Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts.
2025/09/23 19:05:22 parsed 1 programs
[   97.543966][ T4640] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   98.905274][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.919720][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.930967][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.940962][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.948492][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   98.958176][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   99.866036][ T4680] chnl_net:caif_netlink_parms(): no params data found
[   99.926250][ T4680] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.933694][ T4680] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.943375][ T4680] device bridge_slave_0 entered promiscuous mode
[   99.953546][ T4680] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.961335][ T4680] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.970140][ T4680] device bridge_slave_1 entered promiscuous mode
[   99.998097][ T4680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.009823][ T4680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.040433][ T4680] team0: Port device team_slave_0 added
[  100.050167][ T4680] team0: Port device team_slave_1 added
[  100.075550][ T4680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.082785][ T4680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.110692][ T4680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.123678][ T4680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.132408][ T4680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.158767][ T4680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.198319][ T4680] device hsr_slave_0 entered promiscuous mode
[  100.205333][ T4680] device hsr_slave_1 entered promiscuous mode
[  100.920210][ T4680] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.929951][ T4680] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.942753][ T4680] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.976695][ T4680] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.074951][ T4680] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.118589][ T4680] 8021q: adding VLAN 0 to HW filter on device team0
[  101.125572][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.134037][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.147856][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.157894][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.166522][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.173708][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.220891][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  101.232036][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.242925][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.253003][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.260387][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.271629][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.281422][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.291868][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.303840][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.343256][ T4680] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  101.356571][ T4680] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  101.370739][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.380096][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.389428][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.398777][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.407496][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.415919][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.424796][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.433260][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.567827][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  101.575516][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  101.591924][ T4680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.628764][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  101.638684][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.682151][ T4680] device veth0_vlan entered promiscuous mode
[  101.692663][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.702658][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.732823][ T4680] device veth1_vlan entered promiscuous mode
[  101.741167][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.751409][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.760938][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  101.805238][ T4680] device veth0_macvtap entered promiscuous mode
[  101.815575][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  101.824502][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  101.836080][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.859710][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  101.872369][ T4680] device veth1_macvtap entered promiscuous mode
[  101.898399][ T4680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.905903][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  101.918312][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  101.928208][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  101.963457][ T4680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.973290][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  101.983254][ T4388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.997902][ T4680] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.013866][ T4680] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.023452][ T4680] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.033209][ T4680] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.731225][ T4388] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/23 19:05:31 executed programs: 0
[  104.541697][ T4868] chnl_net:caif_netlink_parms(): no params data found
[  104.606515][ T4868] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.615035][ T4868] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.624909][ T4868] device bridge_slave_0 entered promiscuous mode
[  104.634971][ T4868] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.643591][ T4868] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.653471][ T4868] device bridge_slave_1 entered promiscuous mode
[  104.686313][ T4868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.700693][ T4868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.733484][ T4868] team0: Port device team_slave_0 added
[  104.741852][ T4868] team0: Port device team_slave_1 added
[  104.765533][ T4868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.772731][ T4868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.799413][ T4868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.815295][ T4868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.822917][ T4868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.849532][ T4868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.889307][ T4868] device hsr_slave_0 entered promiscuous mode
[  104.896610][ T4868] device hsr_slave_1 entered promiscuous mode
[  104.903907][ T4868] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.912118][ T4868] Cannot create hsr debugfs directory
[  106.497164][ T1107] Bluetooth: hci0: command 0x0409 tx timeout
[  107.215105][ T4388] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.441809][ T4388] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.503802][ T4388] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.399114][ T4868] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  108.410034][ T4868] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  108.430919][ T4868] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  108.439832][ T4868] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  108.499673][ T4868] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.512721][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  108.521108][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  108.540465][ T4868] 8021q: adding VLAN 0 to HW filter on device team0
[  108.550822][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  108.559992][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  108.569370][ T4241] Bluetooth: hci0: command 0x041b tx timeout
[  108.577359][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.584489][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.600762][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  108.609643][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  108.618639][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  108.628076][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.635379][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.643701][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  108.652990][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  108.665629][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  108.674987][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  108.689295][ T4388] device hsr_slave_0 left promiscuous mode
[  108.696641][ T4388] device hsr_slave_1 left promiscuous mode
[  108.704166][ T4388] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.712101][ T4388] batman_adv: batadv0: Removing interface: batadv_slave_0
[  108.720111][ T4388] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.727797][ T4388] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.735497][ T4388] device bridge_slave_1 left promiscuous mode
[  108.742278][ T4388] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.751747][ T4388] device bridge_slave_0 left promiscuous mode
[  108.759284][ T4388] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.770948][ T4388] device veth1_macvtap left promiscuous mode
[  108.777211][ T4388] device veth0_macvtap left promiscuous mode
[  108.783309][ T4388] device veth1_vlan left promiscuous mode
[  108.789447][ T4388] device veth0_vlan left promiscuous mode
[  108.925634][ T4388] team0 (unregistering): Port device team_slave_1 removed
[  108.944267][ T4388] team0 (unregistering): Port device team_slave_0 removed
[  108.955663][ T4388] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.971090][ T4388] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.023729][ T4388] bond0 (unregistering): Released all slaves
[  109.101580][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  109.116452][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  109.125519][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  109.139241][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  109.148067][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  109.164913][ T4868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.176445][ T4868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  109.188156][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  109.198786][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  109.296500][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  109.305484][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  109.320346][ T4868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.343739][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  109.352868][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  109.372680][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  109.382502][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  109.391834][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  109.400449][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  109.412106][ T4868] device veth0_vlan entered promiscuous mode
[  109.424271][ T4868] device veth1_vlan entered promiscuous mode
[  109.441093][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  109.450713][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  109.459271][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  109.468948][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  109.482327][ T4868] device veth0_macvtap entered promiscuous mode
[  109.499295][ T4868] device veth1_macvtap entered promiscuous mode
[  109.519365][ T4868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.528006][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  109.538595][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  109.547170][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  109.556183][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  109.570525][ T4868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.579438][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  109.589326][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  109.601657][ T4868] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.610854][ T4868] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.620219][ T4868] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.631562][ T4868] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.695048][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.708729][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.731460][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2025/09/23 19:05:37 executed programs: 2
[  109.743154][ T1275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.751824][ T1275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.762941][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  109.860371][ T5109] loop0: detected capacity change from 0 to 4096
[  109.880260][ T5109] ntfs: (device loop0): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1.
[  109.914025][ T5109] ntfs: volume version 3.1.
[  109.924531][ T5109] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory.  Aborting lookup.
[  109.935188][ T5109] ntfs: (device loop0): load_and_init_usnjrnl(): Failed to find inode number for $UsnJrnl.
[  109.947357][ T5109] ntfs: (device loop0): load_system_files(): Failed to load $UsnJrnl.  Mounting read-only.  Run chkdsk.
[  109.970278][ T4868] ntfs: (device loop0): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set maccenteuro.  You might want to try to use the mount option nls=utf8.
[  109.990517][ T4868] ntfs: (device loop0): ntfs_filldir(): Skipping unrepresentable inode 0x4.
[  110.005730][ T4868] ==================================================================
[  110.014209][ T4868] BUG: KASAN: slab-out-of-bounds in ntfs_readdir+0xdda/0x3550
[  110.021810][ T4868] Read of size 1 at addr ffff88805cf9ed99 by task syz-executor/4868
[  110.029888][ T4868] 
[  110.032263][ T4868] CPU: 0 PID: 4868 Comm: syz-executor Not tainted syzkaller #0
[  110.039804][ T4868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  110.050183][ T4868] Call Trace:
[  110.053735][ T4868]  <TASK>
[  110.056777][ T4868]  dump_stack_lvl+0x168/0x230
[  110.061583][ T4868]  ? show_regs_print_info+0x20/0x20
[  110.066840][ T4868]  ? load_image+0x3b0/0x3b0
[  110.071366][ T4868]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  110.076747][ T4868]  print_address_description+0x60/0x2d0
[  110.082300][ T4868]  ? ntfs_readdir+0xdda/0x3550
[  110.087151][ T4868]  kasan_report+0xdf/0x130
[  110.091567][ T4868]  ? ntfs_readdir+0xdda/0x3550
[  110.096418][ T4868]  ntfs_readdir+0xdda/0x3550
[  110.101034][ T4868]  ? __might_sleep+0xf0/0xf0
[  110.105636][ T4868]  ? preempt_count_add+0x8d/0x190
[  110.110681][ T4868]  ? rwsem_write_trylock+0x12f/0x1b0
[  110.116009][ T4868]  ? clear_nonspinnable+0x60/0x60
[  110.121217][ T4868]  ? ntfs_unmap_page+0x200/0x200
[  110.126177][ T4868]  iterate_dir+0x218/0x560
[  110.130685][ T4868]  __se_sys_getdents64+0xe5/0x260
[  110.135726][ T4868]  ? __x64_sys_getdents64+0x80/0x80
[  110.140922][ T4868]  ? filldir+0x720/0x720
[  110.145523][ T4868]  ? vtime_user_exit+0x2dc/0x400
[  110.150521][ T4868]  ? lockdep_hardirqs_on+0x94/0x140
[  110.155819][ T4868]  do_syscall_64+0x4c/0xa0
[  110.160327][ T4868]  ? clear_bhb_loop+0x30/0x80
[  110.165166][ T4868]  ? clear_bhb_loop+0x30/0x80
[  110.169976][ T4868]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  110.175920][ T4868] RIP: 0033:0x7f8ee415e693
[  110.180340][ T4868] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 82 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  110.200225][ T4868] RSP: 002b:00007fff7c8efa48 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  110.208765][ T4868] RAX: ffffffffffffffda RBX: 000055558538e640 RCX: 00007f8ee415e693
[  110.216951][ T4868] RDX: 0000000000008000 RSI: 000055558538e640 RDI: 0000000000000006
[  110.225050][ T4868] RBP: 000055558538e614 R08: 0000000000000000 R09: 0000000000000000
[  110.233124][ T4868] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  110.241191][ T4868] R13: 0000000000000016 R14: 000055558538e610 R15: 0000000000000001
[  110.249185][ T4868]  </TASK>
[  110.252239][ T4868] 
[  110.254594][ T4868] Allocated by task 4868:
[  110.258978][ T4868]  __kasan_kmalloc+0xb5/0xf0
[  110.263595][ T4868]  ntfs_readdir+0x798/0x3550
[  110.268208][ T4868]  iterate_dir+0x218/0x560
[  110.272634][ T4868]  __se_sys_getdents64+0xe5/0x260
[  110.277668][ T4868]  do_syscall_64+0x4c/0xa0
[  110.282087][ T4868]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  110.287997][ T4868] 
[  110.290327][ T4868] Last potentially related work creation:
[  110.296039][ T4868]  kasan_save_stack+0x35/0x60
[  110.300720][ T4868]  kasan_record_aux_stack+0xb8/0x100
[  110.306088][ T4868]  insert_work+0x54/0x3d0
[  110.310421][ T4868]  __queue_work+0x9c5/0xd50
[  110.315112][ T4868]  call_timer_fn+0x16c/0x530
[  110.319707][ T4868]  __run_timers+0x550/0x7c0
[  110.324213][ T4868]  run_timer_softirq+0x63/0xf0
[  110.328992][ T4868]  handle_softirqs+0x328/0x820
[  110.333779][ T4868]  __irq_exit_rcu+0x12f/0x220
[  110.338453][ T4868]  irq_exit_rcu+0x5/0x20
[  110.342916][ T4868]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  110.348572][ T4868]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  110.354745][ T4868] 
[  110.357181][ T4868] Second to last potentially related work creation:
[  110.364037][ T4868]  kasan_save_stack+0x35/0x60
[  110.368831][ T4868]  kasan_record_aux_stack+0xb8/0x100
[  110.374132][ T4868]  call_rcu+0x182/0x930
[  110.378291][ T4868]  __ip6_del_rt+0xf1/0x150
[  110.382728][ T4868]  ip6_del_rt+0xb0/0xf0
[  110.386919][ T4868]  __ipv6_ifa_notify+0x81a/0xda0
[  110.391850][ T4868]  addrconf_ifdown+0xde7/0x1970
[  110.396713][ T4868]  addrconf_notify+0x445/0xf00
[  110.401500][ T4868]  raw_notifier_call_chain+0xcb/0x160
[  110.406881][ T4868]  dev_close_many+0x28d/0x400
[  110.411573][ T4868]  unregister_netdevice_many+0x472/0x18f0
[  110.417353][ T4868]  ip6gre_exit_batch_net+0x445/0x490
[  110.422640][ T4868]  cleanup_net+0x77b/0xb80
[  110.427073][ T4868]  process_one_work+0x863/0x1000
[  110.432005][ T4868]  worker_thread+0xaa8/0x12a0
[  110.436760][ T4868]  kthread+0x436/0x520
[  110.440828][ T4868]  ret_from_fork+0x1f/0x30
[  110.445257][ T4868] 
[  110.447590][ T4868] The buggy address belongs to the object at ffff88805cf9ec00
[  110.447590][ T4868]  which belongs to the cache kmalloc-512 of size 512
[  110.461647][ T4868] The buggy address is located 409 bytes inside of
[  110.461647][ T4868]  512-byte region [ffff88805cf9ec00, ffff88805cf9ee00)
[  110.475048][ T4868] The buggy address belongs to the page:
[  110.480690][ T4868] page:ffffea000173e700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5cf9c
[  110.490834][ T4868] head:ffffea000173e700 order:2 compound_mapcount:0 compound_pincount:0
[  110.499155][ T4868] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  110.507233][ T4868] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888016841c80
[  110.515812][ T4868] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  110.524393][ T4868] page dumped because: kasan: bad access detected
[  110.530888][ T4868] page_owner tracks the page as allocated
[  110.536583][ T4868] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4219, ts 64184404112, free_ts 14509951404
[  110.557143][ T4868]  get_page_from_freelist+0x1b77/0x1c60
[  110.562690][ T4868]  __alloc_pages+0x1e1/0x470
[  110.567267][ T4868]  new_slab+0xc0/0x4b0
[  110.571324][ T4868]  ___slab_alloc+0x81e/0xdf0
[  110.575894][ T4868]  __kmalloc+0x1cd/0x330
[  110.580114][ T4868]  fib6_info_alloc+0x2e/0xe0
[  110.584683][ T4868]  ip6_route_info_create+0x44f/0x1210
[  110.590054][ T4868]  ip6_route_add+0x24/0x130
[  110.594537][ T4868]  addrconf_prefix_route+0x20d/0x2b0
[  110.599815][ T4868]  inet6_addr_add+0x4ff/0x9c0
[  110.604479][ T4868]  inet6_rtm_newaddr+0x5d7/0x840
[  110.609487][ T4868]  rtnetlink_rcv_msg+0x9b9/0xe60
[  110.614410][ T4868]  netlink_rcv_skb+0x1e0/0x430
[  110.619159][ T4868]  netlink_unicast+0x774/0x920
[  110.623992][ T4868]  netlink_sendmsg+0x8ab/0xbc0
[  110.628764][ T4868]  __sys_sendto+0x423/0x580
[  110.633364][ T4868] page last free stack trace:
[  110.638116][ T4868]  free_unref_page_prepare+0x637/0x6c0
[  110.643566][ T4868]  free_unref_page+0x94/0x280
[  110.648258][ T4868]  free_contig_range+0x96/0xf0
[  110.653005][ T4868]  destroy_args+0x100/0xa20
[  110.657491][ T4868]  debug_vm_pgtable+0x318/0x370
[  110.662364][ T4868]  do_one_initcall+0x1ee/0x680
[  110.667149][ T4868]  do_initcall_level+0x137/0x1f0
[  110.672088][ T4868]  do_initcalls+0x4b/0x90
[  110.676506][ T4868]  kernel_init_freeable+0x3ce/0x560
[  110.681685][ T4868]  kernel_init+0x19/0x1b0
[  110.686036][ T4868]  ret_from_fork+0x1f/0x30
[  110.690534][ T4868] 
[  110.692870][ T4868] Memory state around the buggy address:
[  110.698477][ T4868]  ffff88805cf9ec80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  110.706714][ T4868]  ffff88805cf9ed00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[  110.714760][ T4868] >ffff88805cf9ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.722800][ T4868]                             ^
[  110.727633][ T4868]  ffff88805cf9ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.735678][ T4868]  ffff88805cf9ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  110.743723][ T4868] ==================================================================
[  110.751760][ T4868] Disabling lock debugging due to kernel taint
[  110.774712][ T4706] Bluetooth: hci0: command 0x040f tx timeout
[  110.780535][ T4868] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  110.788105][ T4868] CPU: 0 PID: 4868 Comm: syz-executor Tainted: G    B             syzkaller #0
[  110.797175][ T4868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  110.807259][ T4868] Call Trace:
[  110.810536][ T4868]  <TASK>
[  110.813451][ T4868]  dump_stack_lvl+0x168/0x230
[  110.818136][ T4868]  ? show_regs_print_info+0x20/0x20
[  110.823331][ T4868]  ? load_image+0x3b0/0x3b0
[  110.827837][ T4868]  panic+0x2c9/0x7f0
[  110.831831][ T4868]  ? bpf_jit_dump+0xd0/0xd0
[  110.836321][ T4868]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[  110.842286][ T4868]  ? _raw_spin_unlock+0x40/0x40
[  110.847115][ T4868]  ? ntfs_readdir+0xdda/0x3550
[  110.851856][ T4868]  check_panic_on_warn+0x80/0xa0
[  110.856786][ T4868]  ? ntfs_readdir+0xdda/0x3550
[  110.861533][ T4868]  end_report+0x6d/0xf0
[  110.865674][ T4868]  kasan_report+0x102/0x130
[  110.870239][ T4868]  ? ntfs_readdir+0xdda/0x3550
[  110.875106][ T4868]  ntfs_readdir+0xdda/0x3550
[  110.879702][ T4868]  ? __might_sleep+0xf0/0xf0
[  110.884311][ T4868]  ? preempt_count_add+0x8d/0x190
[  110.889444][ T4868]  ? rwsem_write_trylock+0x12f/0x1b0
[  110.894741][ T4868]  ? clear_nonspinnable+0x60/0x60
[  110.899884][ T4868]  ? ntfs_unmap_page+0x200/0x200
[  110.904984][ T4868]  iterate_dir+0x218/0x560
[  110.909413][ T4868]  __se_sys_getdents64+0xe5/0x260
[  110.914437][ T4868]  ? __x64_sys_getdents64+0x80/0x80
[  110.919634][ T4868]  ? filldir+0x720/0x720
[  110.923892][ T4868]  ? vtime_user_exit+0x2dc/0x400
[  110.928920][ T4868]  ? lockdep_hardirqs_on+0x94/0x140
[  110.934233][ T4868]  do_syscall_64+0x4c/0xa0
[  110.938653][ T4868]  ? clear_bhb_loop+0x30/0x80
[  110.943346][ T4868]  ? clear_bhb_loop+0x30/0x80
[  110.948289][ T4868]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  110.954196][ T4868] RIP: 0033:0x7f8ee415e693
[  110.958624][ T4868] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 82 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  110.978395][ T4868] RSP: 002b:00007fff7c8efa48 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  110.986809][ T4868] RAX: ffffffffffffffda RBX: 000055558538e640 RCX: 00007f8ee415e693
[  110.994785][ T4868] RDX: 0000000000008000 RSI: 000055558538e640 RDI: 0000000000000006
[  111.002741][ T4868] RBP: 000055558538e614 R08: 0000000000000000 R09: 0000000000000000
[  111.010719][ T4868] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  111.018693][ T4868] R13: 0000000000000016 R14: 000055558538e610 R15: 0000000000000001
[  111.026942][ T4868]  </TASK>
[  111.030492][ T4868] Kernel Offset: disabled
[  111.034858][ T4868] Rebooting in 86400 seconds..