no interfaces have a carrier
[   57.564141][ T5511] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.579951][ T5511] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: OK

syzkaller
syzkaller login: [   92.187870][    T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.4' (ED25519) to the list of known hosts.
2025/07/05 00:49:39 ignoring optional flag "sandboxArg"="0"
2025/07/05 00:49:40 parsed 1 programs
[  173.405096][ T5873] cgroup: Unknown subsys name 'net'
[  173.579490][ T5873] cgroup: Unknown subsys name 'cpuset'
[  173.588695][ T5873] cgroup: Unknown subsys name 'rlimit'
[  175.275308][ T5873] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  178.597985][ T5886] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  180.236900][ T5913] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  180.245409][ T5913] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  180.253526][ T5913] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  180.262841][ T5913] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  180.271045][ T5913] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  181.351407][ T5929] chnl_net:caif_netlink_parms(): no params data found
[  181.432160][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.439867][ T5929] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.447349][ T5929] bridge_slave_0: entered allmulticast mode
[  181.454516][ T5929] bridge_slave_0: entered promiscuous mode
[  181.463424][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.470797][ T5929] bridge0: port 2(bridge_slave_1) entered disabled state
[  181.478042][ T5929] bridge_slave_1: entered allmulticast mode
[  181.485767][ T5929] bridge_slave_1: entered promiscuous mode
[  181.516771][ T5929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  181.528715][ T5929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  181.562152][ T5929] team0: Port device team_slave_0 added
[  181.570244][ T5929] team0: Port device team_slave_1 added
[  181.599808][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.606886][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.632991][ T5929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.646921][ T5929] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.653916][ T5929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.679899][ T5929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.726496][ T5929] hsr_slave_0: entered promiscuous mode
[  181.732974][ T5929] hsr_slave_1: entered promiscuous mode
[  181.881385][ T5929] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  181.893831][ T5929] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  181.904159][ T5929] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  181.914542][ T5929] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  181.946054][ T5929] bridge0: port 2(bridge_slave_1) entered blocking state
[  181.953302][ T5929] bridge0: port 2(bridge_slave_1) entered forwarding state
[  181.961323][ T5929] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.968512][ T5929] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.026758][ T5929] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.047434][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.057549][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.076251][ T5929] 8021q: adding VLAN 0 to HW filter on device team0
[  182.091351][ T1531] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.098591][ T1531] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.113098][ T4533] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.120298][ T4533] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.301198][ T5929] 8021q: adding VLAN 0 to HW filter on device batadv0
[  182.347347][ T5929] veth0_vlan: entered promiscuous mode
[  182.360201][ T5929] veth1_vlan: entered promiscuous mode
[  182.389716][ T5929] veth0_macvtap: entered promiscuous mode
[  182.398892][ T5929] veth1_macvtap: entered promiscuous mode
[  182.420510][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_0
[  182.434324][ T5929] batman_adv: batadv0: Interface activated: batadv_slave_1
[  182.450897][ T5929] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  182.460135][ T5929] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  182.468901][ T5929] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  182.477656][ T5929] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  182.591911][ T5929] syz-executor (5929) used greatest stack depth: 19944 bytes left
[  182.619316][ T1531] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.694429][ T1531] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.773839][ T1531] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.863310][ T1531] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.237417][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  183.248232][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  183.280831][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  183.288954][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/05 00:49:53 executed programs: 0
[  183.753458][ T5913] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  183.762654][ T5913] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  183.772028][ T5913] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  183.781368][ T5913] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  183.790934][ T5913] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  183.959857][ T5971] chnl_net:caif_netlink_parms(): no params data found
[  184.043119][ T5971] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.050731][ T5971] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.058128][ T5971] bridge_slave_0: entered allmulticast mode
[  184.065448][ T5971] bridge_slave_0: entered promiscuous mode
[  184.074586][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.081973][ T5971] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.089210][ T5971] bridge_slave_1: entered allmulticast mode
[  184.096899][ T5971] bridge_slave_1: entered promiscuous mode
[  184.134559][ T5971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.150351][ T5971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.193793][ T5971] team0: Port device team_slave_0 added
[  184.203107][ T5971] team0: Port device team_slave_1 added
[  184.235221][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_0
[  184.242543][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.268888][ T5971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  184.281943][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_1
[  184.289258][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  184.318115][ T5971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  184.378040][ T5971] hsr_slave_0: entered promiscuous mode
[  184.384477][ T5971] hsr_slave_1: entered promiscuous mode
[  184.391917][ T5971] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  184.399695][ T5971] Cannot create hsr debugfs directory
[  185.342150][ T1531] bridge_slave_1: left allmulticast mode
[  185.350417][ T1531] bridge_slave_1: left promiscuous mode
[  185.357254][ T1531] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.389378][ T1531] bridge_slave_0: left allmulticast mode
[  185.395095][ T1531] bridge_slave_0: left promiscuous mode
[  185.401978][ T1531] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.680634][ T1531] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  185.691632][ T1531] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  185.702704][ T1531] bond0 (unregistering): Released all slaves
[  185.774459][ T1531] hsr_slave_0: left promiscuous mode
[  185.781712][ T1531] hsr_slave_1: left promiscuous mode
[  185.788473][ T1531] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.797396][ T1531] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.807451][ T1531] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.814981][ T1531] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.836168][ T1531] veth1_macvtap: left promiscuous mode
[  185.841951][ T1531] veth0_macvtap: left promiscuous mode
[  185.848294][ T1531] veth1_vlan: left promiscuous mode
[  185.853834][ T1531] veth0_vlan: left promiscuous mode
[  185.866533][ T5166] Bluetooth: hci0: command tx timeout
[  186.423296][ T1531] team0 (unregistering): Port device team_slave_1 removed
[  186.452235][ T1531] team0 (unregistering): Port device team_slave_0 removed
[  187.164133][ T5971] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  187.200955][ T5971] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  187.223508][ T5971] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  187.250963][ T5971] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  187.756367][ T5971] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.798395][ T5971] 8021q: adding VLAN 0 to HW filter on device team0
[  187.863441][  T966] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.870635][  T966] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.887016][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.894276][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.945892][ T5166] Bluetooth: hci0: command tx timeout
[  188.364313][ T5971] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.434134][ T5971] veth0_vlan: entered promiscuous mode
[  188.450077][ T5971] veth1_vlan: entered promiscuous mode
[  188.500777][ T5971] veth0_macvtap: entered promiscuous mode
[  188.512774][ T5971] veth1_macvtap: entered promiscuous mode
[  188.541629][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_0
[  188.560195][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_1
[  188.584045][ T5971] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.594734][ T5971] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.605529][ T5971] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.615149][ T5971] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.732839][ T4533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  188.748155][ T4533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  188.791182][  T966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  188.800701][  T966] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/05 00:49:58 executed programs: 2
[  189.162445][ T6047] infiniband syz0: set down
[  189.168423][ T6047] infiniband syz0: added ipvlan1
[  189.220671][ T6047] RDS/IB: syz0: added
[  189.226389][ T6047] smc: adding ib device syz0 with port count 1
[  189.232729][ T6047] smc:    ib device syz0 port 1 has pnetid 
[  189.544346][ T6062] syz0: rxe_newlink: already configured on ipvlan1
[  189.584872][ T6064] syz0: rxe_newlink: already configured on ipvlan1
[  189.639334][ T6067] syz0: rxe_newlink: already configured on ipvlan1
[  189.671800][ T6068] syz0: rxe_newlink: already configured on ipvlan1
[  189.719086][ T6069] syz0: rxe_newlink: already configured on ipvlan1
[  189.754711][ T6070] syz0: rxe_newlink: already configured on ipvlan1
[  189.790919][ T6072] syz0: rxe_newlink: already configured on ipvlan1
[  189.848690][ T6074] syz0: rxe_newlink: already configured on ipvlan1
[  189.880005][ T6075] syz0: rxe_newlink: already configured on ipvlan1
[  189.913267][ T6076] syz0: rxe_newlink: already configured on ipvlan1
[  190.025758][ T5166] Bluetooth: hci0: command tx timeout
[  192.106460][ T5166] Bluetooth: hci0: command tx timeout
2025/07/05 00:50:03 executed programs: 181
[  194.546823][ T6283] rxe_newlink: 204 callbacks suppressed
[  194.546837][ T6283] syz0: rxe_newlink: already configured on ipvlan1
[  194.571221][ T6284] syz0: rxe_newlink: already configured on ipvlan1
[  194.591355][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.600794][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.604056][ T6285] syz0: rxe_newlink: already configured on ipvlan1
[  194.628145][ T6286] syz0: rxe_newlink: already configured on ipvlan1
[  194.649274][ T6287] syz0: rxe_newlink: already configured on ipvlan1
[  194.671344][ T6288] syz0: rxe_newlink: already configured on ipvlan1
[  194.703381][ T6289] syz0: rxe_newlink: already configured on ipvlan1
[  194.724008][ T6290] syz0: rxe_newlink: already configured on ipvlan1
[  194.742901][ T6291] syz0: rxe_newlink: already configured on ipvlan1
[  194.772800][ T6292] syz0: rxe_newlink: already configured on ipvlan1
2025/07/05 00:50:08 executed programs: 436
[  199.565572][ T6537] rxe_newlink: 244 callbacks suppressed
[  199.565587][ T6537] syz0: rxe_newlink: already configured on ipvlan1
[  199.592236][ T6538] syz0: rxe_newlink: already configured on ipvlan1
[  199.612648][ T6539] syz0: rxe_newlink: already configured on ipvlan1
[  199.635022][ T6540] syz0: rxe_newlink: already configured on ipvlan1
[  199.654480][ T6541] syz0: rxe_newlink: already configured on ipvlan1
[  199.673516][ T6542] syz0: rxe_newlink: already configured on ipvlan1
[  199.696915][ T6543] syz0: rxe_newlink: already configured on ipvlan1
[  199.720645][ T6544] syz0: rxe_newlink: already configured on ipvlan1
[  199.739160][ T6545] syz0: rxe_newlink: already configured on ipvlan1
[  199.773616][ T6546] syz0: rxe_newlink: already configured on ipvlan1
[  202.140024][ T5913] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  202.148952][ T5913] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  202.161007][ T5913] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  202.179829][ T5913] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  202.190572][ T5913] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  202.367822][ T4533] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.452572][ T4533] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.515332][ T4533] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.545040][ T6669] chnl_net:caif_netlink_parms(): no params data found
[  202.584536][ T4533] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.649596][ T6669] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.657019][ T6669] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.664222][ T6669] bridge_slave_0: entered allmulticast mode
[  202.671674][ T6669] bridge_slave_0: entered promiscuous mode
[  202.681457][ T6669] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.688776][ T6669] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.696363][ T6669] bridge_slave_1: entered allmulticast mode
[  202.703433][ T6669] bridge_slave_1: entered promiscuous mode
[  202.759918][ T6669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  202.773530][ T6669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.834636][ T6669] team0: Port device team_slave_0 added
[  202.843810][ T6669] team0: Port device team_slave_1 added
[  202.898790][ T4533] bridge_slave_1: left allmulticast mode
[  202.904481][ T4533] bridge_slave_1: left promiscuous mode
[  202.913573][ T4533] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.922940][ T4533] bridge_slave_0: left allmulticast mode
[  202.928821][ T4533] bridge_slave_0: left promiscuous mode
[  202.934551][ T4533] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.169881][ T4533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  203.180693][ T4533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  203.191214][ T4533] bond0 (unregistering): Released all slaves
[  203.204931][ T6669] batman_adv: batadv0: Adding interface: batadv_slave_0
[  203.212392][ T6669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.238761][ T6669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  203.261095][ T6669] batman_adv: batadv0: Adding interface: batadv_slave_1
[  203.268429][ T6669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  203.295425][ T6669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  203.440582][ T6669] hsr_slave_0: entered promiscuous mode
[  203.451049][ T6669] hsr_slave_1: entered promiscuous mode
[  203.974807][ T4533] hsr_slave_0: left promiscuous mode
[  203.981437][ T4533] hsr_slave_1: left promiscuous mode
[  203.989800][ T4533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.997606][ T4533] batman_adv: batadv0: Removing interface: batadv_slave_0
[  204.008207][ T4533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.017596][ T4533] batman_adv: batadv0: Removing interface: batadv_slave_1
[  204.032160][ T4533] veth1_macvtap: left promiscuous mode
[  204.037907][ T4533] veth0_macvtap: left promiscuous mode
[  204.043684][ T4533] veth1_vlan: left promiscuous mode
[  204.049090][ T4533] veth0_vlan: left promiscuous mode
[  204.175039][  T966] smc: removing ib device syz0
[  204.268248][ T5913] Bluetooth: hci0: command tx timeout
[  204.380252][ T4533] team0 (unregistering): Port device team_slave_1 removed
[  204.410632][ T4533] team0 (unregistering): Port device team_slave_0 removed
[  204.719778][   T43] ==================================================================
[  204.727915][   T43] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190
[  204.736717][   T43] Read of size 8 at addr ffff8880298542e8 by task kworker/1:1/43
[  204.744457][   T43] 
[  204.746903][   T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted 6.16.0-rc4-syzkaller-00109-gb9fd9888a565 #0 PREEMPT(full) 
[  204.746926][   T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  204.746938][   T43] Workqueue: events smc_ib_port_event_work
[  204.746969][   T43] Call Trace:
[  204.746976][   T43]  <TASK>
[  204.746984][   T43]  dump_stack_lvl+0x189/0x250
[  204.747007][   T43]  ? __virt_addr_valid+0x1c8/0x5c0
[  204.747030][   T43]  ? rcu_is_watching+0x15/0xb0
[  204.747051][   T43]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.747070][   T43]  ? rcu_is_watching+0x15/0xb0
[  204.747090][   T43]  ? lock_release+0x4b/0x3e0
[  204.747110][   T43]  ? __virt_addr_valid+0x1c8/0x5c0
[  204.747130][   T43]  ? __virt_addr_valid+0x4a5/0x5c0
[  204.747154][   T43]  print_report+0xd2/0x2b0
[  204.747171][   T43]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  204.747195][   T43]  kasan_report+0x118/0x150
[  204.747220][   T43]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  204.747248][   T43]  __ethtool_get_link_ksettings+0x6e/0x190
[  204.747273][   T43]  ib_get_eth_speed+0x15e/0x7b0
[  204.747299][   T43]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  204.747327][   T43]  ? do_raw_spin_unlock+0x122/0x240
[  204.747355][   T43]  rxe_query_port+0x93/0x3b0
[  204.747377][   T43]  ib_query_port+0x16d/0x830
[  204.747395][   T43]  smc_ib_port_event_work+0x15a/0x940
[  204.747423][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  204.747447][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  204.747467][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  204.747488][   T43]  process_scheduled_works+0xade/0x17b0
[  204.747520][   T43]  ? __pfx_process_scheduled_works+0x10/0x10
[  204.747548][   T43]  worker_thread+0x8a0/0xda0
[  204.747579][   T43]  kthread+0x70e/0x8a0
[  204.747603][   T43]  ? __pfx_worker_thread+0x10/0x10
[  204.747624][   T43]  ? __pfx_kthread+0x10/0x10
[  204.747648][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  204.747672][   T43]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.747697][   T43]  ? __pfx_kthread+0x10/0x10
[  204.747720][   T43]  ret_from_fork+0x3fc/0x770
[  204.747740][   T43]  ? __pfx_ret_from_fork+0x10/0x10
[  204.747760][   T43]  ? __switch_to_asm+0x39/0x70
[  204.747781][   T43]  ? __switch_to_asm+0x33/0x70
[  204.747803][   T43]  ? __pfx_kthread+0x10/0x10
[  204.747826][   T43]  ret_from_fork_asm+0x1a/0x30
[  204.747855][   T43]  </TASK>
[  204.747861][   T43] 
[  204.973264][   T43] Allocated by task 5971:
[  204.977656][   T43]  kasan_save_track+0x3e/0x80
[  204.982372][   T43]  __kasan_kmalloc+0x93/0xb0
[  204.987069][   T43]  __kvmalloc_node_noprof+0x30d/0x5f0
[  204.992474][   T43]  alloc_netdev_mqs+0xa6/0x11e0
[  204.997352][   T43]  rtnl_create_link+0x31f/0xd10
[  205.002219][   T43]  rtnl_newlink_create+0x25c/0xb00
[  205.007338][   T43]  rtnl_newlink+0x16d6/0x1c70
[  205.012019][   T43]  rtnetlink_rcv_msg+0x7cc/0xb70
[  205.016960][   T43]  netlink_rcv_skb+0x205/0x470
[  205.021725][   T43]  netlink_unicast+0x758/0x8d0
[  205.026487][   T43]  netlink_sendmsg+0x805/0xb30
[  205.031253][   T43]  __sock_sendmsg+0x219/0x270
[  205.035927][   T43]  __sys_sendto+0x3bd/0x520
[  205.040435][   T43]  __x64_sys_sendto+0xde/0x100
[  205.045203][   T43]  do_syscall_64+0xfa/0x3b0
[  205.049704][   T43]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.055621][   T43] 
[  205.057970][   T43] The buggy address belongs to the object at ffff888029854000
[  205.057970][   T43]  which belongs to the cache kmalloc-cg-4k of size 4096
[  205.072760][   T43] The buggy address is located 744 bytes inside of
[  205.072760][   T43]  freed 4096-byte region [ffff888029854000, ffff888029855000)
[  205.086669][   T43] 
[  205.089008][   T43] The buggy address belongs to the physical page:
[  205.095507][   T43] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29850
[  205.104270][   T43] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  205.112774][   T43] memcg:ffff8880243167c1
[  205.117128][   T43] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  205.124689][   T43] page_type: f5(slab)
[  205.128774][   T43] raw: 00fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[  205.137376][   T43] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff8880243167c1
[  205.145967][   T43] head: 00fff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[  205.154639][   T43] head: 0000000000000000 0000000000040004 00000000f5000000 ffff8880243167c1
[  205.163309][   T43] head: 00fff00000000003 ffffea0000a61401 00000000ffffffff 00000000ffffffff
[  205.172084][   T43] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  205.180749][   T43] page dumped because: kasan: bad access detected
[  205.187162][   T43] page_owner tracks the page as allocated
[  205.192873][   T43] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5971, tgid 5971 (syz-executor), ts 184422095396, free_ts 184391141883
[  205.214412][   T43]  post_alloc_hook+0x240/0x2a0
[  205.219191][   T43]  get_page_from_freelist+0x21e4/0x22c0
[  205.224750][   T43]  __alloc_frozen_pages_noprof+0x181/0x370
[  205.230561][   T43]  alloc_pages_mpol+0x232/0x4a0
[  205.235414][   T43]  allocate_slab+0x8a/0x3b0
[  205.239918][   T43]  ___slab_alloc+0xbfc/0x1480
[  205.244604][   T43]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  205.251074][   T43]  kmemdup_noprof+0x2b/0x70
[  205.255674][   T43]  __addrconf_sysctl_register+0x9c/0x530
[  205.261310][   T43]  addrconf_sysctl_register+0x168/0x1c0
[  205.266861][   T43]  ipv6_add_dev+0xd46/0x1370
[  205.271452][   T43]  addrconf_notify+0x794/0x1010
[  205.276308][   T43]  notifier_call_chain+0x1b3/0x3e0
[  205.281421][   T43]  register_netdevice+0x1608/0x1ae0
[  205.286711][   T43]  virt_wifi_newlink+0x428/0x860
[  205.291655][   T43]  rtnl_newlink_create+0x30d/0xb00
[  205.296768][   T43] page last free pid 5205 tgid 5205 stack trace:
[  205.303100][   T43]  __free_frozen_pages+0xc71/0xe70
[  205.308302][   T43]  __put_partials+0x161/0x1c0
[  205.312983][   T43]  put_cpu_partial+0x17c/0x250
[  205.317750][   T43]  __slab_free+0x2f7/0x400
[  205.322162][   T43]  qlist_free_all+0x97/0x140
[  205.326752][   T43]  kasan_quarantine_reduce+0x148/0x160
[  205.332211][   T43]  __kasan_slab_alloc+0x22/0x80
[  205.337083][   T43]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  205.343066][   T43]  __alloc_skb+0x112/0x2d0
[  205.347487][   T43]  alloc_skb_with_frags+0xca/0x890
[  205.352605][   T43]  sock_alloc_send_pskb+0x857/0x990
[  205.357808][   T43]  unix_dgram_sendmsg+0x4f6/0x1870
[  205.362946][   T43]  __sock_sendmsg+0x219/0x270
[  205.367658][   T43]  __sys_sendto+0x3bd/0x520
[  205.372176][   T43]  __x64_sys_sendto+0xde/0x100
[  205.376959][   T43]  do_syscall_64+0xfa/0x3b0
[  205.381468][   T43] 
[  205.383796][   T43] Memory state around the buggy address:
[  205.389603][   T43]  ffff888029854180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  205.397664][   T43]  ffff888029854200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  205.405726][   T43] >ffff888029854280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  205.413794][   T43]                                                           ^
[  205.421257][   T43]  ffff888029854300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  205.429320][   T43]  ffff888029854380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  205.437377][   T43] ==================================================================
[  205.450724][   T43] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  205.457965][   T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted 6.16.0-rc4-syzkaller-00109-gb9fd9888a565 #0 PREEMPT(full) 
[  205.469874][   T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  205.480449][   T43] Workqueue: events smc_ib_port_event_work
[  205.486290][   T43] Call Trace:
[  205.489582][   T43]  <TASK>
[  205.492508][   T43]  dump_stack_lvl+0x99/0x250
[  205.497099][   T43]  ? __asan_memcpy+0x40/0x70
[  205.501685][   T43]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.506890][   T43]  ? __pfx__printk+0x10/0x10
[  205.511523][   T43]  panic+0x2db/0x790
[  205.515430][   T43]  ? __pfx_panic+0x10/0x10
[  205.519856][   T43]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  205.525760][   T43]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  205.532107][   T43]  ? print_memory_metadata+0x314/0x400
[  205.537651][   T43]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  205.543627][   T43]  check_panic_on_warn+0x89/0xb0
[  205.548664][   T43]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  205.554668][   T43]  end_report+0x78/0x160
[  205.558925][   T43]  kasan_report+0x129/0x150
[  205.563440][   T43]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  205.569520][   T43]  __ethtool_get_link_ksettings+0x6e/0x190
[  205.575335][   T43]  ib_get_eth_speed+0x15e/0x7b0
[  205.580287][   T43]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  205.585672][   T43]  ? do_raw_spin_unlock+0x122/0x240
[  205.590976][   T43]  rxe_query_port+0x93/0x3b0
[  205.595576][   T43]  ib_query_port+0x16d/0x830
[  205.600177][   T43]  smc_ib_port_event_work+0x15a/0x940
[  205.605655][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.610860][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  205.616603][   T43]  ? process_scheduled_works+0x9ef/0x17b0
[  205.622359][   T43]  process_scheduled_works+0xade/0x17b0
[  205.627934][   T43]  ? __pfx_process_scheduled_works+0x10/0x10
[  205.633930][   T43]  worker_thread+0x8a0/0xda0
[  205.638535][   T43]  kthread+0x70e/0x8a0
[  205.642637][   T43]  ? __pfx_worker_thread+0x10/0x10
[  205.647777][   T43]  ? __pfx_kthread+0x10/0x10
[  205.652391][   T43]  ? _raw_spin_unlock_irq+0x23/0x50
[  205.657688][   T43]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.662899][   T43]  ? __pfx_kthread+0x10/0x10
[  205.667509][   T43]  ret_from_fork+0x3fc/0x770
[  205.672104][   T43]  ? __pfx_ret_from_fork+0x10/0x10
[  205.677226][   T43]  ? __switch_to_asm+0x39/0x70
[  205.682090][   T43]  ? __switch_to_asm+0x33/0x70
[  205.686870][   T43]  ? __pfx_kthread+0x10/0x10
[  205.691496][   T43]  ret_from_fork_asm+0x1a/0x30
[  205.696273][   T43]  </TASK>
[  205.699533][   T43] Kernel Offset: disabled
[  205.703867][   T43] Rebooting in 86400 seconds..