Warning: Permanently added '10.128.1.227' (ED25519) to the list of known hosts.
2026/02/21 22:17:38 parsed 1 programs
syzkaller login: [ 70.241719][ T4190] cgroup: Unknown subsys name 'net'
[ 70.372443][ T4190] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 71.288788][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.295358][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.891327][ T4190] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 73.830646][ T4221] chnl_net:caif_netlink_parms(): no params data found
[ 73.884522][ T4221] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.892273][ T4221] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.900390][ T4221] device bridge_slave_0 entered promiscuous mode
[ 73.909867][ T4221] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.917095][ T4221] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.925322][ T4221] device bridge_slave_1 entered promiscuous mode
[ 73.948606][ T4221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.961125][ T4221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.993122][ T4221] team0: Port device team_slave_0 added
[ 74.002622][ T4221] team0: Port device team_slave_1 added
[ 74.027839][ T4221] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.034827][ T4221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.062490][ T4221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.077748][ T4221] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.084734][ T4221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.112122][ T4221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.153661][ T4221] device hsr_slave_0 entered promiscuous mode
[ 74.162254][ T4221] device hsr_slave_1 entered promiscuous mode
[ 74.308223][ T4221] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 74.320755][ T4221] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 74.332391][ T4221] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 74.342479][ T4221] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 74.379640][ T4221] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.387031][ T4221] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.395315][ T4221] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.402431][ T4221] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.473998][ T4221] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.494330][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 74.508702][ T1245] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.518075][ T1245] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.533609][ T4221] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.547790][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 74.556523][ T1245] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.563623][ T1245] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.576521][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 74.586669][ T3086] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.593763][ T3086] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.619026][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 74.629795][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 74.649327][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 74.668625][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 74.678223][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 74.690709][ T4221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 74.818709][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 74.826955][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 74.840781][ T4221] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.862483][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 74.873470][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 74.897665][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 74.907374][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 74.921880][ T4221] device veth0_vlan entered promiscuous mode
[ 74.929878][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 74.938707][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 74.952422][ T4221] device veth1_vlan entered promiscuous mode
[ 74.978765][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 74.988506][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 74.997421][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 75.006859][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 75.018716][ T4221] device veth0_macvtap entered promiscuous mode
[ 75.030711][ T4221] device veth1_macvtap entered promiscuous mode
[ 75.050999][ T4221] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.060701][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 75.070336][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 75.078926][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 75.087929][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 75.101428][ T4221] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.109585][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 75.119259][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 75.133439][ T4221] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.143394][ T4221] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.152383][ T4221] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.163160][ T4221] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.281303][ T4221] syz-executor (4221) used greatest stack depth: 21136 bytes left
[ 75.400018][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.415345][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.435825][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 75.452666][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.461013][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.469166][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 75.691383][ T155] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.811400][ T155] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.190764][ T155] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 80.252467][ T155] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 81.960361][ T155] device hsr_slave_0 left promiscuous mode
[ 81.973303][ T155] device hsr_slave_1 left promiscuous mode
[ 81.980341][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 81.989516][ T155] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 81.998980][ T155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 82.008284][ T155] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 82.016785][ T155] device bridge_slave_1 left promiscuous mode
[ 82.023871][ T155] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.042134][ T155] device bridge_slave_0 left promiscuous mode
[ 82.049719][ T155] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.074068][ T155] device veth1_macvtap left promiscuous mode
[ 82.080516][ T155] device veth0_macvtap left promiscuous mode
[ 82.087878][ T155] device veth1_vlan left promiscuous mode
[ 82.093899][ T155] device veth0_vlan left promiscuous mode
[ 82.302367][ T155] team0 (unregistering): Port device team_slave_1 removed
[ 82.317113][ T155] team0 (unregistering): Port device team_slave_0 removed
[ 82.332206][ T155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 82.346771][ T155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 82.404764][ T155] bond0 (unregistering): Released all slaves
2026/02/21 22:17:54 executed programs: 0
[ 83.583687][ T4346] chnl_net:caif_netlink_parms(): no params data found
[ 83.670078][ T4346] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.692203][ T4346] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.706137][ T4346] device bridge_slave_0 entered promiscuous mode
[ 83.724654][ T4346] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.732024][ T4346] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.740757][ T4346] device bridge_slave_1 entered promiscuous mode
[ 83.784780][ T4346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.796770][ T4346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.828650][ T4346] team0: Port device team_slave_0 added
[ 83.838248][ T4346] team0: Port device team_slave_1 added
[ 83.868129][ T4346] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.876929][ T4346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.903427][ T4346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.916985][ T4346] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.923958][ T4346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 83.951116][ T4346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.995931][ T4346] device hsr_slave_0 entered promiscuous mode
[ 84.002831][ T4346] device hsr_slave_1 entered promiscuous mode
[ 84.653162][ T4346] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.662957][ T4346] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.677877][ T4346] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.698101][ T4346] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.821625][ T4346] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.838242][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 84.846756][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 84.858519][ T4346] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.879732][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 84.889139][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 84.898547][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.905694][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.933941][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 84.951757][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 84.978999][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 84.992543][ T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.999722][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.007801][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 85.047499][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 85.057073][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 85.073663][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 85.089935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 85.099537][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 85.115485][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 85.130731][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 85.151546][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 85.167056][ T4346] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 85.180384][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 85.188462][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 85.209356][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 85.366584][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 85.376394][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 85.390162][ T4346] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.411044][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 85.420592][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 85.442426][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 85.451112][ T4229] Bluetooth: hci0: command 0x0409 tx timeout
[ 85.458339][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 85.471088][ T4346] device veth0_vlan entered promiscuous mode
[ 85.481235][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 85.490520][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 85.505602][ T4346] device veth1_vlan entered promiscuous mode
[ 85.531498][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 85.541611][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 85.551024][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 85.560890][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 85.575533][ T4346] device veth0_macvtap entered promiscuous mode
[ 85.587132][ T4346] device veth1_macvtap entered promiscuous mode
[ 85.611199][ T4346] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.618851][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 85.629033][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 85.637711][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 85.648092][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 85.685617][ T4346] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 85.692994][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 85.702946][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 85.714616][ T4346] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.725457][ T4346] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.734197][ T4346] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.744075][ T4346] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.864231][ T3086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.876107][ T3086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.887231][ T3086] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.912096][ T3086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.921237][ T3086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.958788][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 86.078367][ T4431] loop0: detected capacity change from 0 to 4096
[ 86.096477][ T4431] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 86.189633][ T4431] ntfs: volume version 3.1.
[ 86.237349][ T4431] ==================================================================
[ 86.245686][ T4431] BUG: KASAN: use-after-free in ntfs_readpage+0x85a/0x2260
[ 86.252941][ T4431] Read of size 10 at addr ffff88805fc25170 by task syz.0.17/4431
[ 86.260701][ T4431]
[ 86.263083][ T4431] CPU: 0 PID: 4431 Comm: syz.0.17 Not tainted syzkaller #0
[ 86.270308][ T4431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 86.280415][ T4431] Call Trace:
[ 86.283738][ T4431]
[ 86.286704][ T4431] dump_stack_lvl+0x188/0x250
[ 86.291436][ T4431] ? show_regs_print_info+0x20/0x20
[ 86.296677][ T4431] ? _printk+0xda/0x130
[ 86.300880][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 86.305781][ T4431] ? load_image+0x400/0x400
[ 86.310353][ T4431] print_address_description+0x60/0x2d0
[ 86.315938][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 86.320834][ T4431] kasan_report+0xdf/0x130
[ 86.325297][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 86.330213][ T4431] kasan_check_range+0x235/0x290
[ 86.335189][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 86.340081][ T4431] memcpy+0x25/0x60
[ 86.343925][ T4431] ntfs_readpage+0x85a/0x2260
[ 86.348650][ T4431] ? rcu_lock_release+0x5/0x20
[ 86.353507][ T4431] ? ntfs_writepage+0x1360/0x1360
[ 86.358575][ T4431] ? xa_load+0x276/0x2a0
[ 86.362879][ T4431] ? readahead_page+0x299/0x3d0
[ 86.367797][ T4431] ? ntfs_writepage+0x1360/0x1360
[ 86.372857][ T4431] read_pages+0x61f/0x930
[ 86.377330][ T4431] ? page_cache_ra_unbounded+0x940/0x940
[ 86.383010][ T4431] ? add_to_page_cache_lru+0x2a8/0x4a0
[ 86.388527][ T4431] page_cache_ra_unbounded+0x838/0x940
[ 86.394046][ T4431] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[ 86.400625][ T4431] filemap_read+0x5de/0x2540
[ 86.405437][ T4431] ? rcu_lock_release+0x5/0x20
[ 86.410370][ T4431] ? find_get_pages_range_tag+0x470/0x470
[ 86.416150][ T4431] ? __kernel_text_address+0x9a/0x100
[ 86.421579][ T4431] ? unwind_get_return_address+0x49/0x80
[ 86.427282][ T4431] ? generic_file_read_iter+0x96/0x490
[ 86.432782][ T4431] ? memset+0x1e/0x40
[ 86.436814][ T4431] ? iov_iter_kvec+0xb4/0x170
[ 86.441535][ T4431] __kernel_read+0x517/0x960
[ 86.446167][ T4431] ? __kasan_kmalloc+0xcc/0xf0
[ 86.451052][ T4431] ? __kasan_kmalloc+0xb5/0xf0
[ 86.455868][ T4431] ? rw_verify_area+0x1b0/0x1b0
[ 86.460786][ T4431] integrity_kernel_read+0x86/0xd0
[ 86.465934][ T4431] ? integrity_inode_free+0x170/0x170
[ 86.471359][ T4431] ima_calc_file_hash+0x931/0x1920
[ 86.476510][ T4431] ? mark_lock+0x94/0x320
[ 86.480881][ T4431] ? __lock_acquire+0x13bc/0x7d10
[ 86.485957][ T4431] ? ima_alloc_tfm+0x2f0/0x2f0
[ 86.490823][ T4431] ? __mutex_trylock_common+0x155/0x260
[ 86.496418][ T4431] ? rcu_lock_release+0x20/0x20
[ 86.501323][ T4431] ima_collect_measurement+0x337/0x7c0
[ 86.506839][ T4431] ? ima_get_action+0xa0/0xa0
[ 86.511594][ T4431] process_measurement+0x113a/0x1ba0
[ 86.517014][ T4431] ? ima_file_mmap+0x150/0x150
[ 86.521792][ T4431] ? tomoyo_check_path_number_acl+0x280/0x280
[ 86.527899][ T4431] ima_file_check+0xc7/0x110
[ 86.532608][ T4431] ? ima_bprm_check+0x200/0x200
[ 86.537487][ T4431] path_openat+0x27a8/0x2fa0
[ 86.542103][ T4431] ? do_filp_open+0x410/0x410
[ 86.546797][ T4431] do_filp_open+0x1e2/0x410
[ 86.551307][ T4431] ? vfs_tmpfile+0x300/0x300
[ 86.555910][ T4431] ? _raw_spin_unlock+0x24/0x40
[ 86.560757][ T4431] ? alloc_fd+0x598/0x630
[ 86.565214][ T4431] do_sys_openat2+0x150/0x4b0
[ 86.569889][ T4431] ? __lock_acquire+0x7d10/0x7d10
[ 86.574926][ T4431] ? do_sys_open+0xe0/0xe0
[ 86.579353][ T4431] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 86.585336][ T4431] ? lock_chain_count+0x20/0x20
[ 86.590190][ T4431] ? vtime_user_exit+0x2c8/0x3e0
[ 86.595145][ T4431] __x64_sys_openat+0x135/0x160
[ 86.600032][ T4431] do_syscall_64+0x4c/0xa0
[ 86.604485][ T4431] ? clear_bhb_loop+0x30/0x80
[ 86.609378][ T4431] ? clear_bhb_loop+0x30/0x80
[ 86.614230][ T4431] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.620236][ T4431] RIP: 0033:0x7ff288dac629
[ 86.624753][ T4431] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.644630][ T4431] RSP: 002b:00007ffcc8b7a728 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 86.653152][ T4431] RAX: ffffffffffffffda RBX: 00007ff289025fa0 RCX: 00007ff288dac629
[ 86.658643][ T21] cfg80211: failed to load regulatory.db
[ 86.661160][ T4431] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 86.674794][ T4431] RBP: 00007ff288e42b39 R08: 0000000000000000 R09: 0000000000000000
[ 86.682811][ T4431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 86.690814][ T4431] R13: 00007ff289025fac R14: 00007ff289025fa0 R15: 00007ff289025fa0
[ 86.699000][ T4431]
[ 86.702020][ T4431]
[ 86.704342][ T4431] The buggy address belongs to the page:
[ 86.709992][ T4431] page:ffffea00017f0940 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x5fc25
[ 86.720241][ T4431] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 86.727384][ T4431] raw: 00fff00000000000 ffffea000180f148 ffffea0001a60d08 0000000000000000
[ 86.735974][ T4431] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 86.744552][ T4431] page dumped because: kasan: bad access detected
[ 86.751065][ T4431] page_owner tracks the page as freed
[ 86.756457][ T4431] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100cca(GFP_HIGHUSER_MOVABLE), pid 4433, ts 86063269461, free_ts 86086227585
[ 86.771077][ T4431] get_page_from_freelist+0x1bbd/0x1ca0
[ 86.776635][ T4431] __alloc_pages+0x1ee/0x480
[ 86.781230][ T4431] alloc_pages_vma+0x393/0x7c0
[ 86.785994][ T4431] handle_mm_fault+0x1bd4/0x4410
[ 86.790932][ T4431] do_user_addr_fault+0x489/0xc80
[ 86.795956][ T4431] exc_page_fault+0x60/0x100
[ 86.800565][ T4431] asm_exc_page_fault+0x22/0x30
[ 86.805417][ T4431] page last free stack trace:
[ 86.810090][ T4431] free_unref_page_prepare+0x637/0x6c0
[ 86.815558][ T4431] free_unref_page_list+0x119/0x820
[ 86.820755][ T4431] release_pages+0x186c/0x1be0
[ 86.825517][ T4431] tlb_finish_mmu+0x176/0x300
[ 86.830193][ T4431] exit_mmap+0x3d0/0x640
[ 86.834434][ T4431] __mmput+0x115/0x3b0
[ 86.838538][ T4431] exit_mm+0x588/0x6e0
[ 86.842607][ T4431] do_exit+0x5a9/0x20c0
[ 86.846762][ T4431] do_group_exit+0x12e/0x300
[ 86.851377][ T4431] __x64_sys_exit_group+0x3b/0x40
[ 86.856430][ T4431] do_syscall_64+0x4c/0xa0
[ 86.860892][ T4431] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 86.866787][ T4431]
[ 86.869109][ T4431] Memory state around the buggy address:
[ 86.874742][ T4431] ffff88805fc25000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.883221][ T4431] ffff88805fc25080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.891300][ T4431] >ffff88805fc25100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.899402][ T4431] ^
[ 86.907443][ T4431] ffff88805fc25180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.915955][ T4431] ffff88805fc25200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.924198][ T4431] ==================================================================
[ 86.932274][ T4431] Disabling lock debugging due to kernel taint
[ 86.939721][ T4431] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.946953][ T4431] CPU: 0 PID: 4431 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 86.955595][ T4431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 86.965681][ T4431] Call Trace:
[ 86.968990][ T4431]
[ 86.971939][ T4431] dump_stack_lvl+0x188/0x250
[ 86.976658][ T4431] ? show_regs_print_info+0x20/0x20
[ 86.981974][ T4431] ? load_image+0x400/0x400
[ 86.986508][ T4431] panic+0x2e5/0x810
[ 86.990423][ T4431] ? bpf_jit_dump+0xd0/0xd0
[ 86.994965][ T4431] ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 87.000976][ T4431] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 87.006967][ T4431] ? _raw_spin_unlock+0x40/0x40
[ 87.011833][ T4431] ? print_memory_metadata+0x314/0x400
[ 87.017324][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 87.022209][ T4431] check_panic_on_warn+0x80/0xa0
[ 87.027175][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 87.032148][ T4431] end_report+0x6d/0xf0
[ 87.036336][ T4431] kasan_report+0x102/0x130
[ 87.040870][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 87.045750][ T4431] kasan_check_range+0x235/0x290
[ 87.050716][ T4431] ? ntfs_readpage+0x85a/0x2260
[ 87.055603][ T4431] memcpy+0x25/0x60
[ 87.059454][ T4431] ntfs_readpage+0x85a/0x2260
[ 87.064165][ T4431] ? rcu_lock_release+0x5/0x20
[ 87.068962][ T4431] ? ntfs_writepage+0x1360/0x1360
[ 87.074010][ T4431] ? xa_load+0x276/0x2a0
[ 87.078280][ T4431] ? readahead_page+0x299/0x3d0
[ 87.083160][ T4431] ? ntfs_writepage+0x1360/0x1360
[ 87.088208][ T4431] read_pages+0x61f/0x930
[ 87.092592][ T4431] ? page_cache_ra_unbounded+0x940/0x940
[ 87.098354][ T4431] ? add_to_page_cache_lru+0x2a8/0x4a0
[ 87.104025][ T4431] page_cache_ra_unbounded+0x838/0x940
[ 87.109615][ T4431] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[ 87.116152][ T4431] filemap_read+0x5de/0x2540
[ 87.120789][ T4431] ? rcu_lock_release+0x5/0x20
[ 87.125594][ T4431] ? find_get_pages_range_tag+0x470/0x470
[ 87.131342][ T4431] ? __kernel_text_address+0x9a/0x100
[ 87.136751][ T4431] ? unwind_get_return_address+0x49/0x80
[ 87.142417][ T4431] ? generic_file_read_iter+0x96/0x490
[ 87.147898][ T4431] ? memset+0x1e/0x40
[ 87.151911][ T4431] ? iov_iter_kvec+0xb4/0x170
[ 87.156706][ T4431] __kernel_read+0x517/0x960
[ 87.161327][ T4431] ? __kasan_kmalloc+0xcc/0xf0
[ 87.166207][ T4431] ? __kasan_kmalloc+0xb5/0xf0
[ 87.171002][ T4431] ? rw_verify_area+0x1b0/0x1b0
[ 87.175889][ T4431] integrity_kernel_read+0x86/0xd0
[ 87.181029][ T4431] ? integrity_inode_free+0x170/0x170
[ 87.186422][ T4431] ima_calc_file_hash+0x931/0x1920
[ 87.191565][ T4431] ? mark_lock+0x94/0x320
[ 87.195907][ T4431] ? __lock_acquire+0x13bc/0x7d10
[ 87.200970][ T4431] ? ima_alloc_tfm+0x2f0/0x2f0
[ 87.205787][ T4431] ? __mutex_trylock_common+0x155/0x260
[ 87.211373][ T4431] ? rcu_lock_release+0x20/0x20
[ 87.216278][ T4431] ima_collect_measurement+0x337/0x7c0
[ 87.221783][ T4431] ? ima_get_action+0xa0/0xa0
[ 87.226498][ T4431] process_measurement+0x113a/0x1ba0
[ 87.231821][ T4431] ? ima_file_mmap+0x150/0x150
[ 87.236607][ T4431] ? tomoyo_check_path_number_acl+0x280/0x280
[ 87.242719][ T4431] ima_file_check+0xc7/0x110
[ 87.247347][ T4431] ? ima_bprm_check+0x200/0x200
[ 87.252236][ T4431] path_openat+0x27a8/0x2fa0
[ 87.256862][ T4431] ? do_filp_open+0x410/0x410
[ 87.261573][ T4431] do_filp_open+0x1e2/0x410
[ 87.266099][ T4431] ? vfs_tmpfile+0x300/0x300
[ 87.270724][ T4431] ? _raw_spin_unlock+0x24/0x40
[ 87.275598][ T4431] ? alloc_fd+0x598/0x630
[ 87.279951][ T4431] do_sys_openat2+0x150/0x4b0
[ 87.284653][ T4431] ? __lock_acquire+0x7d10/0x7d10
[ 87.289738][ T4431] ? do_sys_open+0xe0/0xe0
[ 87.294185][ T4431] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 87.300260][ T4431] ? lock_chain_count+0x20/0x20
[ 87.305139][ T4431] ? vtime_user_exit+0x2c8/0x3e0
[ 87.310103][ T4431] __x64_sys_openat+0x135/0x160
[ 87.314981][ T4431] do_syscall_64+0x4c/0xa0
[ 87.319429][ T4431] ? clear_bhb_loop+0x30/0x80
[ 87.324135][ T4431] ? clear_bhb_loop+0x30/0x80
[ 87.328869][ T4431] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 87.334886][ T4431] RIP: 0033:0x7ff288dac629
[ 87.339323][ T4431] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 87.358964][ T4431] RSP: 002b:00007ffcc8b7a728 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 87.367554][ T4431] RAX: ffffffffffffffda RBX: 00007ff289025fa0 RCX: 00007ff288dac629
[ 87.375552][ T4431] RDX: 0000000000141842 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 87.383529][ T4431] RBP: 00007ff288e42b39 R08: 0000000000000000 R09: 0000000000000000
[ 87.391500][ T4431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 87.399486][ T4431] R13: 00007ff289025fac R14: 00007ff289025fa0 R15: 00007ff289025fa0
[ 87.407499][ T4431]
[ 87.410817][ T4431] Kernel Offset: disabled
[ 87.415208][ T4431] Rebooting in 86400 seconds..