last executing test programs:

1.312979461s ago: executing program 2 (id=3):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f00000002c0)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000)

1.114350811s ago: executing program 2 (id=5):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x38}}, 0x40408c0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r3 = socket$unix(0x1, 0x1, 0x0)
socket(0x0, 0x9f5faa811eea84c5, 0x0)
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=")
creat(&(0x7f00000000c0)='./file0\x00', 0xf4)
unshare(0x400)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fadvise64(r4, 0xe0ffff, 0x19, 0x3)
bind$unix(r3, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x40000800)
getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=@random={'osx.', 'user.incfs.metadata\x00'}, 0x0, 0x0)
bind$unix(r3, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

0s ago: executing program 2 (id=6):
r0 = socket$inet6(0xa, 0x80002, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000001000), 0x501200)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c)
execve(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)

kernel console output (not intermixed with test programs):

no interfaces have a carrier
[   55.260077][ T5454] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.277541][ T5454] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.65' (ED25519) to the list of known hosts.
syzkaller login: [   80.990837][ T5776] cgroup: Unknown subsys name 'net'
[   81.123376][ T5776] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   82.912245][ T5776] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.664130][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.674325][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.683668][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.692566][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.701047][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.706352][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.709407][ T5798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.716639][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.723946][ T5798] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.729693][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.744095][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.744389][ T5800] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.753607][ T5798] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   84.767322][ T5104] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   84.786744][ T5104] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.817929][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.825375][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.833440][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.842835][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   84.844897][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   84.858459][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   84.866283][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   84.879503][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   84.893614][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   85.407126][ T5790] chnl_net:caif_netlink_parms(): no params data found
[   85.494704][ T5787] chnl_net:caif_netlink_parms(): no params data found
[   85.542134][ T5786] chnl_net:caif_netlink_parms(): no params data found
[   85.613363][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   85.670629][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.677940][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.686681][ T5790] bridge_slave_0: entered allmulticast mode
[   85.694338][ T5790] bridge_slave_0: entered promiscuous mode
[   85.737264][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.744454][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.752403][ T5790] bridge_slave_1: entered allmulticast mode
[   85.759706][ T5790] bridge_slave_1: entered promiscuous mode
[   85.799184][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.806461][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.813622][ T5787] bridge_slave_0: entered allmulticast mode
[   85.821401][ T5787] bridge_slave_0: entered promiscuous mode
[   85.851615][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   85.866876][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.874093][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.881412][ T5787] bridge_slave_1: entered allmulticast mode
[   85.889171][ T5787] bridge_slave_1: entered promiscuous mode
[   85.904925][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.019068][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.026755][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.034010][ T5786] bridge_slave_0: entered allmulticast mode
[   86.041646][ T5786] bridge_slave_0: entered promiscuous mode
[   86.052626][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.065253][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.076238][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.083401][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.090746][ T5788] bridge_slave_0: entered allmulticast mode
[   86.098483][ T5788] bridge_slave_0: entered promiscuous mode
[   86.109466][ T5790] team0: Port device team_slave_0 added
[   86.118845][ T5790] team0: Port device team_slave_1 added
[   86.137738][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.144980][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.152243][ T5786] bridge_slave_1: entered allmulticast mode
[   86.160088][ T5786] bridge_slave_1: entered promiscuous mode
[   86.180027][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.187261][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.194456][ T5788] bridge_slave_1: entered allmulticast mode
[   86.202106][ T5788] bridge_slave_1: entered promiscuous mode
[   86.292221][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.302645][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.310641][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.337049][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.351484][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.371479][ T5787] team0: Port device team_slave_0 added
[   86.379810][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.401443][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.408592][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.435000][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.448369][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.471567][ T5787] team0: Port device team_slave_1 added
[   86.520714][ T5786] team0: Port device team_slave_0 added
[   86.551292][ T5788] team0: Port device team_slave_0 added
[   86.561497][ T5786] team0: Port device team_slave_1 added
[   86.584068][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.591157][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.617843][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.630973][ T5788] team0: Port device team_slave_1 added
[   86.674010][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.681135][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.707233][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.732093][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.740107][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.766576][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.799135][ T5790] hsr_slave_0: entered promiscuous mode
[   86.806596][ T5790] hsr_slave_1: entered promiscuous mode
[   86.834317][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.843895][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.870403][ T5798] Bluetooth: hci1: command tx timeout
[   86.875317][ T5798] Bluetooth: hci0: command tx timeout
[   86.876138][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.894301][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.902007][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.928321][ T5798] Bluetooth: hci2: command tx timeout
[   86.928426][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.934991][ T5798] Bluetooth: hci3: command tx timeout
[   86.971393][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.978667][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.005689][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.077563][ T5788] hsr_slave_0: entered promiscuous mode
[   87.084290][ T5788] hsr_slave_1: entered promiscuous mode
[   87.092704][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.101402][ T5788] Cannot create hsr debugfs directory
[   87.209975][ T5787] hsr_slave_0: entered promiscuous mode
[   87.218707][ T5787] hsr_slave_1: entered promiscuous mode
[   87.225637][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.233236][ T5787] Cannot create hsr debugfs directory
[   87.294513][ T5786] hsr_slave_0: entered promiscuous mode
[   87.303694][ T5786] hsr_slave_1: entered promiscuous mode
[   87.311057][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   87.319134][ T5786] Cannot create hsr debugfs directory
[   87.811515][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   87.823658][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   87.846392][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   87.857479][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   87.931081][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   87.942166][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   87.966719][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   87.983159][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   88.072886][ T5788] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   88.085264][ T5788] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   88.107995][ T5788] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   88.118589][ T5788] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   88.240401][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   88.257583][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.269820][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   88.280534][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   88.292654][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   88.350935][ T5790] 8021q: adding VLAN 0 to HW filter on device team0
[   88.384056][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.391544][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.430596][ T1121] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.437813][ T1121] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.497134][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.544072][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   88.559931][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.606892][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.614148][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.631934][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   88.673835][   T34] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.681419][   T34] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.721402][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   88.769890][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0
[   88.808866][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.816136][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.843285][   T48] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.850543][   T48] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.925278][ T5796] Bluetooth: hci1: command tx timeout
[   88.930947][ T5798] Bluetooth: hci0: command tx timeout
[   88.958339][ T5786] 8021q: adding VLAN 0 to HW filter on device team0
[   89.004391][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.016140][ T5796] Bluetooth: hci2: command tx timeout
[   89.021680][ T5798] Bluetooth: hci3: command tx timeout
[   89.023392][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.034343][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.084689][   T34] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.091983][   T34] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.249480][ T5790] veth0_vlan: entered promiscuous mode
[   89.294251][ T5790] veth1_vlan: entered promiscuous mode
[   89.363110][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.422807][ T5790] veth0_macvtap: entered promiscuous mode
[   89.462244][ T5790] veth1_macvtap: entered promiscuous mode
[   89.551540][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.561926][ T5787] veth0_vlan: entered promiscuous mode
[   89.609714][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.631033][ T5787] veth1_vlan: entered promiscuous mode
[   89.671329][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.681265][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.691183][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.700108][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.727754][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.786578][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.807823][ T5787] veth0_macvtap: entered promiscuous mode
[   89.867448][ T5787] veth1_macvtap: entered promiscuous mode
[   89.904813][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.912888][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.941826][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.954776][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.967268][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.010388][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.022301][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.037849][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.048973][ T5788] veth0_vlan: entered promiscuous mode
[   90.060365][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.063381][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.075520][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.083206][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.093576][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.102641][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.142284][ T5786] veth0_vlan: entered promiscuous mode
[   90.170168][ T5788] veth1_vlan: entered promiscuous mode
[   90.186010][ T5786] veth1_vlan: entered promiscuous mode
[   90.322912][ T5788] veth0_macvtap: entered promiscuous mode
[   90.392450][ T5788] veth1_macvtap: entered promiscuous mode
[   90.409278][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.422230][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.458925][ T5786] veth0_macvtap: entered promiscuous mode
[   90.470402][ T5786] veth1_macvtap: entered promiscuous mode
[   90.509244][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.521319][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.532752][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.543554][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.565706][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.579447][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.599318][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.610145][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.621151][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.631862][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.643014][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.656343][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0
[   90.674247][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.695164][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.713786][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.725134][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.742650][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.753949][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.771210][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.789851][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.801945][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.819369][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   90.832249][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   90.854306][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   90.888101][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.898290][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.908187][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.917110][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.966932][ T5788] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.990550][ T5886] syz.2.5[5886]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   91.019363][ T5886] loop2: detected capacity change from 0 to 16
[   91.062879][ T5886] erofs: (device loop2): mounted with root inode @ nid 36.
[   91.098689][ T5886] syz.2.5: attempt to access beyond end of device
[   91.098689][ T5886] loop2: rw=0, sector=8, nr_sectors = 32 limit=16
[   91.140327][ T5886] syz.2.5: attempt to access beyond end of device
[   91.140327][ T5886] loop2: rw=524288, sector=16, nr_sectors = 32 limit=16
[   91.154371][ T5886] syz.2.5: attempt to access beyond end of device
[   91.154371][ T5886] loop2: rw=524288, sector=8, nr_sectors = 32 limit=16
[   91.180516][ T5886] syz.2.5: attempt to access beyond end of device
[   91.180516][ T5886] loop2: rw=0, sector=8, nr_sectors = 32 limit=16
[   91.203514][ T5886] syz.2.5: attempt to access beyond end of device
[   91.203514][ T5886] loop2: rw=0, sector=8, nr_sectors = 32 limit=16
[   91.222404][ T5886] syz.2.5: attempt to access beyond end of device
[   91.222404][ T5886] loop2: rw=0, sector=8, nr_sectors = 32 limit=16
[   91.257468][ T5798] Bluetooth: hci0: command tx timeout
[   91.270933][ T5798] Bluetooth: hci1: command tx timeout
[   91.277747][ T5798] Bluetooth: hci3: command tx timeout
[   91.283946][ T5798] Bluetooth: hci2: command tx timeout
[   91.367611][ T5788] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.437471][ T5788] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.446950][ T5788] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.502027][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.529168][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.613322][ T5790] BUG: Bad page state in process syz-executor  pfn:5cebe
[   91.621259][ T5790] page:ffffea000173af80 refcount:0 mapcount:0 mapping:ffff88805de287c8 index:0x2 pfn:0x5cebe
[   91.631928][ T5790] aops:z_erofs_cache_aops ino:0
[   91.637320][ T5790] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[   91.646575][ T5790] page_type: 0xffffffff()
[   91.650963][ T5790] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805de287c8
[   91.660613][ T5790] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   91.669864][ T5790] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   91.677625][ T5790] page_owner tracks the page as allocated
[   91.679925][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.683563][ T5790] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5886, tgid 5883 (syz.2.5), ts 91096898303, free_ts 26469998452
[   91.714197][ T5790]  post_alloc_hook+0x1cd/0x210
[   91.719394][ T5790]  get_page_from_freelist+0x195c/0x19f0
[   91.725474][ T5790]  __alloc_pages+0x1e3/0x460
[   91.730926][ T5790]  z_erofs_do_read_page+0x20c0/0x3680
[   91.736766][ T5790]  z_erofs_pcluster_readmore+0x2cf/0x450
[   91.742129][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.742442][ T5790]  z_erofs_read_folio+0x208/0x540
[   91.755823][ T5790]  filemap_read_folio+0x167/0x760
[   91.760890][ T5790]  do_read_cache_folio+0x470/0x7e0
[   91.766562][ T5790]  erofs_bread+0x16f/0x630
[   91.771044][ T5790]  erofs_namei+0x28c/0xf00
[   91.775955][ T5790]  erofs_lookup+0x135/0x310
[   91.780545][ T5790]  path_openat+0x10b8/0x3190
[   91.785639][ T5790]  do_filp_open+0x1c5/0x3d0
[   91.790188][ T5790]  do_sys_openat2+0x12c/0x1c0
[   91.795396][ T5790]  __x64_sys_creat+0x90/0xb0
[   91.800025][ T5790]  do_syscall_64+0x55/0xb0
[   91.804472][ T5790] page last free stack trace:
[   91.810735][ T5790]  free_unref_page_prepare+0x7ce/0x8e0
[   91.816596][ T5790]  free_unref_page+0x32/0x2e0
[   91.821302][ T5790]  free_contig_range+0xa1/0x160
[   91.826870][ T5790]  destroy_args+0x80/0x850
[   91.831335][ T5790]  debug_vm_pgtable+0x3cc/0x410
[   91.836527][ T5790]  do_one_initcall+0x1fd/0x750
[   91.841318][ T5790]  do_initcall_level+0x137/0x1f0
[   91.846386][ T5790]  do_initcalls+0x69/0xd0
[   91.850763][ T5790]  kernel_init_freeable+0x3d2/0x570
[   91.856078][ T5790]  kernel_init+0x1d/0x1c0
[   91.860684][ T5790]  ret_from_fork+0x48/0x80
[   91.865322][ T5790]  ret_from_fork_asm+0x11/0x20
[   91.870199][ T5790] Modules linked in:
[   91.874162][ T5790] CPU: 1 PID: 5790 Comm: syz-executor Not tainted syzkaller #0
[   91.881747][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   91.891854][ T5790] Call Trace:
[   91.895171][ T5790]  <TASK>
[   91.898143][ T5790]  dump_stack_lvl+0x16c/0x230
[   91.902859][ T5790]  ? show_regs_print_info+0x20/0x20
[   91.908075][ T5790]  ? swiotlb_print_info+0x70/0x70
[   91.913134][ T5790]  bad_page+0x14b/0x170
[   91.917317][ T5790]  free_unref_page_prepare+0x887/0x8e0
[   91.922824][ T5790]  free_unref_page+0x32/0x2e0
[   91.927517][ T5790]  ? __folio_put+0xef/0x210
[   91.932031][ T5790]  erofs_try_to_free_all_cached_pages+0x295/0x600
[   91.938484][ T5790]  erofs_shrink_workstation+0x118/0x290
[   91.944095][ T5790]  ? erofs_shrinker_unregister+0x170/0x170
[   91.949932][ T5790]  ? io_schedule+0xd0/0xd0
[   91.954367][ T5790]  ? kobject_put+0x43c/0x470
[   91.958996][ T5790]  erofs_shrinker_unregister+0x5d/0x170
[   91.964594][ T5790]  erofs_put_super+0x4e/0x150
[   91.969313][ T5790]  ? erofs_free_inode+0xb0/0xb0
[   91.974192][ T5790]  generic_shutdown_super+0x134/0x2b0
[   91.979595][ T5790]  kill_block_super+0x44/0x90
[   91.984306][ T5790]  erofs_kill_sb+0x4c/0x140
[   91.988848][ T5790]  deactivate_locked_super+0x97/0x100
[   91.994260][ T5790]  cleanup_mnt+0x429/0x4c0
[   91.998705][ T5790]  task_work_run+0x1ce/0x250
[   92.003336][ T5790]  ? task_work_cancel+0x240/0x240
[   92.008390][ T5790]  ? exit_to_user_mode_loop+0x3b/0x110
[   92.013879][ T5790]  exit_to_user_mode_loop+0xe6/0x110
[   92.019192][ T5790]  exit_to_user_mode_prepare+0xf6/0x180
[   92.024764][ T5790]  syscall_exit_to_user_mode+0x1a/0x50
[   92.030270][ T5790]  do_syscall_64+0x61/0xb0
[   92.034809][ T5790]  ? clear_bhb_loop+0x40/0x90
[   92.039510][ T5790]  ? clear_bhb_loop+0x40/0x90
[   92.044204][ T5790]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.050133][ T5790] RIP: 0033:0x7f2cfdd901f7
[   92.054585][ T5790] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   92.074219][ T5790] RSP: 002b:00007ffc366b29f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   92.082661][ T5790] RAX: 0000000000000000 RBX: 00007f2cfde11d7d RCX: 00007f2cfdd901f7
[   92.090647][ T5790] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc366b2ab0
[   92.098634][ T5790] RBP: 00007ffc366b2ab0 R08: 0000000000000000 R09: 0000000000000000
[   92.106616][ T5790] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc366b3b40
[   92.114608][ T5790] R13: 00007f2cfde11d7d R14: 0000000000016577 R15: 00007ffc366b3b80
[   92.122613][ T5790]  </TASK>
[   92.129307][ T5790] Disabling lock debugging due to kernel taint
[   92.135661][ T5790] BUG: Bad page state in process syz-executor  pfn:5cebf
[   92.137525][  T786] cfg80211: failed to load regulatory.db
[   92.142693][ T5790] page:ffffea000173afc0 refcount:0 mapcount:0 mapping:ffff88805de287c8 index:0x3 pfn:0x5cebf
[   92.158729][ T5790] aops:z_erofs_cache_aops ino:0
[   92.163617][ T5790] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[   92.171569][ T5790] page_type: 0xffffffff()
[   92.176019][ T5790] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805de287c8
[   92.184684][ T5790] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000
[   92.193287][ T5790] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   92.200610][ T5790] page_owner tracks the page as allocated
[   92.206690][ T5790] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5886, tgid 5883 (syz.2.5), ts 91097357302, free_ts 26470009271
[   92.228318][ T5790]  post_alloc_hook+0x1cd/0x210
[   92.233272][ T5790]  get_page_from_freelist+0x195c/0x19f0
[   92.239045][ T5790]  __alloc_pages+0x1e3/0x460
[   92.243672][ T5790]  z_erofs_do_read_page+0x20c0/0x3680
[   92.249124][ T5790]  z_erofs_pcluster_readmore+0x2cf/0x450
[   92.254886][ T5790]  z_erofs_read_folio+0x208/0x540
[   92.259926][ T5790]  filemap_read_folio+0x167/0x760
[   92.265031][ T5790]  do_read_cache_folio+0x470/0x7e0
[   92.270376][ T5790]  erofs_bread+0x16f/0x630
[   92.274904][ T5790]  erofs_namei+0x28c/0xf00
[   92.279363][ T5790]  erofs_lookup+0x135/0x310
[   92.283897][ T5790]  path_openat+0x10b8/0x3190
[   92.289472][ T5790]  do_filp_open+0x1c5/0x3d0
[   92.294000][ T5790]  do_sys_openat2+0x12c/0x1c0
[   92.298779][ T5790]  __x64_sys_creat+0x90/0xb0
[   92.303398][ T5790]  do_syscall_64+0x55/0xb0
[   92.307887][ T5790] page last free stack trace:
[   92.312569][ T5790]  free_unref_page_prepare+0x7ce/0x8e0
[   92.318097][ T5790]  free_unref_page+0x32/0x2e0
[   92.322820][ T5790]  free_contig_range+0xa1/0x160
[   92.327729][ T5790]  destroy_args+0x80/0x850
[   92.332695][ T5790]  debug_vm_pgtable+0x3cc/0x410
[   92.337597][ T5790]  do_one_initcall+0x1fd/0x750
[   92.342396][ T5790]  do_initcall_level+0x137/0x1f0
[   92.347418][ T5790]  do_initcalls+0x69/0xd0
[   92.351775][ T5790]  kernel_init_freeable+0x3d2/0x570
[   92.357017][ T5790]  kernel_init+0x1d/0x1c0
[   92.361369][ T5790]  ret_from_fork+0x48/0x80
[   92.366224][ T5790]  ret_from_fork_asm+0x11/0x20
[   92.371226][ T5790] Modules linked in:
[   92.375225][ T5790] CPU: 1 PID: 5790 Comm: syz-executor Tainted: G    B              syzkaller #0
[   92.384270][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   92.394339][ T5790] Call Trace:
[   92.397633][ T5790]  <TASK>
[   92.400572][ T5790]  dump_stack_lvl+0x16c/0x230
[   92.405272][ T5790]  ? show_regs_print_info+0x20/0x20
[   92.410483][ T5790]  ? swiotlb_print_info+0x70/0x70
[   92.415526][ T5790]  bad_page+0x14b/0x170
[   92.419696][ T5790]  free_unref_page_prepare+0x887/0x8e0
[   92.425173][ T5790]  free_unref_page+0x32/0x2e0
[   92.429867][ T5790]  ? __folio_put+0xef/0x210
[   92.434377][ T5790]  erofs_try_to_free_all_cached_pages+0x295/0x600
[   92.440813][ T5790]  erofs_shrink_workstation+0x118/0x290
[   92.446377][ T5790]  ? erofs_shrinker_unregister+0x170/0x170
[   92.452202][ T5790]  ? io_schedule+0xd0/0xd0
[   92.456635][ T5790]  ? kobject_put+0x43c/0x470
[   92.461249][ T5790]  erofs_shrinker_unregister+0x5d/0x170
[   92.466815][ T5790]  erofs_put_super+0x4e/0x150
[   92.471512][ T5790]  ? erofs_free_inode+0xb0/0xb0
[   92.476389][ T5790]  generic_shutdown_super+0x134/0x2b0
[   92.481786][ T5790]  kill_block_super+0x44/0x90
[   92.486473][ T5790]  erofs_kill_sb+0x4c/0x140
[   92.490990][ T5790]  deactivate_locked_super+0x97/0x100
[   92.496396][ T5790]  cleanup_mnt+0x429/0x4c0
[   92.500829][ T5790]  task_work_run+0x1ce/0x250
[   92.505435][ T5790]  ? task_work_cancel+0x240/0x240
[   92.510472][ T5790]  ? exit_to_user_mode_loop+0x3b/0x110
[   92.515946][ T5790]  exit_to_user_mode_loop+0xe6/0x110
[   92.521250][ T5790]  exit_to_user_mode_prepare+0xf6/0x180
[   92.526813][ T5790]  syscall_exit_to_user_mode+0x1a/0x50
[   92.532294][ T5790]  do_syscall_64+0x61/0xb0
[   92.536723][ T5790]  ? clear_bhb_loop+0x40/0x90
[   92.541406][ T5790]  ? clear_bhb_loop+0x40/0x90
[   92.546091][ T5790]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.551992][ T5790] RIP: 0033:0x7f2cfdd901f7
[   92.556416][ T5790] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   92.576034][ T5790] RSP: 002b:00007ffc366b29f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   92.584542][ T5790] RAX: 0000000000000000 RBX: 00007f2cfde11d7d RCX: 00007f2cfdd901f7
[   92.592518][ T5790] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc366b2ab0
[   92.600494][ T5790] RBP: 00007ffc366b2ab0 R08: 0000000000000000 R09: 0000000000000000
[   92.608473][ T5790] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc366b3b40
[   92.616453][ T5790] R13: 00007f2cfde11d7d R14: 0000000000016577 R15: 00007ffc366b3b80
[   92.624442][ T5790]  </TASK>
[   92.627533][ T5790] BUG: Bad page state in process syz-executor  pfn:5cec0
[   92.635905][ T5790] page:ffffea000173b000 refcount:0 mapcount:0 mapping:ffff88805de287c8 index:0x4 pfn:0x5cec0
[   92.646270][ T5790] aops:z_erofs_cache_aops ino:0
[   92.651164][ T5790] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff)
[   92.658951][ T5790] page_type: 0xffffffff()
[   92.663308][ T5790] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805de287c8
[   92.671964][ T5790] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   92.680796][ T5790] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[   92.688992][ T5790] page_owner tracks the page as allocated
[   92.694814][ T5790] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5886, tgid 5883 (syz.2.5), ts 91097468226, free_ts 26470019899
[   92.716437][ T5790]  post_alloc_hook+0x1cd/0x210
[   92.721226][ T5790]  get_page_from_freelist+0x195c/0x19f0
[   92.726837][ T5790]  __alloc_pages+0x1e3/0x460
[   92.731464][ T5790]  z_erofs_do_read_page+0x20c0/0x3680
[   92.736912][ T5790]  z_erofs_pcluster_readmore+0x2cf/0x450
[   92.742579][ T5790]  z_erofs_read_folio+0x208/0x540
[   92.747666][ T5790]  filemap_read_folio+0x167/0x760
[   92.752719][ T5790]  do_read_cache_folio+0x470/0x7e0
[   92.757915][ T5790]  erofs_bread+0x16f/0x630
[   92.762368][ T5790]  erofs_namei+0x28c/0xf00
[   92.767505][ T5790]  erofs_lookup+0x135/0x310
[   92.772043][ T5790]  path_openat+0x10b8/0x3190
[   92.776744][ T5790]  do_filp_open+0x1c5/0x3d0
[   92.781526][ T5790]  do_sys_openat2+0x12c/0x1c0
[   92.786334][ T5790]  __x64_sys_creat+0x90/0xb0
[   92.790958][ T5790]  do_syscall_64+0x55/0xb0
[   92.795439][ T5790] page last free stack trace:
[   92.800128][ T5790]  free_unref_page_prepare+0x7ce/0x8e0
[   92.805664][ T5790]  free_unref_page+0x32/0x2e0
[   92.810379][ T5790]  free_contig_range+0xa1/0x160
[   92.815299][ T5790]  destroy_args+0x80/0x850
[   92.819745][ T5790]  debug_vm_pgtable+0x3cc/0x410
[   92.824692][ T5790]  do_one_initcall+0x1fd/0x750
[   92.829494][ T5790]  do_initcall_level+0x137/0x1f0
[   92.834444][ T5790]  do_initcalls+0x69/0xd0
[   92.838931][ T5790]  kernel_init_freeable+0x3d2/0x570
[   92.844184][ T5790]  kernel_init+0x1d/0x1c0
[   92.848590][ T5790]  ret_from_fork+0x48/0x80
[   92.853097][ T5790]  ret_from_fork_asm+0x11/0x20
[   92.857925][ T5790] Modules linked in:
[   92.861837][ T5790] CPU: 1 PID: 5790 Comm: syz-executor Tainted: G    B              syzkaller #0
[   92.870864][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[   92.880932][ T5790] Call Trace:
[   92.884235][ T5790]  <TASK>
[   92.887208][ T5790]  dump_stack_lvl+0x16c/0x230
[   92.891904][ T5790]  ? show_regs_print_info+0x20/0x20
[   92.897465][ T5790]  ? swiotlb_print_info+0x70/0x70
[   92.902507][ T5790]  bad_page+0x14b/0x170
[   92.906671][ T5790]  free_unref_page_prepare+0x887/0x8e0
[   92.912160][ T5790]  free_unref_page+0x32/0x2e0
[   92.916858][ T5790]  ? __folio_put+0xef/0x210
[   92.921370][ T5790]  erofs_try_to_free_all_cached_pages+0x295/0x600
[   92.927797][ T5790]  erofs_shrink_workstation+0x118/0x290
[   92.933358][ T5790]  ? erofs_shrinker_unregister+0x170/0x170
[   92.939179][ T5790]  ? io_schedule+0xd0/0xd0
[   92.943664][ T5790]  ? kobject_put+0x43c/0x470
[   92.948274][ T5790]  erofs_shrinker_unregister+0x5d/0x170
[   92.953844][ T5790]  erofs_put_super+0x4e/0x150
[   92.958557][ T5790]  ? erofs_free_inode+0xb0/0xb0
[   92.963428][ T5790]  generic_shutdown_super+0x134/0x2b0
[   92.968828][ T5790]  kill_block_super+0x44/0x90
[   92.973511][ T5790]  erofs_kill_sb+0x4c/0x140
[   92.978035][ T5790]  deactivate_locked_super+0x97/0x100
[   92.983424][ T5790]  cleanup_mnt+0x429/0x4c0
[   92.987866][ T5790]  task_work_run+0x1ce/0x250
[   92.992476][ T5790]  ? task_work_cancel+0x240/0x240
[   92.997515][ T5790]  ? exit_to_user_mode_loop+0x3b/0x110
[   93.002990][ T5790]  exit_to_user_mode_loop+0xe6/0x110
[   93.008317][ T5790]  exit_to_user_mode_prepare+0xf6/0x180
[   93.013904][ T5790]  syscall_exit_to_user_mode+0x1a/0x50
[   93.019398][ T5790]  do_syscall_64+0x61/0xb0
[   93.023835][ T5790]  ? clear_bhb_loop+0x40/0x90
[   93.028532][ T5790]  ? clear_bhb_loop+0x40/0x90
[   93.033221][ T5790]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   93.039124][ T5790] RIP: 0033:0x7f2cfdd901f7
[   93.043550][ T5790] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   93.063164][ T5790] RSP: 002b:00007ffc366b29f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   93.071590][ T5790] RAX: 0000000000000000 RBX: 00007f2cfde11d7d RCX: 00007f2cfdd901f7
[   93.079569][ T5790] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc366b2ab0
[   93.087563][ T5790] RBP: 00007ffc366b2ab0 R08: 0000000000000000 R09: 0000000000000000
[   93.095547][ T5790] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc366b3b40
[   93.103528][ T5790] R13: 00007f2cfde11d7d R14: 0000000000016577 R15: 00007ffc366b3b80
[   93.111519][ T5790]  </TASK>
[   93.334959][ T5796] Bluetooth: hci2: command tx timeout
[   93.340438][ T5796] Bluetooth: hci3: command tx timeout
[   93.345963][ T5798] Bluetooth: hci1: command tx timeout
[   93.345994][ T5795] Bluetooth: hci0: command tx timeout