Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts.
2026/02/15 14:32:27 parsed 1 programs
[  189.039324][ T5847] cgroup: Unknown subsys name 'net'
[  189.128924][ T5847] cgroup: Unknown subsys name 'cpuset'
[  189.137121][ T5847] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  190.454097][ T5847] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  192.931139][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  192.939249][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  192.947026][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  192.955076][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  192.963078][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  193.092756][ T5856] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  194.197587][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.203914][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  195.193936][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.204551][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  195.237549][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  195.247162][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.154368][ T5927] chnl_net:caif_netlink_parms(): no params data found
[  196.234808][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.242857][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.250472][ T5927] bridge_slave_0: entered allmulticast mode
[  196.257933][ T5927] bridge_slave_0: entered promiscuous mode
[  196.266784][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.273912][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.281192][ T5927] bridge_slave_1: entered allmulticast mode
[  196.288158][ T5927] bridge_slave_1: entered promiscuous mode
[  196.316688][ T5927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.330030][ T5927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.359373][ T5927] team0: Port device team_slave_0 added
[  196.366722][ T5927] team0: Port device team_slave_1 added
[  196.387935][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_0
[  196.394880][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.421054][ T5927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  196.433481][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_1
[  196.440463][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.466364][ T5927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  196.502889][ T5927] hsr_slave_0: entered promiscuous mode
[  196.509175][ T5927] hsr_slave_1: entered promiscuous mode
[  196.629414][ T5927] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  196.640879][ T5927] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  196.650567][ T5927] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  196.660463][ T5927] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  196.686347][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.693559][ T5927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  196.701354][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.708465][ T5927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  196.758062][ T5927] 8021q: adding VLAN 0 to HW filter on device bond0
[  196.774431][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.783016][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.798179][ T5927] 8021q: adding VLAN 0 to HW filter on device team0
[  196.811879][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.819002][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  196.832379][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.839484][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  196.983760][ T5927] 8021q: adding VLAN 0 to HW filter on device batadv0
[  197.026401][ T5927] veth0_vlan: entered promiscuous mode
[  197.038191][ T5927] veth1_vlan: entered promiscuous mode
[  197.063679][ T5927] veth0_macvtap: entered promiscuous mode
[  197.072664][ T5927] veth1_macvtap: entered promiscuous mode
[  197.089594][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.103182][ T5927] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.118374][ T1153] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.129607][ T1153] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.139567][ T1153] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.148647][ T1153] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.278238][   T48] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.356539][   T48] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.446816][   T48] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/15 14:32:38 executed programs: 0
[  197.542869][   T48] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.613546][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  197.622187][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  197.629757][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  197.640036][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  197.648226][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  197.770346][ T5952] chnl_net:caif_netlink_parms(): no params data found
[  197.835794][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.842935][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.850454][ T5952] bridge_slave_0: entered allmulticast mode
[  197.857896][ T5952] bridge_slave_0: entered promiscuous mode
[  197.865882][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.872938][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.880817][ T5952] bridge_slave_1: entered allmulticast mode
[  197.887815][ T5952] bridge_slave_1: entered promiscuous mode
[  197.915264][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  197.927029][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  197.959216][ T5952] team0: Port device team_slave_0 added
[  197.968087][ T5952] team0: Port device team_slave_1 added
[  197.989940][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0
[  197.997001][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  198.023579][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.039493][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1
[  198.046544][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  198.072570][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  198.114439][ T5952] hsr_slave_0: entered promiscuous mode
[  198.120681][ T5952] hsr_slave_1: entered promiscuous mode
[  198.127252][ T5952] debugfs: 'hsr0' already exists in 'hsr'
[  198.133028][ T5952] Cannot create hsr debugfs directory
[  199.696019][ T5859] Bluetooth: hci0: command tx timeout
[  200.296909][   T48] bridge_slave_1: left allmulticast mode
[  200.302659][   T48] bridge_slave_1: left promiscuous mode
[  200.309450][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.322845][   T48] bridge_slave_0: left allmulticast mode
[  200.329511][   T48] bridge_slave_0: left promiscuous mode
[  200.340228][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.534185][   T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  200.550556][   T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  200.563073][   T48] bond0 (unregistering): Released all slaves
[  200.672495][   T48] hsr_slave_0: left promiscuous mode
[  200.681746][   T48] hsr_slave_1: left promiscuous mode
[  200.691854][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  200.700915][   T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[  200.709565][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  200.717224][   T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[  200.732856][   T48] veth1_macvtap: left promiscuous mode
[  200.740074][   T48] veth0_macvtap: left promiscuous mode
[  200.746110][   T48] veth1_vlan: left promiscuous mode
[  200.751836][   T48] veth0_vlan: left promiscuous mode
[  200.912367][   T48] team0 (unregistering): Port device team_slave_1 removed
[  200.925316][   T48] team0 (unregistering): Port device team_slave_0 removed
[  201.309371][ T5952] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  201.322505][ T5952] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  201.337892][ T5952] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  201.348528][ T5952] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  201.530703][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0
[  201.554845][ T5952] 8021q: adding VLAN 0 to HW filter on device team0
[  201.570308][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.577450][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.598276][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.605441][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.777036][ T5859] Bluetooth: hci0: command tx timeout
[  201.879095][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.930630][ T5952] veth0_vlan: entered promiscuous mode
[  201.943328][ T5952] veth1_vlan: entered promiscuous mode
[  201.974320][ T5952] veth0_macvtap: entered promiscuous mode
[  201.986187][ T5952] veth1_macvtap: entered promiscuous mode
[  202.001784][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0
[  202.014982][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.028032][   T48] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.037300][   T48] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.048423][   T48] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.057690][   T48] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.103805][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.112278][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.137438][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.145688][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.294678][ T6013] infiniband syz0: set down
[  202.299931][ T6013] infiniband syz0: added ipvlan1
[  202.329078][ T6013] RDS/IB: syz0: added
[  202.333504][ T6013] smc: adding ib device syz0 with port count 1
[  202.340528][ T6013] smc:    ib device syz0 port 1 has no pnetid
[  202.484385][ T6015] syz0: rxe_newlink: already configured on ipvlan1
[  202.507015][ T6016] syz0: rxe_newlink: already configured on ipvlan1
[  202.537394][ T6017] syz0: rxe_newlink: already configured on ipvlan1
[  202.570774][ T6018] syz0: rxe_newlink: already configured on ipvlan1
2026/02/15 14:32:43 executed programs: 7
[  202.599596][ T6019] syz0: rxe_newlink: already configured on ipvlan1
[  202.623220][ T6020] syz0: rxe_newlink: already configured on ipvlan1
[  202.651685][ T6021] syz0: rxe_newlink: already configured on ipvlan1
[  202.687874][ T6022] syz0: rxe_newlink: already configured on ipvlan1
[  202.707877][ T6023] syz0: rxe_newlink: already configured on ipvlan1
[  202.742442][ T6024] syz0: rxe_newlink: already configured on ipvlan1
[  203.856901][ T5859] Bluetooth: hci0: command tx timeout
[  205.945260][ T5859] Bluetooth: hci0: command tx timeout
[  207.510708][ T6264] rxe_newlink: 239 callbacks suppressed
[  207.510721][ T6264] syz0: rxe_newlink: already configured on ipvlan1
[  207.534835][ T6265] syz0: rxe_newlink: already configured on ipvlan1
[  207.552928][ T6266] syz0: rxe_newlink: already configured on ipvlan1
2026/02/15 14:32:48 executed programs: 257
[  207.583081][ T6267] syz0: rxe_newlink: already configured on ipvlan1
[  207.599030][ T6268] syz0: rxe_newlink: already configured on ipvlan1
[  207.620938][ T6269] syz0: rxe_newlink: already configured on ipvlan1
[  207.641023][ T6270] syz0: rxe_newlink: already configured on ipvlan1
[  207.657198][ T6271] syz0: rxe_newlink: already configured on ipvlan1
[  207.674414][ T6272] syz0: rxe_newlink: already configured on ipvlan1
[  207.700172][ T6273] syz0: rxe_newlink: already configured on ipvlan1
[  212.520122][ T6549] rxe_newlink: 275 callbacks suppressed
[  212.520134][ T6549] syz0: rxe_newlink: already configured on ipvlan1
[  212.544229][ T6550] syz0: rxe_newlink: already configured on ipvlan1
[  212.559983][ T6551] syz0: rxe_newlink: already configured on ipvlan1
2026/02/15 14:32:53 executed programs: 543
[  212.580729][ T6552] syz0: rxe_newlink: already configured on ipvlan1
[  212.597702][ T6553] syz0: rxe_newlink: already configured on ipvlan1
[  212.614270][ T6554] syz0: rxe_newlink: already configured on ipvlan1
[  212.641546][ T6555] syz0: rxe_newlink: already configured on ipvlan1
[  212.657760][ T6556] syz0: rxe_newlink: already configured on ipvlan1
[  212.673304][ T6557] syz0: rxe_newlink: already configured on ipvlan1
[  212.702674][ T6558] syz0: rxe_newlink: already configured on ipvlan1
[  213.683322][ T5141] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  213.696601][ T5141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  213.708671][ T5141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  213.721532][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  213.730305][ T5141] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  213.905708][  T150] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.972819][  T150] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.990994][ T6615] chnl_net:caif_netlink_parms(): no params data found
[  214.046586][  T150] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.074429][ T6615] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.082024][ T6615] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.090819][ T6615] bridge_slave_0: entered allmulticast mode
[  214.097794][ T6615] bridge_slave_0: entered promiscuous mode
[  214.113105][  T150] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.129196][ T6615] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.136504][ T6615] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.143599][ T6615] bridge_slave_1: entered allmulticast mode
[  214.150591][ T6615] bridge_slave_1: entered promiscuous mode
[  214.178393][ T6615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.190114][ T6615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  214.231710][ T6615] team0: Port device team_slave_0 added
[  214.240345][ T6615] team0: Port device team_slave_1 added
[  214.283147][ T6615] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.290183][ T6615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  214.316486][ T6615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.329317][ T6615] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.336314][ T6615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  214.362353][ T6615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  214.414536][ T6615] hsr_slave_0: entered promiscuous mode
[  214.421162][ T6615] hsr_slave_1: entered promiscuous mode
[  214.442479][  T150] bridge_slave_1: left allmulticast mode
[  214.448163][  T150] bridge_slave_1: left promiscuous mode
[  214.453817][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.463051][  T150] bridge_slave_0: left allmulticast mode
[  214.468883][  T150] bridge_slave_0: left promiscuous mode
[  214.474529][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.625089][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.636069][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  214.645859][  T150] bond0 (unregistering): Released all slaves
[  215.145577][  T150] hsr_slave_0: left promiscuous mode
[  215.151702][  T150] hsr_slave_1: left promiscuous mode
[  215.158010][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  215.166216][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  215.175893][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  215.183266][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  215.200479][  T150] veth1_macvtap: left promiscuous mode
[  215.206167][  T150] veth0_macvtap: left promiscuous mode
[  215.211661][  T150] veth1_vlan: left promiscuous mode
[  215.218085][  T150] veth0_vlan: left promiscuous mode
[  215.293025][ T1153] smc: removing ib device syz0
[  215.380571][  T150] team0 (unregistering): Port device team_slave_1 removed
[  215.393204][  T150] team0 (unregistering): Port device team_slave_0 removed
[  215.518058][  T795] ==================================================================
[  215.526127][  T795] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x5e/0x170
[  215.534872][  T795] Read of size 8 at addr ffff88802b3ee2f0 by task kworker/0:2/795
[  215.542647][  T795] 
[  215.544961][  T795] CPU: 0 UID: 0 PID: 795 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
[  215.544976][  T795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  215.544983][  T795] Workqueue: events smc_ib_port_event_work
[  215.545007][  T795] Call Trace:
[  215.545011][  T795]  <TASK>
[  215.545016][  T795]  dump_stack_lvl+0xe8/0x150
[  215.545030][  T795]  print_report+0xba/0x230
[  215.545045][  T795]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  215.545056][  T795]  kasan_report+0x117/0x150
[  215.545071][  T795]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  215.545084][  T795]  __ethtool_get_link_ksettings+0x5e/0x170
[  215.545096][  T795]  ib_get_eth_speed+0x180/0x7f0
[  215.545106][  T795]  ? rxe_query_port+0x7e/0x3d0
[  215.545121][  T795]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  215.545133][  T795]  ? do_raw_spin_unlock+0xf5/0x210
[  215.545148][  T795]  rxe_query_port+0x93/0x3d0
[  215.545163][  T795]  ib_query_port+0x170/0x830
[  215.545175][  T795]  smc_ib_port_event_work+0x15a/0x940
[  215.545187][  T795]  ? process_scheduled_works+0xa0f/0x17a0
[  215.545197][  T795]  ? process_scheduled_works+0xa0f/0x17a0
[  215.545207][  T795]  process_scheduled_works+0xaec/0x17a0
[  215.545222][  T795]  ? __pfx_process_scheduled_works+0x10/0x10
[  215.545233][  T795]  ? assign_work+0x3d5/0x5e0
[  215.545243][  T795]  worker_thread+0xa50/0xfc0
[  215.545258][  T795]  kthread+0x388/0x470
[  215.545271][  T795]  ? __pfx_worker_thread+0x10/0x10
[  215.545281][  T795]  ? __pfx_kthread+0x10/0x10
[  215.545293][  T795]  ret_from_fork+0x51e/0xb90
[  215.545304][  T795]  ? __pfx_ret_from_fork+0x10/0x10
[  215.545314][  T795]  ? __switch_to+0xc7d/0x1400
[  215.545323][  T795]  ? __pfx_kthread+0x10/0x10
[  215.545336][  T795]  ret_from_fork_asm+0x1a/0x30
[  215.545352][  T795]  </TASK>
[  215.545355][  T795] 
[  215.716425][  T795] Allocated by task 5952:
[  215.720733][  T795]  kasan_save_track+0x3e/0x80
[  215.725397][  T795]  __kasan_kmalloc+0x93/0xb0
[  215.729973][  T795]  __kvmalloc_node_noprof+0x528/0x8a0
[  215.735325][  T795]  alloc_netdev_mqs+0xa6/0x11b0
[  215.740161][  T795]  rtnl_create_link+0x31f/0xd70
[  215.744994][  T795]  rtnl_newlink_create+0x277/0xb70
[  215.750088][  T795]  rtnl_newlink+0x1666/0x1be0
[  215.754742][  T795]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  215.759666][  T795]  netlink_rcv_skb+0x232/0x4b0
[  215.764410][  T795]  netlink_unicast+0x80f/0x9b0
[  215.769153][  T795]  netlink_sendmsg+0x813/0xb40
[  215.773897][  T795]  __sys_sendto+0x709/0x7a0
[  215.778378][  T795]  __x64_sys_sendto+0xde/0x100
[  215.783120][  T795]  do_syscall_64+0x14d/0xf80
[  215.787690][  T795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.793558][  T795] 
[  215.795861][  T795] Freed by task 150:
[  215.799727][  T795]  kasan_save_track+0x3e/0x80
[  215.804382][  T795]  kasan_save_free_info+0x46/0x50
[  215.809388][  T795]  __kasan_slab_free+0x5c/0x80
[  215.814133][  T795]  kfree+0x1c1/0x610
[  215.818021][  T795]  device_release+0x9e/0x1d0
[  215.822592][  T795]  kobject_put+0x228/0x560
[  215.826991][  T795]  netdev_run_todo+0xc75/0xde0
[  215.831739][  T795]  default_device_exit_batch+0x986/0xa00
[  215.837347][  T795]  ops_undo_list+0x52b/0x940
[  215.841919][  T795]  cleanup_net+0x56b/0x800
[  215.846313][  T795]  process_scheduled_works+0xaec/0x17a0
[  215.851837][  T795]  worker_thread+0xa50/0xfc0
[  215.856404][  T795]  kthread+0x388/0x470
[  215.860454][  T795]  ret_from_fork+0x51e/0xb90
[  215.865024][  T795]  ret_from_fork_asm+0x1a/0x30
[  215.869770][  T795] 
[  215.872087][  T795] The buggy address belongs to the object at ffff88802b3ee000
[  215.872087][  T795]  which belongs to the cache kmalloc-cg-4k of size 4096
[  215.886383][  T795] The buggy address is located 752 bytes inside of
[  215.886383][  T795]  freed 4096-byte region [ffff88802b3ee000, ffff88802b3ef000)
[  215.900274][  T795] 
[  215.902588][  T795] The buggy address belongs to the physical page:
[  215.908986][  T795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b3e8
[  215.917723][  T795] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  215.926203][  T795] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  215.933739][  T795] page_type: f5(slab)
[  215.937726][  T795] raw: 00fff00000000040 ffff88813feb6500 dead000000000100 dead000000000122
[  215.946297][  T795] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  215.954867][  T795] head: 00fff00000000040 ffff88813feb6500 dead000000000100 dead000000000122
[  215.963528][  T795] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  215.972192][  T795] head: 00fff00000000003 ffffea0000acfa01 00000000ffffffff 00000000ffffffff
[  215.980881][  T795] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  215.989536][  T795] page dumped because: kasan: bad access detected
[  215.995936][  T795] page_owner tracks the page as allocated
[  216.001634][  T795] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5194, tgid 5194 (udevd), ts 29207701884, free_ts 29184638179
[  216.022366][  T795]  post_alloc_hook+0x228/0x280
[  216.027127][  T795]  get_page_from_freelist+0x24dc/0x2580
[  216.032657][  T795]  __alloc_frozen_pages_noprof+0x18d/0x380
[  216.038447][  T795]  allocate_slab+0x77/0x660
[  216.042930][  T795]  refill_objects+0x331/0x3c0
[  216.047586][  T795]  __pcs_replace_empty_main+0x2b9/0x620
[  216.053112][  T795]  __kvmalloc_node_noprof+0x657/0x8a0
[  216.058469][  T795]  seq_read_iter+0x202/0xe10
[  216.063049][  T795]  vfs_read+0x582/0xa70
[  216.067185][  T795]  ksys_read+0x150/0x270
[  216.071415][  T795]  do_syscall_64+0x14d/0xf80
[  216.075992][  T795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.081863][  T795] page last free pid 5196 tgid 5196 stack trace:
[  216.088340][  T795]  __free_frozen_pages+0xbf8/0xd70
[  216.093449][  T795]  __slab_free+0x263/0x2b0
[  216.097849][  T795]  qlist_free_all+0x97/0x100
[  216.102513][  T795]  kasan_quarantine_reduce+0x148/0x160
[  216.107992][  T795]  __kasan_slab_alloc+0x22/0x80
[  216.112826][  T795]  kmem_cache_alloc_noprof+0x2bc/0x650
[  216.118266][  T795]  do_getname+0x2e/0x250
[  216.122503][  T795]  do_fchmodat+0xca/0x230
[  216.126822][  T795]  __x64_sys_chmod+0x62/0x70
[  216.131399][  T795]  do_syscall_64+0x14d/0xf80
[  216.135983][  T795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.141866][  T795] 
[  216.144169][  T795] Memory state around the buggy address:
[  216.149780][  T795]  ffff88802b3ee180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  216.157822][  T795]  ffff88802b3ee200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  216.165865][  T795] >ffff88802b3ee280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  216.173906][  T795]                                                              ^
[  216.181598][  T795]  ffff88802b3ee300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  216.189635][  T795]  ffff88802b3ee380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  216.197848][  T795] ==================================================================
[  216.210871][ T5859] Bluetooth: hci1: command tx timeout
[  216.222675][  T795] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  216.229873][  T795] CPU: 0 UID: 0 PID: 795 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
[  216.239125][  T795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  216.249157][  T795] Workqueue: events smc_ib_port_event_work
[  216.254978][  T795] Call Trace:
[  216.258236][  T795]  <TASK>
[  216.261149][  T795]  vpanic+0x1e0/0x670
[  216.265116][  T795]  panic+0xc5/0xd0
[  216.268834][  T795]  ? __pfx_panic+0x10/0x10
[  216.273236][  T795]  ? preempt_schedule_thunk+0x16/0x30
[  216.278582][  T795]  ? preempt_schedule_thunk+0x16/0x30
[  216.283936][  T795]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  216.289891][  T795]  check_panic_on_warn+0x89/0xb0
[  216.294817][  T795]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  216.300771][  T795]  end_report+0x6f/0x140
[  216.305004][  T795]  kasan_report+0x128/0x150
[  216.309487][  T795]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  216.315450][  T795]  __ethtool_get_link_ksettings+0x5e/0x170
[  216.321246][  T795]  ib_get_eth_speed+0x180/0x7f0
[  216.326080][  T795]  ? rxe_query_port+0x7e/0x3d0
[  216.330832][  T795]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  216.336199][  T795]  ? do_raw_spin_unlock+0xf5/0x210
[  216.341310][  T795]  rxe_query_port+0x93/0x3d0
[  216.345915][  T795]  ib_query_port+0x170/0x830
[  216.350500][  T795]  smc_ib_port_event_work+0x15a/0x940
[  216.355870][  T795]  ? process_scheduled_works+0xa0f/0x17a0
[  216.361581][  T795]  ? process_scheduled_works+0xa0f/0x17a0
[  216.367296][  T795]  process_scheduled_works+0xaec/0x17a0
[  216.372846][  T795]  ? __pfx_process_scheduled_works+0x10/0x10
[  216.378812][  T795]  ? assign_work+0x3d5/0x5e0
[  216.383395][  T795]  worker_thread+0xa50/0xfc0
[  216.388026][  T795]  kthread+0x388/0x470
[  216.392096][  T795]  ? __pfx_worker_thread+0x10/0x10
[  216.397199][  T795]  ? __pfx_kthread+0x10/0x10
[  216.401782][  T795]  ret_from_fork+0x51e/0xb90
[  216.406360][  T795]  ? __pfx_ret_from_fork+0x10/0x10
[  216.411452][  T795]  ? __switch_to+0xc7d/0x1400
[  216.416111][  T795]  ? __pfx_kthread+0x10/0x10
[  216.420687][  T795]  ret_from_fork_asm+0x1a/0x30
[  216.425444][  T795]  </TASK>
[  216.428790][  T795] Kernel Offset: disabled
[  216.433097][  T795] Rebooting in 86400 seconds..