[ 132.939267][ T1324] ieee802154 phy0 wpan0: encryption failed: -22
[ 132.939334][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts.
2025/08/23 01:08:07 parsed 1 programs
[ 143.937451][ T6196] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 149.091619][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 149.093640][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 149.095856][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 149.097182][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 149.097878][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 150.405246][ T6247] chnl_net:caif_netlink_parms(): no params data found
[ 150.784180][ T6247] bridge0: port 1(bridge_slave_0) entered blocking state
[ 150.784305][ T6247] bridge0: port 1(bridge_slave_0) entered disabled state
[ 150.784435][ T6247] bridge_slave_0: entered allmulticast mode
[ 150.785910][ T6247] bridge_slave_0: entered promiscuous mode
[ 150.787933][ T6247] bridge0: port 2(bridge_slave_1) entered blocking state
[ 150.788050][ T6247] bridge0: port 2(bridge_slave_1) entered disabled state
[ 150.788162][ T6247] bridge_slave_1: entered allmulticast mode
[ 150.789583][ T6247] bridge_slave_1: entered promiscuous mode
[ 150.996307][ T6247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 151.067055][ T6247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 151.239151][ T6247] team0: Port device team_slave_0 added
[ 151.242601][ T6247] team0: Port device team_slave_1 added
[ 151.475846][ T6247] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 151.475862][ T6247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 151.475886][ T6247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 151.478140][ T6247] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 151.478152][ T6247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 151.478172][ T6247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 151.659709][ T6247] hsr_slave_0: entered promiscuous mode
[ 151.660433][ T6247] hsr_slave_1: entered promiscuous mode
[ 153.176917][ T6247] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 153.222853][ T6247] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 153.261169][ T6247] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 153.301703][ T6247] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 153.476918][ T6247] 8021q: adding VLAN 0 to HW filter on device bond0
[ 153.517387][ T6247] 8021q: adding VLAN 0 to HW filter on device team0
[ 153.529144][ T86] bridge0: port 1(bridge_slave_0) entered blocking state
[ 153.529595][ T86] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 153.555450][ T816] bridge0: port 2(bridge_slave_1) entered blocking state
[ 153.556183][ T816] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 153.925758][ T6247] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 154.000891][ T6247] veth0_vlan: entered promiscuous mode
[ 154.017245][ T6247] veth1_vlan: entered promiscuous mode
[ 154.060059][ T6247] veth0_macvtap: entered promiscuous mode
[ 154.071900][ T6247] veth1_macvtap: entered promiscuous mode
[ 154.111659][ T6247] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 154.135048][ T6247] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 154.159980][ T86] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.160536][ T86] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.160617][ T86] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 154.160650][ T86] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 155.063615][ T1176] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 155.368820][ T1176] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 156.058137][ T1176] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 156.275722][ T86] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 156.275742][ T86] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 156.369567][ T1364] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 156.369586][ T1364] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 156.782076][ T1176] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 157.275649][ T1176] bridge_slave_1: left allmulticast mode
[ 157.275682][ T1176] bridge_slave_1: left promiscuous mode
[ 157.275936][ T1176] bridge0: port 2(bridge_slave_1) entered disabled state
[ 157.375532][ T1176] bridge_slave_0: left allmulticast mode
[ 157.375564][ T1176] bridge_slave_0: left promiscuous mode
[ 157.375814][ T1176] bridge0: port 1(bridge_slave_0) entered disabled state
[ 159.064784][ T1176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 159.134648][ T1176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 159.156479][ T1176] bond0 (unregistering): Released all slaves
[ 159.500610][ T1176] hsr_slave_0: left promiscuous mode
[ 159.543889][ T1176] hsr_slave_1: left promiscuous mode
[ 159.544749][ T1176] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 159.544776][ T1176] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 159.614877][ T1176] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 159.614920][ T1176] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 159.723475][ T1176] veth1_macvtap: left promiscuous mode
[ 159.723596][ T1176] veth0_macvtap: left promiscuous mode
[ 159.727062][ T1176] veth1_vlan: left promiscuous mode
[ 159.727277][ T1176] veth0_vlan: left promiscuous mode
[ 161.945071][ T1176] team0 (unregistering): Port device team_slave_1 removed
[ 162.154399][ T1176] team0 (unregistering): Port device team_slave_0 removed
2025/08/23 01:08:32 executed programs: 0
[ 164.889489][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 164.892545][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 164.893679][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 164.895753][ T5154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 164.896446][ T5154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 165.672484][ T6477] chnl_net:caif_netlink_parms(): no params data found
[ 166.096007][ T6477] bridge0: port 1(bridge_slave_0) entered blocking state
[ 166.096240][ T6477] bridge0: port 1(bridge_slave_0) entered disabled state
[ 166.096403][ T6477] bridge_slave_0: entered allmulticast mode
[ 166.099082][ T6477] bridge_slave_0: entered promiscuous mode
[ 166.102518][ T6477] bridge0: port 2(bridge_slave_1) entered blocking state
[ 166.102727][ T6477] bridge0: port 2(bridge_slave_1) entered disabled state
[ 166.102926][ T6477] bridge_slave_1: entered allmulticast mode
[ 166.108374][ T6477] bridge_slave_1: entered promiscuous mode
[ 166.591590][ T6477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 166.641194][ T6477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 166.941086][ T59] Bluetooth: hci0: command tx timeout
[ 167.137528][ T6477] team0: Port device team_slave_0 added
[ 167.142968][ T6477] team0: Port device team_slave_1 added
[ 167.307349][ T6477] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 167.307365][ T6477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 167.307388][ T6477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 167.309724][ T6477] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 167.309737][ T6477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 167.309760][ T6477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 167.833582][ T6477] hsr_slave_0: entered promiscuous mode
[ 167.838465][ T6477] hsr_slave_1: entered promiscuous mode
[ 169.013883][ T59] Bluetooth: hci0: command tx timeout
[ 169.606328][ T6477] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 169.640809][ T6477] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 169.679141][ T6477] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 169.721558][ T6477] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 169.889506][ T6477] 8021q: adding VLAN 0 to HW filter on device bond0
[ 169.929774][ T6477] 8021q: adding VLAN 0 to HW filter on device team0
[ 169.947017][ T1176] bridge0: port 1(bridge_slave_0) entered blocking state
[ 169.948254][ T1176] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 169.987305][ T1176] bridge0: port 2(bridge_slave_1) entered blocking state
[ 169.987433][ T1176] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 170.359216][ T6477] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 170.437471][ T6477] veth0_vlan: entered promiscuous mode
[ 170.453139][ T6477] veth1_vlan: entered promiscuous mode
[ 170.515674][ T6477] veth0_macvtap: entered promiscuous mode
[ 170.527376][ T6477] veth1_macvtap: entered promiscuous mode
[ 170.554914][ T6477] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 170.576592][ T6477] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 170.591472][ T1176] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 170.591905][ T1176] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 170.592333][ T1176] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 170.592600][ T1176] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 170.829113][ T4581] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 170.829132][ T4581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 170.883977][ T1364] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 170.883996][ T1364] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/08/23 01:08:38 executed programs: 2
[ 171.011295][ T6607] loop0: detected capacity change from 0 to 16
[ 171.059041][ T6607] erofs (device loop0): EXPERIMENTAL EROFS subpage compressed block support in u[ 171.059041][ T6607] erofs (device loop0): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[ 171.060222][ T6607] erofs (device loop0): mounted with root inode @ nid 36.
[ 171.069664][ T6607] erofs (device loop0): readahead error at folio 7 @ nid 36
[ 171.069801][ T6607] erofs (device loop0): readahead error at folio 6 @ nid 36
[ 171.069869][ T6607] erofs (device loop0): readahead error at folio 5 @ nid 36
[ 171.070146][ T6607] erofs (device loop0): readahead error at folio 4 @ nid 36
[ 171.070162][ T6607] erofs (device loop0): readahead error at folio 3 @ nid 36
[ 171.070203][ T6607] ==================================================================
[ 171.070216][ T6607] BUG: KASAN: invalid-free in z_erofs_scan_folio+0x1e4a/0x4540
[ 171.070247][ T6607] Free of addr ffff8880565609d8 by task syz.0.17/6607
[ 171.070259][ T6607]
[ 171.070283][ T6607] CPU: 1 UID: 0 PID: 6607 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)}
[ 171.070307][ T6607] Tainted: [W]=WARN
[ 171.070313][ T6607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 171.070323][ T6607] Call Trace:
[ 171.070329][ T6607]
[ 171.070336][ T6607] dump_stack_lvl+0x189/0x250
[ 171.070367][ T6607] ? __virt_addr_valid+0x1c8/0x5c0
[ 171.070389][ T6607] ? rcu_is_watching+0x15/0xb0
[ 171.070412][ T6607] ? __pfx_dump_stack_lvl+0x10/0x10
[ 171.070433][ T6607] ? rcu_is_watching+0x15/0xb0
[ 171.070454][ T6607] ? lock_release+0x4b/0x3e0
[ 171.070474][ T6607] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 171.070496][ T6607] ? __virt_addr_valid+0x1c8/0x5c0
[ 171.070517][ T6607] ? __virt_addr_valid+0x4a5/0x5c0
[ 171.070539][ T6607] print_report+0xca/0x240
[ 171.070557][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.070579][ T6607] kasan_report_invalid_free+0xea/0x110
[ 171.070601][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.070624][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.070645][ T6607] check_slab_allocation+0xe1/0x130
[ 171.070664][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.070685][ T6607] kmem_cache_free+0x146/0x510
[ 171.070708][ T6607] z_erofs_scan_folio+0x1e4a/0x4540
[ 171.070733][ T6607] ? _printk+0xcf/0x120
[ 171.070758][ T6607] ? _erofs_printk+0x349/0x410
[ 171.070775][ T6607] ? __pfx_z_erofs_scan_folio+0x10/0x10
[ 171.070804][ T6607] ? xa_load+0x60/0x210
[ 171.070824][ T6607] ? xa_load+0x1ea/0x210
[ 171.070846][ T6607] z_erofs_readahead+0x672/0xb40
[ 171.070872][ T6607] ? __pfx_z_erofs_readahead+0x10/0x10
[ 171.070892][ T6607] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 171.070922][ T6607] ? blk_start_plug+0x6f/0x1b0
[ 171.070938][ T6607] read_pages+0x177/0x580
[ 171.070961][ T6607] ? __pfx_read_pages+0x10/0x10
[ 171.070985][ T6607] ? filemap_add_folio+0x1af/0x270
[ 171.071007][ T6607] page_cache_ra_unbounded+0x63b/0x740
[ 171.071035][ T6607] erofs_readdir+0x567/0x1020
[ 171.071062][ T6607] ? iterate_dir+0x29e/0x580
[ 171.071080][ T6607] ? __pfx_erofs_readdir+0x10/0x10
[ 171.071103][ T6607] ? __pfx_down_read_killable+0x10/0x10
[ 171.071128][ T6607] iterate_dir+0x3a2/0x580
[ 171.071147][ T6607] __se_sys_getdents+0xe4/0x250
[ 171.071166][ T6607] ? __pfx___se_sys_getdents+0x10/0x10
[ 171.071184][ T6607] ? __pfx_filldir+0x10/0x10
[ 171.071202][ T6607] ? rcu_is_watching+0x15/0xb0
[ 171.071225][ T6607] ? do_syscall_64+0xbe/0x3b0
[ 171.071246][ T6607] do_syscall_64+0xfa/0x3b0
[ 171.071265][ T6607] ? lockdep_hardirqs_on+0x9c/0x150
[ 171.071283][ T6607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 171.071299][ T6607] ? clear_bhb_loop+0x60/0xb0
[ 171.071316][ T6607] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 171.071332][ T6607] RIP: 0033:0x7f2826aaebe9
[ 171.071350][ T6607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 171.071364][ T6607] RSP: 002b:00007f2826116038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 171.071388][ T6607] RAX: ffffffffffffffda RBX: 00007f2826cd5fa0 RCX: 00007f2826aaebe9
[ 171.071401][ T6607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 171.071411][ T6607] RBP: 00007f2826b31e19 R08: 0000000000000000 R09: 0000000000000000
[ 171.071421][ T6607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 171.071432][ T6607] R13: 00007f2826cd6038 R14: 00007f2826cd5fa0 R15: 00007ffd944ac938
[ 171.071451][ T6607]
[ 171.071457][ T6607]
[ 171.071461][ T6607] Allocated by task 6607:
[ 171.071469][ T6607] kasan_save_track+0x3e/0x80
[ 171.071484][ T6607] __kasan_slab_alloc+0x6c/0x80
[ 171.071500][ T6607] kmem_cache_alloc_noprof+0x143/0x310
[ 171.071518][ T6607] z_erofs_scan_folio+0x162e/0x4540
[ 171.071537][ T6607] z_erofs_readahead+0x672/0xb40
[ 171.071556][ T6607] read_pages+0x177/0x580
[ 171.071573][ T6607] page_cache_ra_unbounded+0x63b/0x740
[ 171.071592][ T6607] erofs_readdir+0x567/0x1020
[ 171.071608][ T6607] iterate_dir+0x3a2/0x580
[ 171.071622][ T6607] __se_sys_getdents+0xe4/0x250
[ 171.071637][ T6607] do_syscall_64+0xfa/0x3b0
[ 171.071655][ T6607] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 171.071669][ T6607]
[ 171.071673][ T6607] The buggy address belongs to the object at ffff8880565609d8
[ 171.071673][ T6607] which belongs to the cache erofs_pcluster-128 of size 2392
[ 171.071687][ T6607] The buggy address is located 0 bytes inside of
[ 171.071687][ T6607] 2392-byte region [ffff8880565609d8, ffff888056561330)
[ 171.071704][ T6607]
[ 171.071708][ T6607] The buggy address belongs to the physical page:
[ 171.071727][ T6607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x56560
[ 171.071746][ T6607] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 171.071760][ T6607] flags: 0x80000000000040(head|node=0|zone=1)
[ 171.071776][ T6607] page_type: f5(slab)
[ 171.071797][ T6607] raw: 0080000000000040 ffff88802030f000 dead000000000122 0000000000000000
[ 171.071810][ T6607] raw: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[ 171.071825][ T6607] head: 0080000000000040 ffff88802030f000 dead000000000122 0000000000000000
[ 171.071838][ T6607] head: 0000000000000000 00000000800d000d 00000000f5000000 0000000000000000
[ 171.071853][ T6607] head: 0080000000000003 ffffea0001595801 00000000ffffffff 00000000ffffffff
[ 171.071866][ T6607] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 171.071874][ T6607] page dumped because: kasan: bad access detected
[ 171.071886][ T6607] page_owner tracks the page as allocated
[ 171.071892][ T6607] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_RECLAIMABLE|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6607, tgid 6606 (syz.0.17), ts 171069705490, free_ts 99313462986
[ 171.071920][ T6607] post_alloc_hook+0x240/0x2a0
[ 171.071939][ T6607] get_page_from_freelist+0x2119/0x21b0
[ 171.071954][ T6607] __alloc_frozen_pages_noprof+0x181/0x370
[ 171.071968][ T6607] alloc_pages_mpol+0xd1/0x380
[ 171.071986][ T6607] allocate_slab+0x8a/0x370
[ 171.072000][ T6607] ___slab_alloc+0x8d1/0xdd0
[ 171.072019][ T6607] kmem_cache_alloc_noprof+0xe6/0x310
[ 171.072036][ T6607] z_erofs_scan_folio+0x162e/0x4540
[ 171.072056][ T6607] z_erofs_readahead+0x672/0xb40
[ 171.072074][ T6607] read_pages+0x177/0x580
[ 171.072092][ T6607] page_cache_ra_unbounded+0x63b/0x740
[ 171.072110][ T6607] erofs_readdir+0x567/0x1020
[ 171.072126][ T6607] iterate_dir+0x3a2/0x580
[ 171.072140][ T6607] __se_sys_getdents+0xe4/0x250
[ 171.072156][ T6607] do_syscall_64+0xfa/0x3b0
[ 171.072173][ T6607] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 171.072188][ T6607] page last free pid 5917 tgid 5917 stack trace:
[ 171.072197][ T6607] __free_frozen_pages+0xb59/0xce0
[ 171.072216][ T6607] vfree+0x2ad/0x470
[ 171.072233][ T6607] kcov_close+0x2e/0x60
[ 171.072250][ T6607] __fput+0x45b/0xa80
[ 171.072264][ T6607] task_work_run+0x1d4/0x260
[ 171.072277][ T6607] do_exit+0x6b5/0x2300
[ 171.072289][ T6607] do_group_exit+0x21c/0x2d0
[ 171.072302][ T6607] get_signal+0x125e/0x1310
[ 171.072317][ T6607] arch_do_signal_or_restart+0x9a/0x750
[ 171.072335][ T6607] exit_to_user_mode_loop+0x75/0x110
[ 171.072353][ T6607] do_syscall_64+0x2bd/0x3b0
[ 171.072369][ T6607] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 171.072384][ T6607]
[ 171.072387][ T6607] Memory state around the buggy address:
[ 171.072396][ T6607] ffff888056560880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 171.072407][ T6607] ffff888056560900: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 171.072417][ T6607] >ffff888056560980: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00
[ 171.072425][ T6607] ^
[ 171.072434][ T6607] ffff888056560a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 171.072445][ T6607] ffff888056560a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 171.072453][ T6607] ==================================================================
[ 171.072466][ T6607] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 171.072480][ T6607] CPU: 1 UID: 0 PID: 6607 Comm: syz.0.17 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)}
[ 171.072502][ T6607] Tainted: [W]=WARN
[ 171.072508][ T6607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 171.072517][ T6607] Call Trace:
[ 171.072523][ T6607]
[ 171.072530][ T6607] dump_stack_lvl+0x99/0x250
[ 171.072551][ T6607] ? __asan_memcpy+0x40/0x70
[ 171.072567][ T6607] ? __pfx_dump_stack_lvl+0x10/0x10
[ 171.072589][ T6607] ? __pfx__printk+0x10/0x10
[ 171.072610][ T6607] vpanic+0x281/0x750
[ 171.072632][ T6607] ? __pfx_vpanic+0x10/0x10
[ 171.072659][ T6607] panic+0xb9/0xc0
[ 171.072679][ T6607] ? __pfx_panic+0x10/0x10
[ 171.072697][ T6607] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 171.072719][ T6607] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 171.072740][ T6607] ? is_module_address+0x17/0xf0
[ 171.072758][ T6607] check_panic_on_warn+0x89/0xb0
[ 171.072775][ T6607] end_report+0x78/0x160
[ 171.072798][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.072819][ T6607] kasan_report_invalid_free+0xfa/0x110
[ 171.072840][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.072863][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.072884][ T6607] check_slab_allocation+0xe1/0x130
[ 171.072903][ T6607] ? z_erofs_scan_folio+0x1e4a/0x4540
[ 171.072924][ T6607] kmem_cache_free+0x146/0x510
[ 171.072946][ T6607] z_erofs_scan_folio+0x1e4a/0x4540
[ 171.072972][ T6607] ? _printk+0xcf/0x120
[ 171.072996][ T6607] ? _erofs_printk+0x349/0x410
[ 171.073014][ T6607] ? __pfx_z_erofs_scan_folio+0x10/0x10
[ 171.073036][ T6607] ? xa_load+0x60/0x210
[ 171.073055][ T6607] ? xa_load+0x1ea/0x210
[ 171.073078][ T6607] z_erofs_readahead+0x672/0xb40
[ 171.073104][ T6607] ? __pfx_z_erofs_readahead+0x10/0x10
[ 171.073123][ T6607] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 171.073153][ T6607] ? blk_start_plug+0x6f/0x1b0
[ 171.073169][ T6607] read_pages+0x177/0x580
[ 171.073191][ T6607] ? __pfx_read_pages+0x10/0x10
[ 171.073215][ T6607] ? filemap_add_folio+0x1af/0x270
[ 171.073238][ T6607] page_cache_ra_unbounded+0x63b/0x740
[ 171.073265][ T6607] erofs_readdir+0x567/0x1020
[ 171.073292][ T6607] ? iterate_dir+0x29e/0x580
[ 171.073309][ T6607] ? __pfx_erofs_readdir+0x10/0x10
[ 171.073333][ T6607] ? __pfx_down_read_killable+0x10/0x10
[ 171.073358][ T6607] iterate_dir+0x3a2/0x580
[ 171.073376][ T6607] __se_sys_getdents+0xe4/0x250
[ 171.073394][ T6607] ? __pfx___se_sys_getdents+0x10/0x10
[ 171.073411][ T6607] ? __pfx_filldir+0x10/0x10
[ 171.073430][ T6607] ? rcu_is_watching+0x15/0xb0
[ 171.073453][ T6607] ? do_syscall_64+0xbe/0x3b0
[ 171.073474][ T6607] do_syscall_64+0xfa/0x3b0
[ 171.073493][ T6607] ? lockdep_hardirqs_on+0x9c/0x150
[ 171.073511][ T6607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 171.073526][ T6607] ? clear_bhb_loop+0x60/0xb0
[ 171.073544][ T6607] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 171.073560][ T6607] RIP: 0033:0x7f2826aaebe9
[ 171.073573][ T6607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 171.073585][ T6607] RSP: 002b:00007f2826116038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[ 171.073618][ T6607] RAX: ffffffffffffffda RBX: 00007f2826cd5fa0 RCX: 00007f2826aaebe9
[ 171.073631][ T6607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 171.073641][ T6607] RBP: 00007f2826b31e19 R08: 0000000000000000 R09: 0000000000000000
[ 171.073652][ T6607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 171.073662][ T6607] R13: 00007f2826cd6038 R14: 00007f2826cd5fa0 R15: 00007ffd944ac938
[ 171.073681][ T6607]
[ 171.073996][ T6607] Kernel Offset: disabled