated: batadv_slave_0
[  119.262321][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  119.272095][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  119.280289][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  119.289801][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  119.302500][ T4859] batman_adv: batadv0: Interface activated: batadv_slave_1
[  119.312648][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  119.322007][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  119.333918][ T4859] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  119.343233][ T4859] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  119.352573][ T4859] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  119.361714][ T4859] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  119.426053][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.439204][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.464013][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  119.483191][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.495516][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.506113][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  119.609348][ T5028] loop0: detected capacity change from 0 to 4096
[  119.731828][ T5028] ntfs: (device loop0): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1.
[  119.777418][ T5028] ntfs: volume version 3.1.
[  119.786985][ T5028] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory.  Aborting lookup.
[  119.798474][ T5028] ntfs: (device loop0): load_and_init_usnjrnl(): Failed to find inode number for $UsnJrnl.
[  119.810216][ T5028] ntfs: (device loop0): load_system_files(): Failed to load $UsnJrnl.  Mounting read-only.  Run chkdsk.
[  119.832909][ T4859] ntfs: (device loop0): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set maccenteuro.  You might want to try to use the mount option nls=utf8.
[  119.869645][ T4859] ntfs: (device loop0): ntfs_filldir(): Skipping unrepresentable inode 0x4.
[  119.886077][ T4859] ==================================================================
[  119.894423][ T4859] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xed5/0x36f0
[  119.901931][ T4859] Read of size 1 at addr ffff888024e69599 by task syz-executor/4859
[  119.910003][ T4859] 
[  119.912340][ T4859] CPU: 0 PID: 4859 Comm: syz-executor Not tainted 5.15.180-syzkaller #0
[  119.920760][ T4859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  119.930831][ T4859] Call Trace:
[  119.934116][ T4859]  <TASK>
[  119.937057][ T4859]  dump_stack_lvl+0x1e3/0x2d0
[  119.941756][ T4859]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  119.947403][ T4859]  ? _printk+0xd1/0x120
[  119.951572][ T4859]  ? __wake_up_klogd+0xcc/0x100
[  119.956535][ T4859]  ? panic+0x860/0x860
[  119.960620][ T4859]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  119.966186][ T4859]  print_address_description+0x63/0x3b0
[  119.971753][ T4859]  ? ntfs_readdir+0xed5/0x36f0
[  119.976929][ T4859]  kasan_report+0x16b/0x1c0
[  119.981468][ T4859]  ? ntfs_readdir+0xed5/0x36f0
[  119.986456][ T4859]  ntfs_readdir+0xed5/0x36f0
[  119.991119][ T4859]  ? rwsem_write_trylock+0x166/0x210
[  119.996815][ T4859]  ? __fdget_pos+0x2cb/0x380
[  120.001574][ T4859]  ? clear_nonspinnable+0x60/0x60
[  120.006913][ T4859]  ? ntfs_unmap_page+0x1e0/0x1e0
[  120.011986][ T4859]  ? common_file_perm+0x17d/0x1d0
[  120.017046][ T4859]  iterate_dir+0x224/0x570
[  120.021591][ T4859]  __se_sys_getdents64+0x209/0x4f0
[  120.026730][ T4859]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  120.032828][ T4859]  ? __x64_sys_getdents64+0x80/0x80
[  120.038045][ T4859]  ? filldir+0x720/0x720
[  120.042310][ T4859]  ? syscall_enter_from_user_mode+0x2e/0x240
[  120.048477][ T4859]  ? lockdep_hardirqs_on+0x94/0x130
[  120.053690][ T4859]  ? syscall_enter_from_user_mode+0x2e/0x240
[  120.059683][ T4859]  do_syscall_64+0x3b/0xb0
[  120.064125][ T4859]  ? clear_bhb_loop+0x15/0x70
[  120.068819][ T4859]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  120.074736][ T4859] RIP: 0033:0x7f317b4c3693
[  120.079179][ T4859] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 82 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  120.098889][ T4859] RSP: 002b:00007ffff6a462a8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  120.107440][ T4859] RAX: ffffffffffffffda RBX: 0000555576f91640 RCX: 00007f317b4c3693
[  120.115437][ T4859] RDX: 0000000000008000 RSI: 0000555576f91640 RDI: 0000000000000006
[  120.123479][ T4859] RBP: 0000555576f91614 R08: 0000000000000000 R09: 0000000000000000
[  120.131560][ T4859] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  120.139646][ T4859] R13: 0000000000000016 R14: 0000555576f91610 R15: 0000000000000001
[  120.147657][ T4859]  </TASK>
[  120.150685][ T4859] 
[  120.153010][ T4859] Allocated by task 4859:
[  120.157337][ T4859]  ____kasan_kmalloc+0xba/0xf0
[  120.162137][ T4859]  __kmalloc+0x168/0x300
[  120.166403][ T4859]  ntfs_readdir+0x823/0x36f0
[  120.171287][ T4859]  iterate_dir+0x224/0x570
[  120.176061][ T4859]  __se_sys_getdents64+0x209/0x4f0
[  120.181180][ T4859]  do_syscall_64+0x3b/0xb0
[  120.185604][ T4859]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  120.191854][ T4859] 
[  120.194182][ T4859] The buggy address belongs to the object at ffff888024e69400
[  120.194182][ T4859]  which belongs to the cache kmalloc-512 of size 512
[  120.208412][ T4859] The buggy address is located 409 bytes inside of
[  120.208412][ T4859]  512-byte region [ffff888024e69400, ffff888024e69600)
[  120.221866][ T4859] The buggy address belongs to the page:
[  120.227527][ T4859] page:ffffea0000939a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24e68
[  120.237717][ T4859] head:ffffea0000939a00 order:2 compound_mapcount:0 compound_pincount:0
[  120.246053][ T4859] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  120.254073][ T4859] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888017441c80
[  120.262667][ T4859] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  120.271246][ T4859] page dumped because: kasan: bad access detected
[  120.277667][ T4859] page_owner tracks the page as allocated
[  120.283380][ T4859] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4317, ts 85846374853, free_ts 82151210746
[  120.304144][ T4859]  get_page_from_freelist+0x3b78/0x3d40
[  120.309824][ T4859]  __alloc_pages+0x272/0x700
[  120.314437][ T4859]  new_slab+0xbb/0x4b0
[  120.318527][ T4859]  ___slab_alloc+0x6f6/0xe10
[  120.323128][ T4859]  kmem_cache_alloc_trace+0x1a0/0x290
[  120.328629][ T4859]  kernfs_fop_open+0x3b5/0xbc0
[  120.333414][ T4859]  do_dentry_open+0x807/0xfb0
[  120.338096][ T4859]  path_openat+0x2705/0x2f20
[  120.342696][ T4859]  do_filp_open+0x21c/0x460
[  120.347200][ T4859]  do_sys_openat2+0x13b/0x4f0
[  120.352140][ T4859]  __x64_sys_openat+0x243/0x290
[  120.357716][ T4859]  do_syscall_64+0x3b/0xb0
[  120.362176][ T4859]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  120.368366][ T4859] page last free stack trace:
[  120.373047][ T4859]  free_unref_page_prepare+0xc34/0xcf0
[  120.378668][ T4859]  free_unref_page+0x95/0x2d0
[  120.383554][ T4859]  __unfreeze_partials+0x1b7/0x210
[  120.388685][ T4859]  put_cpu_partial+0x132/0x1a0
[  120.393462][ T4859]  ___cache_free+0xe3/0x100
[  120.397985][ T4859]  qlist_free_all+0x36/0x90
[  120.402511][ T4859]  kasan_quarantine_reduce+0x162/0x180
[  120.407995][ T4859]  __kasan_slab_alloc+0x2f/0xc0
[  120.412858][ T4859]  slab_post_alloc_hook+0x53/0x380
[  120.417984][ T4859]  kmem_cache_alloc_trace+0xfb/0x290
[  120.423277][ T4859]  nsim_fib_event_work+0x19be/0x4120
[  120.428574][ T4859]  process_one_work+0x8a1/0x10c0
[  120.433799][ T4859]  worker_thread+0xdcf/0x1280
[  120.438517][ T4859]  kthread+0x3f6/0x4f0
[  120.442618][ T4859]  ret_from_fork+0x1f/0x30
[  120.447071][ T4859] 
[  120.449426][ T4859] Memory state around the buggy address:
[  120.455091][ T4859]  ffff888024e69480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  120.463414][ T4859]  ffff888024e69500: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[  120.471511][ T4859] >ffff888024e69580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  120.480188][ T4859]                             ^
[  120.485187][ T4859]  ffff888024e69600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  120.493381][ T4859]  ffff888024e69680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  120.501637][ T4859] ==================================================================
[  120.510137][ T4859] Disabling lock debugging due to kernel taint
[  120.518954][   T13] Bluetooth: hci0: command 0x041b tx timeout
[  120.548445][ T4859] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  120.555695][ T4859] CPU: 0 PID: 4859 Comm: syz-executor Tainted: G    B             5.15.180-syzkaller #0
[  120.565542][ T4859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  120.575618][ T4859] Call Trace:
[  120.578897][ T4859]  <TASK>
[  120.581915][ T4859]  dump_stack_lvl+0x1e3/0x2d0
[  120.586598][ T4859]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  120.592411][ T4859]  ? panic+0x860/0x860
[  120.596570][ T4859]  ? rcu_is_watching+0x11/0xa0
[  120.601351][ T4859]  ? preempt_schedule_common+0xa6/0xd0
[  120.606935][ T4859]  panic+0x318/0x860
[  120.611101][ T4859]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  120.617351][ T4859]  ? check_panic_on_warn+0x1d/0xa0
[  120.622595][ T4859]  ? fb_is_primary_device+0xd0/0xd0
[  120.627914][ T4859]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  120.633923][ T4859]  ? _raw_spin_unlock+0x40/0x40
[  120.638978][ T4859]  check_panic_on_warn+0x7e/0xa0
[  120.644017][ T4859]  ? ntfs_readdir+0xed5/0x36f0
[  120.648976][ T4859]  end_report+0x6d/0xf0
[  120.653179][ T4859]  kasan_report+0x18e/0x1c0
[  120.657698][ T4859]  ? ntfs_readdir+0xed5/0x36f0
[  120.662484][ T4859]  ntfs_readdir+0xed5/0x36f0
[  120.667117][ T4859]  ? rwsem_write_trylock+0x166/0x210
[  120.672887][ T4859]  ? __fdget_pos+0x2cb/0x380
[  120.677506][ T4859]  ? clear_nonspinnable+0x60/0x60
[  120.682649][ T4859]  ? ntfs_unmap_page+0x1e0/0x1e0
[  120.687608][ T4859]  ? common_file_perm+0x17d/0x1d0
[  120.692632][ T4859]  iterate_dir+0x224/0x570
[  120.697051][ T4859]  __se_sys_getdents64+0x209/0x4f0
[  120.702260][ T4859]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  120.708347][ T4859]  ? __x64_sys_getdents64+0x80/0x80
[  120.713566][ T4859]  ? filldir+0x720/0x720
[  120.717811][ T4859]  ? syscall_enter_from_user_mode+0x2e/0x240
[  120.723875][ T4859]  ? lockdep_hardirqs_on+0x94/0x130
[  120.729212][ T4859]  ? syscall_enter_from_user_mode+0x2e/0x240
[  120.735208][ T4859]  do_syscall_64+0x3b/0xb0
[  120.739740][ T4859]  ? clear_bhb_loop+0x15/0x70
[  120.744439][ T4859]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  120.750440][ T4859] RIP: 0033:0x7f317b4c3693
[  120.755124][ T4859] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 82 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  120.775009][ T4859] RSP: 002b:00007ffff6a462a8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  120.783631][ T4859] RAX: ffffffffffffffda RBX: 0000555576f91640 RCX: 00007f317b4c3693
[  120.791608][ T4859] RDX: 0000000000008000 RSI: 0000555576f91640 RDI: 0000000000000006
[  120.799575][ T4859] RBP: 0000555576f91614 R08: 0000000000000000 R09: 0000000000000000
[  120.807544][ T4859] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  120.815520][ T4859] R13: 0000000000000016 R14: 0000555576f91610 R15: 0000000000000001
[  120.823512][ T4859]  </TASK>
[  120.826862][ T4859] Kernel Offset: disabled
[  120.831189][ T4859] Rebooting in 86400 seconds..