Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts.
2025/10/30 12:18:06 parsed 1 programs
[   79.080213][ T5799] cgroup: Unknown subsys name 'net'
[   79.213352][ T5799] cgroup: Unknown subsys name 'rlimit'
[   80.705646][ T5799] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   81.929120][    T9] cfg80211: failed to load regulatory.db
[   83.528236][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   83.594525][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.602385][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.609662][ T5833] bridge_slave_0: entered allmulticast mode
[   83.616468][ T5833] bridge_slave_0: entered promiscuous mode
[   83.633767][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.641308][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.648628][ T5833] bridge_slave_1: entered allmulticast mode
[   83.655321][ T5833] bridge_slave_1: entered promiscuous mode
[   83.691476][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.703468][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.736309][ T5833] team0: Port device team_slave_0 added
[   83.745487][ T5833] team0: Port device team_slave_1 added
[   83.772760][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.780252][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.807156][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.820977][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.827991][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.854204][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.901910][ T5833] hsr_slave_0: entered promiscuous mode
[   83.910446][ T5833] hsr_slave_1: entered promiscuous mode
[   84.036378][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.050022][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.060645][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.088750][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.127932][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.135441][ T5833] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.144618][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.151884][ T5833] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.209693][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.234578][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.243724][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.267394][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   84.281153][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.288438][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.301895][ T2970] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.309072][ T2970] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.490495][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.533658][ T5833] veth0_vlan: entered promiscuous mode
[   84.544377][ T5833] veth1_vlan: entered promiscuous mode
[   84.580440][ T5833] veth0_macvtap: entered promiscuous mode
[   84.589975][ T5833] veth1_macvtap: entered promiscuous mode
[   84.614936][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.629270][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.641186][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.651161][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.660518][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.669530][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.841494][   T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.591844][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.604230][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.634741][ T2970] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.643347][ T2970] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.273753][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.282854][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.291721][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.301027][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.310008][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.318474][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/10/30 12:18:15 executed programs: 0
[   86.764958][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.774715][ T5103] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.783218][ T5103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.792550][ T5103] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.800919][ T5103] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.809010][ T5103] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.933445][ T5901] chnl_net:caif_netlink_parms(): no params data found
[   86.990581][ T5901] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.997878][ T5901] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.005086][ T5901] bridge_slave_0: entered allmulticast mode
[   87.012580][ T5901] bridge_slave_0: entered promiscuous mode
[   87.021191][ T5901] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.028890][ T5901] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.036077][ T5901] bridge_slave_1: entered allmulticast mode
[   87.043627][ T5901] bridge_slave_1: entered promiscuous mode
[   87.071436][ T5901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.082820][ T5901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.110746][ T5901] team0: Port device team_slave_0 added
[   87.120692][ T5901] team0: Port device team_slave_1 added
[   87.144163][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.151465][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.177976][ T5901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.190757][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.197865][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.224118][ T5901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.263848][ T5901] hsr_slave_0: entered promiscuous mode
[   87.270624][ T5901] hsr_slave_1: entered promiscuous mode
[   87.277466][ T5901] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.285305][ T5901] Cannot create hsr debugfs directory
[   87.300517][   T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.887834][   T51] Bluetooth: hci0: command tx timeout
[   89.596330][   T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.660541][   T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.425851][   T49] hsr_slave_0: left promiscuous mode
[   90.434366][   T49] hsr_slave_1: left promiscuous mode
[   90.458846][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.466353][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[   90.475489][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.483401][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[   90.491898][   T49] bridge_slave_1: left allmulticast mode
[   90.498049][   T49] bridge_slave_1: left promiscuous mode
[   90.505339][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.519394][   T49] bridge_slave_0: left allmulticast mode
[   90.525610][   T49] bridge_slave_0: left promiscuous mode
[   90.531809][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.561013][   T49] veth1_macvtap: left promiscuous mode
[   90.566908][   T49] veth0_macvtap: left promiscuous mode
[   90.572500][   T49] veth1_vlan: left promiscuous mode
[   90.578533][   T49] veth0_vlan: left promiscuous mode
[   90.920569][   T49] team0 (unregistering): Port device team_slave_1 removed
[   90.951260][   T49] team0 (unregistering): Port device team_slave_0 removed
[   90.968266][   T51] Bluetooth: hci0: command tx timeout
[   90.984894][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   91.015986][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   91.295684][   T49] bond0 (unregistering): Released all slaves
[   91.410647][ T5901] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.422058][ T5901] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.435257][ T5901] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.449968][ T5901] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.532287][ T5901] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.560407][ T5901] 8021q: adding VLAN 0 to HW filter on device team0
[   91.578340][ T2960] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.585484][ T2960] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.602620][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.609797][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.795379][ T5901] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.864779][ T5901] veth0_vlan: entered promiscuous mode
[   91.884076][ T5901] veth1_vlan: entered promiscuous mode
[   91.932033][ T5901] veth0_macvtap: entered promiscuous mode
[   91.947645][ T5901] veth1_macvtap: entered promiscuous mode
[   91.985382][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.998813][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.022213][ T5901] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.031212][ T5901] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.040554][ T5901] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.049617][ T5901] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.103111][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.115425][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.143922][ T2960] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.152180][ T2960] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.200157][ T5950] syz.0.17[5950]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   92.211736][ T5950] loop0: detected capacity change from 0 to 16
[   92.232638][ T5950] erofs: (device loop0): mounted with root inode @ nid 36.
[   92.243996][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 26 @ nid 36
[   92.253908][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 25 @ nid 36
[   92.265476][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 24 @ nid 36
[   92.274791][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 23 @ nid 36
[   92.284433][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 22 @ nid 36
[   92.293916][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 21 @ nid 36
[   92.301379][ T5951] erofs: (device loop0): erofs_find_target_block: corrupted dir block 8200 @ nid 36
[   92.315510][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 20 @ nid 36
[   92.329565][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 18 @ nid 36
[   92.340726][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 16 @ nid 36
[   92.351399][ T5950] erofs: (device loop0): z_erofs_readahead: readahead error at folio 12 @ nid 36
[   92.361556][ T5950] syz.0.17: attempt to access beyond end of device
[   92.361556][ T5950] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16
[   92.375288][ T5950] syz.0.17: attempt to access beyond end of device
[   92.375288][ T5950] loop0: rw=524288, sector=525144, nr_sectors = 16 limit=16
[   92.390670][ T5950] syz.0.17: attempt to access beyond end of device
[   92.390670][ T5950] loop0: rw=524288, sector=16, nr_sectors = 8 limit=16
[   92.404439][ T5950] syz.0.17: attempt to access beyond end of device
[   92.404439][ T5950] loop0: rw=524288, sector=13716630376, nr_sectors = 8 limit=16
[   92.419610][ T5950] ==================================================================
[   92.427704][ T5950] BUG: KASAN: slab-use-after-free in z_erofs_transform_plain+0x38c/0x460
[   92.436148][ T5950] Read of size 4095 at addr ffff88807745f400 by task syz.0.17/5950
[   92.444235][ T5950] 
[   92.446587][ T5950] CPU: 1 PID: 5950 Comm: syz.0.17 Not tainted syzkaller #0
[   92.453799][ T5950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   92.464044][ T5950] Call Trace:
[   92.467342][ T5950]  <TASK>
[   92.470280][ T5950]  dump_stack_lvl+0x16c/0x230
[   92.475048][ T5950]  ? __lock_acquire+0x7c80/0x7c80
[   92.480076][ T5950]  ? show_regs_print_info+0x20/0x20
[   92.485278][ T5950]  ? load_image+0x3b0/0x3b0
[   92.489779][ T5950]  ? __virt_addr_valid+0x469/0x540
[   92.494892][ T5950]  print_report+0xac/0x220
[   92.499303][ T5950]  ? z_erofs_transform_plain+0x38c/0x460
[   92.505007][ T5950]  kasan_report+0x117/0x150
[   92.509499][ T5950]  ? z_erofs_transform_plain+0x38c/0x460
[   92.515118][ T5950]  kasan_check_range+0x288/0x290
[   92.520045][ T5950]  ? z_erofs_transform_plain+0x38c/0x460
[   92.525674][ T5950]  __asan_memcpy+0x29/0x70
[   92.530089][ T5950]  z_erofs_transform_plain+0x38c/0x460
[   92.535569][ T5950]  ? z_erofs_lz4_decompress+0x1720/0x1720
[   92.541319][ T5950]  z_erofs_decompress_queue+0x16fb/0x2660
[   92.547044][ T5950]  ? z_erofs_onlinepage_end+0x360/0x360
[   92.552806][ T5950]  ? kasan_quarantine_put+0xd8/0x220
[   92.558090][ T5950]  ? z_erofs_decompressqueue_endio+0x5a0/0x5a0
[   92.564334][ T5950]  ? z_erofs_decompressqueue_endio+0x512/0x5a0
[   92.570496][ T5950]  z_erofs_runqueue+0x18a3/0x19d0
[   92.575539][ T5950]  ? z_erofs_do_read_page+0x3680/0x3680
[   92.581177][ T5950]  ? _raw_spin_unlock+0x28/0x40
[   92.586045][ T5950]  ? lockref_put_or_lock+0x72/0xb0
[   92.591165][ T5950]  z_erofs_readahead+0xa7c/0xd50
[   92.596098][ T5950]  ? z_erofs_read_folio+0x540/0x540
[   92.601288][ T5950]  ? __mod_lruvec_page_state+0xa5/0x420
[   92.606844][ T5950]  ? folio_add_lru+0x320/0xd50
[   92.611628][ T5950]  ? blk_start_plug+0x6e/0x1a0
[   92.616385][ T5950]  read_pages+0x177/0x840
[   92.620714][ T5950]  ? __lock_acquire+0x7c80/0x7c80
[   92.625741][ T5950]  ? page_cache_ra_unbounded+0x770/0x770
[   92.631384][ T5950]  ? folio_add_lru+0xd50/0xd50
[   92.636158][ T5950]  ? folio_add_lru+0x54f/0xd50
[   92.640928][ T5950]  ? filemap_add_folio+0x192/0x3c0
[   92.646139][ T5950]  page_cache_ra_unbounded+0x692/0x770
[   92.651632][ T5950]  force_page_cache_ra+0x2c1/0x320
[   92.656864][ T5950]  generic_fadvise+0x44f/0x730
[   92.661661][ T5950]  ? dump_task+0x5f0/0x5f0
[   92.666067][ T5950]  ? __fget_files+0x28/0x4d0
[   92.670652][ T5950]  ? __fdget+0x180/0x210
[   92.674977][ T5950]  __x64_sys_fadvise64+0x140/0x180
[   92.680080][ T5950]  do_syscall_64+0x55/0xb0
[   92.684487][ T5950]  ? clear_bhb_loop+0x40/0x90
[   92.689162][ T5950]  ? clear_bhb_loop+0x40/0x90
[   92.693830][ T5950]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.699710][ T5950] RIP: 0033:0x7f0bc958efc9
[   92.704121][ T5950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.723740][ T5950] RSP: 002b:00007f0bca4c2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[   92.732197][ T5950] RAX: ffffffffffffffda RBX: 00007f0bc97e5fa0 RCX: 00007f0bc958efc9
[   92.740182][ T5950] RDX: 000000000000ff39 RSI: 000000000000aa17 RDI: 0000000000000004
[   92.748164][ T5950] RBP: 00007f0bc9611f91 R08: 0000000000000000 R09: 0000000000000000
[   92.756129][ T5950] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[   92.764109][ T5950] R13: 00007f0bc97e6038 R14: 00007f0bc97e5fa0 R15: 00007ffd4c23b398
[   92.772081][ T5950]  </TASK>
[   92.775085][ T5950] 
[   92.777390][ T5950] The buggy address belongs to the physical page:
[   92.783802][ T5950] page:ffffea0001dd17c0 refcount:3 mapcount:0 mapping:ffff8880615087c8 index:0x1 pfn:0x7745f
[   92.793956][ T5950] memcg:ffff88807b794000
[   92.798189][ T5950] aops:z_erofs_cache_aops ino:0
[   92.803025][ T5950] flags: 0xfff00000008008(uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[   92.811611][ T5950] page_type: 0xffffffff()
[   92.815933][ T5950] raw: 00fff00000008008 0000000000000000 dead000000000122 ffff8880615087c8
[   92.824518][ T5950] raw: 0000000000000001 ffff888074320000 00000003ffffffff ffff88807b794000
[   92.833094][ T5950] page dumped because: kasan: bad access detected
[   92.839501][ T5950] page_owner tracks the page as allocated
[   92.845199][ T5950] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5951, tgid 5949 (syz.0.17), ts 92296075355, free_ts 92285233963
[   92.866836][ T5950]  post_alloc_hook+0x1cd/0x210
[   92.871614][ T5950]  get_page_from_freelist+0x195c/0x19f0
[   92.877162][ T5950]  __alloc_pages+0x1e3/0x460
[   92.881768][ T5950]  z_erofs_do_read_page+0x20c0/0x3680
[   92.887588][ T5950]  z_erofs_read_folio+0x213/0x540
[   92.892633][ T5950]  filemap_read_folio+0x167/0x760
[   92.897659][ T5950]  do_read_cache_folio+0x470/0x7e0
[   92.902797][ T5950]  erofs_bread+0x16f/0x630
[   92.907654][ T5950]  erofs_namei+0x28c/0xf00
[   92.912081][ T5950]  erofs_lookup+0x135/0x310
[   92.916584][ T5950]  path_openat+0x10b8/0x3190
[   92.921166][ T5950]  do_filp_open+0x1c5/0x3d0
[   92.925663][ T5950]  do_sys_openat2+0x12c/0x1c0
[   92.930341][ T5950]  __x64_sys_openat+0x139/0x160
[   92.935179][ T5950]  do_syscall_64+0x55/0xb0
[   92.939935][ T5950]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.945906][ T5950] page last free stack trace:
[   92.950575][ T5950]  free_unref_page_prepare+0x7ce/0x8e0
[   92.956037][ T5950]  free_unref_page+0x32/0x2e0
[   92.960728][ T5950]  __unfreeze_partials+0x1cf/0x210
[   92.965926][ T5950]  put_cpu_partial+0x17c/0x250
[   92.970684][ T5950]  __slab_free+0x31d/0x410
[   92.975118][ T5950]  qlist_free_all+0x75/0xe0
[   92.979731][ T5950]  kasan_quarantine_reduce+0x143/0x160
[   92.985185][ T5950]  __kasan_slab_alloc+0x22/0x80
[   92.990026][ T5950]  slab_post_alloc_hook+0x6e/0x4d0
[   92.995124][ T5950]  kmem_cache_alloc_node+0x150/0x330
[   93.000398][ T5950]  __alloc_skb+0x108/0x2c0
[   93.004808][ T5950]  inet_netconf_notify_devconf+0x173/0x230
[   93.010784][ T5950]  inetdev_event+0x789/0x15c0
[   93.015456][ T5950]  notifier_call_chain+0x197/0x390
[   93.020565][ T5950]  unregister_netdevice_many_notify+0xf36/0x1810
[   93.026911][ T5950]  ip6gre_exit_batch_net+0x449/0x490
[   93.032209][ T5950] 
[   93.034534][ T5950] Memory state around the buggy address:
[   93.040580][ T5950]  ffff88807745ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.046792][   T51] Bluetooth: hci0: command tx timeout
[   93.048621][ T5950]  ffff88807745ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.048631][ T5950] >ffff888077460000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   93.048638][ T5950]                    ^
[   93.048646][ T5950]  ffff888077460080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   93.048655][ T5950]  ffff888077460100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   93.091422][ T5950] ==================================================================
[   93.110704][ T5950] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   93.117954][ T5950] CPU: 1 PID: 5950 Comm: syz.0.17 Not tainted syzkaller #0
[   93.125276][ T5950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   93.135351][ T5950] Call Trace:
[   93.138742][ T5950]  <TASK>
[   93.141776][ T5950]  dump_stack_lvl+0x16c/0x230
[   93.146443][ T5950]  ? show_regs_print_info+0x20/0x20
[   93.151793][ T5950]  ? load_image+0x3b0/0x3b0
[   93.156321][ T5950]  panic+0x2c0/0x710
[   93.160241][ T5950]  ? bpf_jit_dump+0xd0/0xd0
[   93.164754][ T5950]  ? _raw_spin_unlock_irqrestore+0xfa/0x110
[   93.170653][ T5950]  ? _raw_spin_unlock+0x40/0x40
[   93.175509][ T5950]  ? print_memory_metadata+0x314/0x400
[   93.180968][ T5950]  ? z_erofs_transform_plain+0x38c/0x460
[   93.186615][ T5950]  check_panic_on_warn+0x84/0xa0
[   93.191629][ T5950]  ? z_erofs_transform_plain+0x38c/0x460
[   93.197261][ T5950]  end_report+0x6f/0x140
[   93.201491][ T5950]  kasan_report+0x128/0x150
[   93.205979][ T5950]  ? z_erofs_transform_plain+0x38c/0x460
[   93.212045][ T5950]  kasan_check_range+0x288/0x290
[   93.216979][ T5950]  ? z_erofs_transform_plain+0x38c/0x460
[   93.223134][ T5950]  __asan_memcpy+0x29/0x70
[   93.227546][ T5950]  z_erofs_transform_plain+0x38c/0x460
[   93.232999][ T5950]  ? z_erofs_lz4_decompress+0x1720/0x1720
[   93.238710][ T5950]  z_erofs_decompress_queue+0x16fb/0x2660
[   93.244429][ T5950]  ? z_erofs_onlinepage_end+0x360/0x360
[   93.249982][ T5950]  ? kasan_quarantine_put+0xd8/0x220
[   93.255289][ T5950]  ? z_erofs_decompressqueue_endio+0x5a0/0x5a0
[   93.261566][ T5950]  ? z_erofs_decompressqueue_endio+0x512/0x5a0
[   93.267742][ T5950]  z_erofs_runqueue+0x18a3/0x19d0
[   93.272771][ T5950]  ? z_erofs_do_read_page+0x3680/0x3680
[   93.278319][ T5950]  ? _raw_spin_unlock+0x28/0x40
[   93.283158][ T5950]  ? lockref_put_or_lock+0x72/0xb0
[   93.288298][ T5950]  z_erofs_readahead+0xa7c/0xd50
[   93.293229][ T5950]  ? z_erofs_read_folio+0x540/0x540
[   93.298410][ T5950]  ? __mod_lruvec_page_state+0xa5/0x420
[   93.303950][ T5950]  ? folio_add_lru+0x320/0xd50
[   93.308717][ T5950]  ? blk_start_plug+0x6e/0x1a0
[   93.313466][ T5950]  read_pages+0x177/0x840
[   93.317790][ T5950]  ? __lock_acquire+0x7c80/0x7c80
[   93.322803][ T5950]  ? page_cache_ra_unbounded+0x770/0x770
[   93.328429][ T5950]  ? folio_add_lru+0xd50/0xd50
[   93.333181][ T5950]  ? folio_add_lru+0x54f/0xd50
[   93.337944][ T5950]  ? filemap_add_folio+0x192/0x3c0
[   93.343047][ T5950]  page_cache_ra_unbounded+0x692/0x770
[   93.348686][ T5950]  force_page_cache_ra+0x2c1/0x320
[   93.353789][ T5950]  generic_fadvise+0x44f/0x730
[   93.358565][ T5950]  ? dump_task+0x5f0/0x5f0
[   93.362969][ T5950]  ? __fget_files+0x28/0x4d0
[   93.367555][ T5950]  ? __fdget+0x180/0x210
[   93.371791][ T5950]  __x64_sys_fadvise64+0x140/0x180
[   93.376904][ T5950]  do_syscall_64+0x55/0xb0
[   93.381314][ T5950]  ? clear_bhb_loop+0x40/0x90
[   93.386088][ T5950]  ? clear_bhb_loop+0x40/0x90
[   93.390770][ T5950]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   93.396662][ T5950] RIP: 0033:0x7f0bc958efc9
[   93.401158][ T5950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.420783][ T5950] RSP: 002b:00007f0bca4c2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[   93.429287][ T5950] RAX: ffffffffffffffda RBX: 00007f0bc97e5fa0 RCX: 00007f0bc958efc9
[   93.437250][ T5950] RDX: 000000000000ff39 RSI: 000000000000aa17 RDI: 0000000000000004
[   93.445235][ T5950] RBP: 00007f0bc9611f91 R08: 0000000000000000 R09: 0000000000000000
[   93.453207][ T5950] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[   93.461209][ T5950] R13: 00007f0bc97e6038 R14: 00007f0bc97e5fa0 R15: 00007ffd4c23b398
[   93.469193][ T5950]  </TASK>
[   93.472442][ T5950] Kernel Offset: disabled
[   93.476758][ T5950] Rebooting in 86400 seconds..