Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts.
2026/04/05 07:11:22 parsed 1 programs
[   87.686965][ T5846] cgroup: Unknown subsys name 'net'
[   87.801651][ T5846] cgroup: Unknown subsys name 'cpuset'
[   87.810323][ T5846] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   89.557456][ T5846] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   92.102445][    T9] cfg80211: failed to load regulatory.db
[   92.801247][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.114062][ T5867] chnl_net:caif_netlink_parms(): no params data found
[   93.201179][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.209450][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.216922][ T5867] bridge_slave_0: entered allmulticast mode
[   93.224121][ T5867] bridge_slave_0: entered promiscuous mode
[   93.234616][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.242197][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.250267][ T5867] bridge_slave_1: entered allmulticast mode
[   93.259656][ T5867] bridge_slave_1: entered promiscuous mode
[   93.290844][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.303179][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.331610][ T5867] team0: Port device team_slave_0 added
[   93.339928][ T5867] team0: Port device team_slave_1 added
[   93.363824][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.370864][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.397210][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.409757][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.417510][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.443748][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.486532][ T5867] hsr_slave_0: entered promiscuous mode
[   93.493048][ T5867] hsr_slave_1: entered promiscuous mode
[   93.641856][ T5867] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.655553][ T5867] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.665592][ T5867] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.678090][ T5867] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.713731][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.721419][ T5867] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.729531][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.736661][ T5867] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.795429][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.816377][   T55] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.825680][   T55] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.842490][ T5867] 8021q: adding VLAN 0 to HW filter on device team0
[   93.855641][  T201] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.862927][  T201] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.878548][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.885764][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.063692][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.111367][ T5867] veth0_vlan: entered promiscuous mode
[   94.123590][ T5867] veth1_vlan: entered promiscuous mode
[   94.152350][ T5867] veth0_macvtap: entered promiscuous mode
[   94.163208][ T5867] veth1_macvtap: entered promiscuous mode
[   94.188859][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.204787][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.221268][  T201] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.234195][  T201] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.244361][  T201] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.254341][  T201] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.440936][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.500731][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.607861][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.670759][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   94.680481][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   94.693538][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   94.695608][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.702516][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   94.721017][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.002889][  T201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.014611][  T201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.049001][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.059822][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.708126][   T36] bridge_slave_1: left allmulticast mode
[   97.720876][   T36] bridge_slave_1: left promiscuous mode
[   97.743506][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.783554][   T36] bridge_slave_0: left allmulticast mode
[   97.791060][   T36] bridge_slave_0: left promiscuous mode
[   97.798149][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
2026/04/05 07:11:35 executed programs: 0
[   97.937141][ T5162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.948007][ T5162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.956309][ T5162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.973258][ T5162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.985813][ T5162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   98.073211][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   98.084992][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   98.095724][   T36] bond0 (unregistering): Released all slaves
[   98.205311][   T36] hsr_slave_0: left promiscuous mode
[   98.212261][   T36] hsr_slave_1: left promiscuous mode
[   98.219068][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   98.227267][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.235810][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   98.244162][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.265197][   T36] veth1_macvtap: left promiscuous mode
[   98.271979][   T36] veth0_macvtap: left promiscuous mode
[   98.278311][   T36] veth1_vlan: left promiscuous mode
[   98.284448][   T36] veth0_vlan: left promiscuous mode
[   98.668900][   T36] team0 (unregistering): Port device team_slave_1 removed
[   98.696359][   T36] team0 (unregistering): Port device team_slave_0 removed
[   99.104354][ T5961] chnl_net:caif_netlink_parms(): no params data found
[   99.335618][ T5961] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.349370][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.357975][ T5961] bridge_slave_0: entered allmulticast mode
[   99.367580][ T5961] bridge_slave_0: entered promiscuous mode
[   99.381546][ T5961] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.389335][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.397098][ T5961] bridge_slave_1: entered allmulticast mode
[   99.407231][ T5961] bridge_slave_1: entered promiscuous mode
[   99.455076][ T5961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.470711][ T5961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.509131][ T5961] team0: Port device team_slave_0 added
[   99.518028][ T5961] team0: Port device team_slave_1 added
[   99.559504][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.566656][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   99.593033][ T5961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.017316][ T5162] Bluetooth: hci0: command tx timeout
[  100.061939][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.068991][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.097192][ T5961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.173339][ T5961] hsr_slave_0: entered promiscuous mode
[  100.180207][ T5961] hsr_slave_1: entered promiscuous mode
[  101.330765][ T5961] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.343533][ T5961] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.356044][ T5961] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.371808][ T5961] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.500883][ T5961] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.530619][ T5961] 8021q: adding VLAN 0 to HW filter on device team0
[  101.544514][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.552144][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.573960][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.581374][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.923232][ T5961] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.995187][ T5961] veth0_vlan: entered promiscuous mode
[  102.013037][ T5961] veth1_vlan: entered promiscuous mode
[  102.070847][ T5961] veth0_macvtap: entered promiscuous mode
[  102.083645][ T5961] veth1_macvtap: entered promiscuous mode
[  102.108936][ T5162] Bluetooth: hci0: command tx timeout
[  102.119102][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.144242][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.165637][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.187854][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.206800][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.217945][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.312734][ T1027] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.331062][ T1027] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.375210][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.385792][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.468403][ T6057] lo speed is unknown, defaulting to 1000
[  102.475703][ T6057] lo speed is unknown, defaulting to 1000
[  102.488518][ T6057] lo speed is unknown, defaulting to 1000
[  102.497995][ T6057] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  102.513394][ T6057] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  102.530834][ T6057] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  102.547060][ T6057] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  102.568269][ T6057] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  102.623163][ T6057] lo speed is unknown, defaulting to 1000
2026/04/05 07:11:40 executed programs: 9
[  104.176280][ T5162] Bluetooth: hci0: command tx timeout
[  106.256099][ T5162] Bluetooth: hci0: command tx timeout
2026/04/05 07:11:45 executed programs: 260
2026/04/05 07:11:50 executed programs: 517
[  114.637941][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  114.653862][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  114.665126][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  114.673926][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  114.681668][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  114.717335][ T6664] lo speed is unknown, defaulting to 1000
[  114.837165][ T6664] chnl_net:caif_netlink_parms(): no params data found
[  114.872899][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.947546][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.973399][ T6664] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.980683][ T6664] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.988151][ T6664] bridge_slave_0: entered allmulticast mode
[  114.995247][ T6664] bridge_slave_0: entered promiscuous mode
[  115.013710][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.030692][ T6664] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.038205][ T6664] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.045738][ T6664] bridge_slave_1: entered allmulticast mode
[  115.053056][ T6664] bridge_slave_1: entered promiscuous mode
[  115.096366][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.112491][ T6664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.125098][ T6664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.161683][ T6664] team0: Port device team_slave_0 added
[  115.170848][ T6664] team0: Port device team_slave_1 added
[  115.202744][ T6664] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.209781][ T6664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  115.236091][ T6664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.262260][ T6664] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.270456][ T6664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  115.298578][ T6664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.394069][ T6664] hsr_slave_0: entered promiscuous mode
[  115.400819][ T6664] hsr_slave_1: entered promiscuous mode
[  115.407345][ T6664] debugfs: 'hsr0' already exists in 'hsr'
[  115.413162][ T6664] Cannot create hsr debugfs directory
[  115.420354][   T36] bridge_slave_1: left allmulticast mode
[  115.426181][   T36] bridge_slave_1: left promiscuous mode
[  115.432137][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.441430][   T36] bridge_slave_0: left allmulticast mode
[  115.448608][   T36] bridge_slave_0: left promiscuous mode
[  115.454631][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.614171][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  115.625484][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  115.635610][   T36] bond0 (unregistering): Released all slaves
[  115.962147][   T36] hsr_slave_0: left promiscuous mode
[  115.978274][   T36] hsr_slave_1: left promiscuous mode
[  115.988312][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.995885][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  116.005143][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.014307][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  116.028587][   T36] veth1_macvtap: left promiscuous mode
[  116.034295][   T36] veth0_macvtap: left promiscuous mode
[  116.040150][   T36] veth1_vlan: left promiscuous mode
[  116.045476][   T36] veth0_vlan: left promiscuous mode
[  116.373624][   T36] team0 (unregistering): Port device team_slave_1 removed
[  116.391164][   T36] team0 (unregistering): Port device team_slave_0 removed
[  116.519608][   T24] lo speed is unknown, defaulting to 1000
[  116.526474][   T24] syz0: Port: 1 Link DOWN
[  116.530688][ T1027] smbdirect: ib_dev[syz0] removed
[  116.562717][ T1027] ==================================================================
[  116.570947][ T1027] BUG: KASAN: invalid-free in gid_table_release_one+0x384/0x470
[  116.578714][ T1027] Free of addr ffff88807bccead8 by task kworker/u8:8/1027
[  116.585926][ T1027] 
[  116.588287][ T1027] CPU: 0 UID: 0 PID: 1027 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[  116.588310][ T1027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  116.588322][ T1027] Workqueue: ib-unreg-wq ib_unregister_work
[  116.588351][ T1027] Call Trace:
[  116.588359][ T1027]  <TASK>
[  116.588366][ T1027]  dump_stack_lvl+0xe8/0x150
[  116.588394][ T1027]  print_address_description+0x55/0x1e0
[  116.588419][ T1027]  print_report+0x58/0x70
[  116.588440][ T1027]  ? gid_table_release_one+0x384/0x470
[  116.588458][ T1027]  kasan_report_invalid_free+0xea/0x110
[  116.588479][ T1027]  ? gid_table_release_one+0x384/0x470
[  116.588501][ T1027]  ? gid_table_release_one+0x384/0x470
[  116.588520][ T1027]  __kasan_slab_pre_free+0x104/0x120
[  116.588537][ T1027]  kfree+0x173/0x640
[  116.588562][ T1027]  ? gid_table_release_one+0x384/0x470
[  116.588584][ T1027]  gid_table_release_one+0x384/0x470
[  116.588610][ T1027]  ib_device_release+0xd2/0x1c0
[  116.588637][ T1027]  ? __pfx_ib_device_release+0x10/0x10
[  116.588662][ T1027]  device_release+0xc4/0x1f0
[  116.588687][ T1027]  kobject_put+0x228/0x560
[  116.588713][ T1027]  ? process_scheduled_works+0xa70/0x1860
[  116.588740][ T1027]  process_scheduled_works+0xb5d/0x1860
[  116.588774][ T1027]  ? __pfx_process_scheduled_works+0x10/0x10
[  116.588802][ T1027]  ? assign_work+0x3d5/0x5e0
[  116.588825][ T1027]  worker_thread+0xa53/0xfc0
[  116.588868][ T1027]  kthread+0x388/0x470
[  116.588887][ T1027]  ? __pfx_worker_thread+0x10/0x10
[  116.588912][ T1027]  ? __pfx_kthread+0x10/0x10
[  116.588931][ T1027]  ret_from_fork+0x514/0xb70
[  116.588958][ T1027]  ? __pfx_ret_from_fork+0x10/0x10
[  116.588980][ T1027]  ? __switch_to+0xc79/0x1410
[  116.589002][ T1027]  ? __pfx_kthread+0x10/0x10
[  116.589022][ T1027]  ret_from_fork_asm+0x1a/0x30
[  116.589043][ T1027]  </TASK>
[  116.589050][ T1027] 
[  116.767230][ T1027] Allocated by task 6057:
[  116.771601][ T1027]  kasan_save_track+0x3e/0x80
[  116.776319][ T1027]  __kasan_kmalloc+0x93/0xb0
[  116.781031][ T1027]  __kmalloc_noprof+0x35c/0x760
[  116.785928][ T1027]  ib_cache_setup_one+0x198/0x570
[  116.790983][ T1027]  ib_register_device+0xfbd/0x13e0
[  116.796132][ T1027]  siw_newlink+0x8fe/0xde0
[  116.800598][ T1027]  nldev_newlink+0x5bc/0x650
[  116.805218][ T1027]  rdma_nl_rcv+0x6d1/0xa10
[  116.809736][ T1027]  netlink_unicast+0x80f/0x9b0
[  116.814887][ T1027]  netlink_sendmsg+0x813/0xb40
[  116.819750][ T1027]  ____sys_sendmsg+0x972/0x9f0
[  116.824634][ T1027]  ___sys_sendmsg+0x2a5/0x360
[  116.829348][ T1027]  __x64_sys_sendmsg+0x1bd/0x2a0
[  116.834323][ T1027]  do_syscall_64+0x15f/0xf80
[  116.838956][ T1027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.845223][ T1027] 
[  116.847581][ T1027] The buggy address belongs to the object at ffff88807bccea00
[  116.847581][ T1027]  which belongs to the cache kmalloc-256 of size 256
[  116.861764][ T1027] The buggy address is located 216 bytes inside of
[  116.861764][ T1027]  224-byte region [ffff88807bccea00, ffff88807bcceae0)
[  116.875160][ T1027] 
[  116.877510][ T1027] The buggy address belongs to the physical page:
[  116.883945][ T1027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807bcce200 pfn:0x7bcce
[  116.894038][ T1027] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  116.902569][ T1027] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  116.911109][ T1027] page_type: f5(slab)
[  116.915228][ T1027] raw: 00fff00000000240 ffff88813fe25b40 ffffea0001d81610 ffffea0001f5c610
[  116.923844][ T1027] raw: ffff88807bcce200 000000080010000c 00000000f5000000 0000000000000000
[  116.932456][ T1027] head: 00fff00000000240 ffff88813fe25b40 ffffea0001d81610 ffffea0001f5c610
[  116.941162][ T1027] head: ffff88807bcce200 000000080010000c 00000000f5000000 0000000000000000
[  116.949965][ T1027] head: 00fff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[  116.958844][ T1027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  116.967811][ T1027] page dumped because: kasan: bad access detected
[  116.974335][ T1027] page_owner tracks the page as allocated
[  116.980083][ T1027] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5961, tgid 5961 (syz-executor), ts 101665035995, free_ts 101519922280
[  117.002094][ T1027]  post_alloc_hook+0x231/0x280
[  117.006998][ T1027]  get_page_from_freelist+0x24ba/0x2540
[  117.012763][ T1027]  __alloc_frozen_pages_noprof+0x18d/0x380
[  117.018779][ T1027]  allocate_slab+0x77/0x660
[  117.023409][ T1027]  refill_objects+0x339/0x3d0
[  117.028123][ T1027]  __pcs_replace_empty_main+0x321/0x720
[  117.033972][ T1027]  __kmalloc_noprof+0x474/0x760
[  117.038959][ T1027]  fib_create_info+0x1723/0x31f0
[  117.044027][ T1027]  fib_table_insert+0xc8/0x1b50
[  117.049004][ T1027]  fib_magic+0x434/0x510
[  117.053433][ T1027]  fib_add_ifaddr+0x38d/0x5f0
[  117.058227][ T1027]  fib_netdev_event+0x382/0x490
[  117.063205][ T1027]  notifier_call_chain+0x1ad/0x3d0
[  117.068358][ T1027]  __dev_notify_flags+0x1a9/0x310
[  117.073424][ T1027]  netif_change_flags+0xe8/0x1a0
[  117.078410][ T1027]  do_setlink+0xf82/0x4590
[  117.082867][ T1027] page last free pid 5961 tgid 5961 stack trace:
[  117.089217][ T1027]  __free_frozen_pages+0xbc7/0xd30
[  117.094522][ T1027]  __slab_free+0x274/0x2c0
[  117.098967][ T1027]  qlist_free_all+0x99/0x100
[  117.103608][ T1027]  kasan_quarantine_reduce+0x148/0x160
[  117.109113][ T1027]  __kasan_slab_alloc+0x22/0x80
[  117.114000][ T1027]  __kmalloc_cache_noprof+0x2ba/0x660
[  117.119421][ T1027]  ipv6_add_addr+0x55e/0x1100
[  117.124249][ T1027]  inet6_addr_add+0x454/0xb20
[  117.129141][ T1027]  inet6_rtm_newaddr+0xa17/0xe30
[  117.134136][ T1027]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  117.139118][ T1027]  netlink_rcv_skb+0x232/0x4b0
[  117.143931][ T1027]  netlink_unicast+0x80f/0x9b0
[  117.148860][ T1027]  netlink_sendmsg+0x813/0xb40
[  117.153726][ T1027]  __sys_sendto+0x672/0x710
[  117.158361][ T1027]  __x64_sys_sendto+0xde/0x100
[  117.163154][ T1027]  do_syscall_64+0x15f/0xf80
[  117.167778][ T1027] 
[  117.170127][ T1027] Memory state around the buggy address:
[  117.175782][ T1027]  ffff88807bcce980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.183872][ T1027]  ffff88807bccea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  117.191952][ T1027] >ffff88807bccea80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  117.200271][ T1027]                                                     ^
[  117.207212][ T1027]  ffff88807bcceb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.215286][ T1027]  ffff88807bcceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  117.223360][ T1027] ==================================================================
[  117.232314][   T51] Bluetooth: hci0: command tx timeout
[  117.241432][ T1027] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  117.248857][ T1027] CPU: 0 UID: 0 PID: 1027 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) 
[  117.258422][ T1027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  117.269010][ T1027] Workqueue: ib-unreg-wq ib_unregister_work
[  117.274929][ T1027] Call Trace:
[  117.278213][ T1027]  <TASK>
[  117.281151][ T1027]  vpanic+0x56c/0xa60
[  117.285161][ T1027]  ? __pfx_vpanic+0x10/0x10
[  117.289802][ T1027]  panic+0xc5/0xd0
[  117.293535][ T1027]  ? __pfx_panic+0x10/0x10
[  117.297966][ T1027]  ? preempt_schedule_thunk+0x16/0x30
[  117.303524][ T1027]  ? preempt_schedule_thunk+0x16/0x30
[  117.308912][ T1027]  check_panic_on_warn+0x89/0xb0
[  117.313946][ T1027]  end_report+0x73/0x170
[  117.318190][ T1027]  ? gid_table_release_one+0x384/0x470
[  117.323659][ T1027]  kasan_report_invalid_free+0xfa/0x110
[  117.329210][ T1027]  ? gid_table_release_one+0x384/0x470
[  117.334712][ T1027]  ? gid_table_release_one+0x384/0x470
[  117.340176][ T1027]  __kasan_slab_pre_free+0x104/0x120
[  117.345644][ T1027]  kfree+0x173/0x640
[  117.349557][ T1027]  ? gid_table_release_one+0x384/0x470
[  117.355112][ T1027]  gid_table_release_one+0x384/0x470
[  117.360411][ T1027]  ib_device_release+0xd2/0x1c0
[  117.365291][ T1027]  ? __pfx_ib_device_release+0x10/0x10
[  117.370871][ T1027]  device_release+0xc4/0x1f0
[  117.375572][ T1027]  kobject_put+0x228/0x560
[  117.380023][ T1027]  ? process_scheduled_works+0xa70/0x1860
[  117.385781][ T1027]  process_scheduled_works+0xb5d/0x1860
[  117.391547][ T1027]  ? __pfx_process_scheduled_works+0x10/0x10
[  117.397778][ T1027]  ? assign_work+0x3d5/0x5e0
[  117.402389][ T1027]  worker_thread+0xa53/0xfc0
[  117.407013][ T1027]  kthread+0x388/0x470
[  117.411106][ T1027]  ? __pfx_worker_thread+0x10/0x10
[  117.416259][ T1027]  ? __pfx_kthread+0x10/0x10
[  117.420903][ T1027]  ret_from_fork+0x514/0xb70
[  117.425515][ T1027]  ? __pfx_ret_from_fork+0x10/0x10
[  117.430732][ T1027]  ? __switch_to+0xc79/0x1410
[  117.435418][ T1027]  ? __pfx_kthread+0x10/0x10
[  117.440018][ T1027]  ret_from_fork_asm+0x1a/0x30
[  117.444807][ T1027]  </TASK>
[  117.448636][ T1027] Kernel Offset: disabled
[  117.452978][ T1027] Rebooting in 86400 seconds..