Warning: Permanently added '10.128.1.44' (ED25519) to the list of known hosts.
2026/02/22 04:08:14 parsed 1 programs
syzkaller login: [ 64.830369][ T4188] cgroup: Unknown subsys name 'net'
[ 64.963527][ T4188] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 66.457611][ T4188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 68.987718][ T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.995737][ T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.020959][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 69.038880][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.047769][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.056307][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 70.329711][ T4268] chnl_net:caif_netlink_parms(): no params data found
[ 70.378028][ T4268] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.385425][ T4268] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.394095][ T4268] device bridge_slave_0 entered promiscuous mode
[ 70.404314][ T4268] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.411496][ T4268] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.419791][ T4268] device bridge_slave_1 entered promiscuous mode
[ 70.459989][ T4268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 70.471319][ T4268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 70.496781][ T4268] team0: Port device team_slave_0 added
[ 70.523518][ T4268] team0: Port device team_slave_1 added
[ 70.540725][ T4268] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.548110][ T4268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.574699][ T4268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.587627][ T4268] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.594650][ T4268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 70.620634][ T4268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.672011][ T4268] device hsr_slave_0 entered promiscuous mode
[ 70.679063][ T4268] device hsr_slave_1 entered promiscuous mode
[ 70.812807][ T4268] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 70.823457][ T4268] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 70.832880][ T4268] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 70.842467][ T4268] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 70.886876][ T4268] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.894126][ T4268] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 70.902304][ T4268] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.909444][ T4268] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 70.991228][ T4268] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.022545][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 71.031989][ T1278] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.040992][ T1278] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.050061][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 71.064356][ T4268] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.076669][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 71.085705][ T1278] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.092847][ T1278] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.123990][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 71.133886][ T1278] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.141021][ T1278] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.160573][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 71.170872][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 71.183250][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 71.196977][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 71.225889][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 71.237668][ T4268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 71.341512][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.348397][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.390937][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 71.399069][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 71.415735][ T4268] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.443184][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 71.459434][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 71.481232][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 71.492534][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 71.505994][ T4268] device veth0_vlan entered promiscuous mode
[ 71.515788][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 71.524310][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 71.537214][ T4268] device veth1_vlan entered promiscuous mode
[ 71.562219][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 71.572972][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 71.582679][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 71.591689][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 71.603774][ T4268] device veth0_macvtap entered promiscuous mode
[ 71.616386][ T4268] device veth1_macvtap entered promiscuous mode
[ 71.636059][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 71.646200][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 71.655355][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 71.666137][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 71.675815][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 71.689486][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 71.697306][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 71.716678][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 71.728711][ T4268] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.738991][ T4268] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.748575][ T4268] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.758610][ T4268] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/02/22 04:08:24 executed programs: 0
[ 72.591495][ T4296] chnl_net:caif_netlink_parms(): no params data found
[ 72.653905][ T4296] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.661213][ T4296] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.669552][ T4296] device bridge_slave_0 entered promiscuous mode
[ 72.679500][ T4296] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.686705][ T4296] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.694959][ T4296] device bridge_slave_1 entered promiscuous mode
[ 72.722032][ T4296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 72.734924][ T4296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 72.762454][ T4296] team0: Port device team_slave_0 added
[ 72.770712][ T4296] team0: Port device team_slave_1 added
[ 72.796612][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 72.803881][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 72.829878][ T4296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 72.843285][ T4296] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 72.850369][ T4296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 72.876748][ T4296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 72.913578][ T4296] device hsr_slave_0 entered promiscuous mode
[ 72.920897][ T4296] device hsr_slave_1 entered promiscuous mode
[ 72.927875][ T4296] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 72.935850][ T4296] Cannot create hsr debugfs directory
[ 73.035366][ T4296] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.457808][ T4255] Bluetooth: hci0: command 0x0409 tx timeout
[ 76.133737][ T4296] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.547373][ T4253] Bluetooth: hci0: command 0x041b tx timeout
[ 76.823444][ T4296] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.894975][ T4296] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.991937][ T4296] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 77.007833][ T4296] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 77.017332][ T4296] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 77.027445][ T4296] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 77.086206][ T4296] 8021q: adding VLAN 0 to HW filter on device bond0
[ 77.112612][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 77.120818][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 77.131791][ T4296] 8021q: adding VLAN 0 to HW filter on device team0
[ 77.156399][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 77.165938][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 77.174914][ T154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.182047][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 77.192052][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 77.219087][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 77.229343][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 77.238226][ T155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.245463][ T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 77.270855][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 77.280962][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 77.293442][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 77.302587][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 77.311563][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 77.326048][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 77.335210][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 77.360705][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 77.369414][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 77.378061][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 77.386582][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 77.397913][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 77.416140][ T144] device hsr_slave_0 left promiscuous mode
[ 77.425090][ T144] device hsr_slave_1 left promiscuous mode
[ 77.434008][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 77.443070][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 77.454144][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 77.462263][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 77.470397][ T144] device bridge_slave_1 left promiscuous mode
[ 77.477714][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.497883][ T144] device bridge_slave_0 left promiscuous mode
[ 77.504163][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.524051][ T144] device veth1_macvtap left promiscuous mode
[ 77.530525][ T144] device veth0_macvtap left promiscuous mode
[ 77.536591][ T144] device veth1_vlan left promiscuous mode
[ 77.543372][ T144] device veth0_vlan left promiscuous mode
[ 77.713408][ T144] team0 (unregistering): Port device team_slave_1 removed
[ 77.731544][ T144] team0 (unregistering): Port device team_slave_0 removed
[ 77.745063][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 77.763492][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 77.821154][ T144] bond0 (unregistering): Released all slaves
[ 77.910171][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 77.920600][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 77.933670][ T4296] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 77.958566][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 77.973348][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 77.994383][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 78.003423][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 78.013061][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 78.020978][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 78.037302][ T4296] device veth0_vlan entered promiscuous mode
[ 78.049448][ T4296] device veth1_vlan entered promiscuous mode
[ 78.070915][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 78.079151][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 78.087443][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 78.095915][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 78.107272][ T4296] device veth0_macvtap entered promiscuous mode
[ 78.117708][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 78.132494][ T4296] device veth1_macvtap entered promiscuous mode
[ 78.152225][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 78.160750][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 78.170274][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 78.182265][ T4296] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 78.190058][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 78.199161][ T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 78.212834][ T4296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.222368][ T4296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.231201][ T4296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.240373][ T4296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 78.305072][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 78.316510][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 78.337514][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2026/02/22 04:08:30 executed programs: 2
[ 78.353681][ T1278] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 78.363073][ T1278] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 78.373322][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 78.470792][ T4314] loop0: detected capacity change from 0 to 4096
[ 78.519818][ T4314] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[ 78.579175][ T4314] ntfs: volume version 3.1.
[ 78.610238][ T4314] ==================================================================
[ 78.617216][ T4252] Bluetooth: hci0: command 0x040f tx timeout
[ 78.618529][ T4314] BUG: KASAN: use-after-free in ntfs_readpage+0x85a/0x2260
[ 78.631729][ T4314] Read of size 10 at addr ffff8880695ce170 by task syz.0.17/4314
[ 78.639478][ T4314]
[ 78.641853][ T4314] CPU: 1 PID: 4314 Comm: syz.0.17 Not tainted syzkaller #0
[ 78.649079][ T4314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 78.659177][ T4314] Call Trace:
[ 78.662484][ T4314]
[ 78.665435][ T4314] dump_stack_lvl+0x188/0x250
[ 78.670149][ T4314] ? show_regs_print_info+0x20/0x20
[ 78.675392][ T4314] ? _printk+0xda/0x130
[ 78.679590][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 78.684488][ T4314] ? load_image+0x400/0x400
[ 78.689056][ T4314] print_address_description+0x60/0x2d0
[ 78.694634][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 78.699517][ T4314] kasan_report+0xdf/0x130
[ 78.703967][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 78.708856][ T4314] kasan_check_range+0x235/0x290
[ 78.713820][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 78.718709][ T4314] memcpy+0x25/0x60
[ 78.722554][ T4314] ntfs_readpage+0x85a/0x2260
[ 78.727255][ T4314] ? rcu_lock_release+0x5/0x20
[ 78.732070][ T4314] ? ntfs_writepage+0x1360/0x1360
[ 78.737125][ T4314] ? xa_load+0x276/0x2a0
[ 78.741400][ T4314] ? readahead_page+0x299/0x3d0
[ 78.746273][ T4314] ? ntfs_writepage+0x1360/0x1360
[ 78.751324][ T4314] read_pages+0x61f/0x930
[ 78.755686][ T4314] ? page_cache_ra_unbounded+0x940/0x940
[ 78.761361][ T4314] ? add_to_page_cache_lru+0x2a8/0x4a0
[ 78.766857][ T4314] page_cache_ra_unbounded+0x838/0x940
[ 78.772373][ T4314] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[ 78.778919][ T4314] filemap_read+0x5de/0x2540
[ 78.783548][ T4314] ? rcu_lock_release+0x5/0x20
[ 78.788387][ T4314] ? find_get_pages_range_tag+0x470/0x470
[ 78.794154][ T4314] ? __kernel_text_address+0x9a/0x100
[ 78.799574][ T4314] ? unwind_get_return_address+0x49/0x80
[ 78.805273][ T4314] ? generic_file_read_iter+0x96/0x490
[ 78.810769][ T4314] ? memset+0x1e/0x40
[ 78.814794][ T4314] ? iov_iter_kvec+0xb4/0x170
[ 78.819522][ T4314] __kernel_read+0x517/0x960
[ 78.824169][ T4314] ? __kasan_kmalloc+0xcc/0xf0
[ 78.828965][ T4314] ? __kasan_kmalloc+0xb5/0xf0
[ 78.833771][ T4314] ? rw_verify_area+0x1b0/0x1b0
[ 78.838732][ T4314] integrity_kernel_read+0x86/0xd0
[ 78.843890][ T4314] ? integrity_inode_free+0x170/0x170
[ 78.849324][ T4314] ima_calc_file_hash+0x931/0x1920
[ 78.854482][ T4314] ? mark_lock+0x94/0x320
[ 78.858854][ T4314] ? __lock_acquire+0x13bc/0x7d10
[ 78.863926][ T4314] ? ima_alloc_tfm+0x2f0/0x2f0
[ 78.868782][ T4314] ? __mutex_trylock_common+0x155/0x260
[ 78.874361][ T4314] ? rcu_lock_release+0x20/0x20
[ 78.879266][ T4314] ima_collect_measurement+0x337/0x7c0
[ 78.884785][ T4314] ? ima_get_action+0xa0/0xa0
[ 78.889521][ T4314] process_measurement+0x113a/0x1ba0
[ 78.894860][ T4314] ? ima_file_mmap+0x150/0x150
[ 78.899660][ T4314] ? tomoyo_check_path_number_acl+0x280/0x280
[ 78.905824][ T4314] ima_file_check+0xc7/0x110
[ 78.910450][ T4314] ? ima_bprm_check+0x200/0x200
[ 78.915341][ T4314] path_openat+0x27a8/0x2fa0
[ 78.919995][ T4314] ? do_filp_open+0x410/0x410
[ 78.924722][ T4314] do_filp_open+0x1e2/0x410
[ 78.929267][ T4314] ? vfs_tmpfile+0x300/0x300
[ 78.933904][ T4314] ? _raw_spin_unlock+0x24/0x40
[ 78.938777][ T4314] ? alloc_fd+0x598/0x630
[ 78.943153][ T4314] do_sys_openat2+0x150/0x4b0
[ 78.947896][ T4314] ? __lock_acquire+0x7d10/0x7d10
[ 78.952980][ T4314] ? do_sys_open+0xe0/0xe0
[ 78.957440][ T4314] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 78.963459][ T4314] ? lock_chain_count+0x20/0x20
[ 78.968349][ T4314] ? vtime_user_exit+0x2c8/0x3e0
[ 78.973325][ T4314] __x64_sys_openat+0x135/0x160
[ 78.978217][ T4314] do_syscall_64+0x4c/0xa0
[ 78.982662][ T4314] ? clear_bhb_loop+0x30/0x80
[ 78.987372][ T4314] ? clear_bhb_loop+0x30/0x80
[ 78.992081][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 78.998014][ T4314] RIP: 0033:0x7f5d721a1629
[ 79.002462][ T4314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 79.022110][ T4314] RSP: 002b:00007fff93b4af98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 79.030569][ T4314] RAX: ffffffffffffffda RBX: 00007f5d7241afa0 RCX: 00007f5d721a1629
[ 79.038579][ T4314] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 79.046584][ T4314] RBP: 00007f5d72237b39 R08: 0000000000000000 R09: 0000000000000000
[ 79.054590][ T4314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 79.062594][ T4314] R13: 00007f5d7241afac R14: 00007f5d7241afa0 R15: 00007f5d7241afa0
[ 79.070622][ T4314]
[ 79.073670][ T4314]
[ 79.076017][ T4314] The buggy address belongs to the page:
[ 79.081749][ T4314] page:ffffea0001a57380 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x695ce
[ 79.091936][ T4314] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 79.099095][ T4314] raw: 00fff00000000000 ffffea0001a573c8 ffffea0001a57348 0000000000000000
[ 79.107715][ T4314] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 79.116340][ T4314] page dumped because: kasan: bad access detected
[ 79.122785][ T4314] page_owner tracks the page as freed
[ 79.128178][ T4314] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 4314, ts 78433347800, free_ts 78468722352
[ 79.143755][ T4314] get_page_from_freelist+0x1bbd/0x1ca0
[ 79.149356][ T4314] __alloc_pages+0x1ee/0x480
[ 79.153985][ T4314] alloc_pages_vma+0x393/0x7c0
[ 79.158777][ T4314] handle_mm_fault+0x23be/0x4410
[ 79.163754][ T4314] do_user_addr_fault+0x489/0xc80
[ 79.168818][ T4314] exc_page_fault+0x60/0x100
[ 79.173438][ T4314] asm_exc_page_fault+0x22/0x30
[ 79.178313][ T4314] page last free stack trace:
[ 79.183007][ T4314] free_unref_page_prepare+0x637/0x6c0
[ 79.188503][ T4314] free_unref_page_list+0x119/0x820
[ 79.193742][ T4314] release_pages+0x186c/0x1be0
[ 79.198539][ T4314] tlb_finish_mmu+0x176/0x300
[ 79.203247][ T4314] unmap_region+0x344/0x3b0
[ 79.207786][ T4314] __do_munmap+0x9f8/0xdf0
[ 79.212229][ T4314] __vm_munmap+0x140/0x240
[ 79.216680][ T4314] __x64_sys_munmap+0x67/0x70
[ 79.221404][ T4314] do_syscall_64+0x4c/0xa0
[ 79.225843][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 79.231764][ T4314]
[ 79.234108][ T4314] Memory state around the buggy address:
[ 79.239765][ T4314] ffff8880695ce000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.247846][ T4314] ffff8880695ce080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.255937][ T4314] >ffff8880695ce100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.264019][ T4314] ^
[ 79.271764][ T4314] ffff8880695ce180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.279853][ T4314] ffff8880695ce200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 79.287934][ T4314] ==================================================================
[ 79.296010][ T4314] Disabling lock debugging due to kernel taint
[ 79.303043][ T4314] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 79.310265][ T4314] CPU: 1 PID: 4314 Comm: syz.0.17 Tainted: G B syzkaller #0
[ 79.318885][ T4314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 79.328962][ T4314] Call Trace:
[ 79.332270][ T4314]
[ 79.335220][ T4314] dump_stack_lvl+0x188/0x250
[ 79.339930][ T4314] ? show_regs_print_info+0x20/0x20
[ 79.345176][ T4314] ? load_image+0x400/0x400
[ 79.349722][ T4314] panic+0x2e5/0x810
[ 79.353646][ T4314] ? bpf_jit_dump+0xd0/0xd0
[ 79.358175][ T4314] ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 79.364094][ T4314] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 79.370011][ T4314] ? _raw_spin_unlock+0x40/0x40
[ 79.374883][ T4314] ? print_memory_metadata+0x314/0x400
[ 79.380359][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 79.385233][ T4314] check_panic_on_warn+0x80/0xa0
[ 79.390197][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 79.395075][ T4314] end_report+0x6d/0xf0
[ 79.399252][ T4314] kasan_report+0x102/0x130
[ 79.403783][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 79.408660][ T4314] kasan_check_range+0x235/0x290
[ 79.413637][ T4314] ? ntfs_readpage+0x85a/0x2260
[ 79.418536][ T4314] memcpy+0x25/0x60
[ 79.422561][ T4314] ntfs_readpage+0x85a/0x2260
[ 79.427271][ T4314] ? rcu_lock_release+0x5/0x20
[ 79.432079][ T4314] ? ntfs_writepage+0x1360/0x1360
[ 79.437132][ T4314] ? xa_load+0x276/0x2a0
[ 79.441406][ T4314] ? readahead_page+0x299/0x3d0
[ 79.446291][ T4314] ? ntfs_writepage+0x1360/0x1360
[ 79.451343][ T4314] read_pages+0x61f/0x930
[ 79.455715][ T4314] ? page_cache_ra_unbounded+0x940/0x940
[ 79.461387][ T4314] ? add_to_page_cache_lru+0x2a8/0x4a0
[ 79.466884][ T4314] page_cache_ra_unbounded+0x838/0x940
[ 79.472378][ T4314] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[ 79.478912][ T4314] filemap_read+0x5de/0x2540
[ 79.483545][ T4314] ? rcu_lock_release+0x5/0x20
[ 79.488347][ T4314] ? find_get_pages_range_tag+0x470/0x470
[ 79.494218][ T4314] ? __kernel_text_address+0x9a/0x100
[ 79.499637][ T4314] ? unwind_get_return_address+0x49/0x80
[ 79.505316][ T4314] ? generic_file_read_iter+0x96/0x490
[ 79.510802][ T4314] ? memset+0x1e/0x40
[ 79.514826][ T4314] ? iov_iter_kvec+0xb4/0x170
[ 79.519728][ T4314] __kernel_read+0x517/0x960
[ 79.524345][ T4314] ? __kasan_kmalloc+0xcc/0xf0
[ 79.529130][ T4314] ? __kasan_kmalloc+0xb5/0xf0
[ 79.533937][ T4314] ? rw_verify_area+0x1b0/0x1b0
[ 79.538821][ T4314] integrity_kernel_read+0x86/0xd0
[ 79.543956][ T4314] ? integrity_inode_free+0x170/0x170
[ 79.549361][ T4314] ima_calc_file_hash+0x931/0x1920
[ 79.554506][ T4314] ? mark_lock+0x94/0x320
[ 79.558855][ T4314] ? __lock_acquire+0x13bc/0x7d10
[ 79.563912][ T4314] ? ima_alloc_tfm+0x2f0/0x2f0
[ 79.568733][ T4314] ? __mutex_trylock_common+0x155/0x260
[ 79.574305][ T4314] ? rcu_lock_release+0x20/0x20
[ 79.579195][ T4314] ima_collect_measurement+0x337/0x7c0
[ 79.584713][ T4314] ? ima_get_action+0xa0/0xa0
[ 79.589422][ T4314] process_measurement+0x113a/0x1ba0
[ 79.594734][ T4314] ? ima_file_mmap+0x150/0x150
[ 79.599526][ T4314] ? tomoyo_check_path_number_acl+0x280/0x280
[ 79.605643][ T4314] ima_file_check+0xc7/0x110
[ 79.610269][ T4314] ? ima_bprm_check+0x200/0x200
[ 79.615146][ T4314] path_openat+0x27a8/0x2fa0
[ 79.619772][ T4314] ? do_filp_open+0x410/0x410
[ 79.624484][ T4314] do_filp_open+0x1e2/0x410
[ 79.629012][ T4314] ? vfs_tmpfile+0x300/0x300
[ 79.633642][ T4314] ? _raw_spin_unlock+0x24/0x40
[ 79.638518][ T4314] ? alloc_fd+0x598/0x630
[ 79.642878][ T4314] do_sys_openat2+0x150/0x4b0
[ 79.647574][ T4314] ? __lock_acquire+0x7d10/0x7d10
[ 79.652638][ T4314] ? do_sys_open+0xe0/0xe0
[ 79.657075][ T4314] ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 79.663112][ T4314] ? lock_chain_count+0x20/0x20
[ 79.668027][ T4314] ? vtime_user_exit+0x2c8/0x3e0
[ 79.672991][ T4314] __x64_sys_openat+0x135/0x160
[ 79.677866][ T4314] do_syscall_64+0x4c/0xa0
[ 79.682305][ T4314] ? clear_bhb_loop+0x30/0x80
[ 79.687006][ T4314] ? clear_bhb_loop+0x30/0x80
[ 79.691710][ T4314] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 79.697640][ T4314] RIP: 0033:0x7f5d721a1629
[ 79.702098][ T4314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 79.721728][ T4314] RSP: 002b:00007fff93b4af98 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 79.730174][ T4314] RAX: ffffffffffffffda RBX: 00007f5d7241afa0 RCX: 00007f5d721a1629
[ 79.738195][ T4314] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 79.746197][ T4314] RBP: 00007f5d72237b39 R08: 0000000000000000 R09: 0000000000000000
[ 79.754187][ T4314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 79.762175][ T4314] R13: 00007f5d7241afac R14: 00007f5d7241afa0 R15: 00007f5d7241afa0
[ 79.770179][ T4314]
[ 79.773420][ T4314] Kernel Offset: disabled
[ 79.777763][ T4314] Rebooting in 86400 seconds..