Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts.
2026/04/05 08:39:05 parsed 1 programs
[   89.782251][ T5849] cgroup: Unknown subsys name 'net'
[   89.894470][ T5849] cgroup: Unknown subsys name 'cpuset'
[   89.903847][ T5849] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   91.567533][ T5849] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.903075][   T24] cfg80211: failed to load regulatory.db
[   94.687857][ T5864] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   94.939997][ T1019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.954143][ T1019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.990849][  T644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.998974][  T644] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.403591][ T5916] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.413370][ T5916] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.426083][ T5916] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.434743][ T5916] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.442639][ T5916] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.847679][ T5921] chnl_net:caif_netlink_parms(): no params data found
[   97.939962][ T5921] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.947319][ T5921] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.955481][ T5921] bridge_slave_0: entered allmulticast mode
[   97.963314][ T5921] bridge_slave_0: entered promiscuous mode
[   97.975201][ T5921] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.984806][ T5921] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.992467][ T5921] bridge_slave_1: entered allmulticast mode
[   97.999697][ T5921] bridge_slave_1: entered promiscuous mode
[   98.071040][ T5921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.083541][ T5921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.124361][ T5921] team0: Port device team_slave_0 added
[   98.133334][ T5921] team0: Port device team_slave_1 added
[   98.166169][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.173258][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.199444][ T5921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.213594][ T5921] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.220622][ T5921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.246697][ T5921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.290453][ T5921] hsr_slave_0: entered promiscuous mode
[   98.296951][ T5921] hsr_slave_1: entered promiscuous mode
[   98.465102][ T5921] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.478362][ T5921] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.489068][ T5921] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.499332][ T5921] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.582470][ T5921] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.606720][ T5921] 8021q: adding VLAN 0 to HW filter on device team0
[   98.621294][  T644] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.629005][  T644] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.645532][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.652786][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.846913][ T5921] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.897932][ T5921] veth0_vlan: entered promiscuous mode
[   98.911282][ T5921] veth1_vlan: entered promiscuous mode
[   98.948751][ T5921] veth0_macvtap: entered promiscuous mode
[   98.958330][ T5921] veth1_macvtap: entered promiscuous mode
[   98.977909][ T5921] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.993934][ T5921] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.009894][ T1019] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.019281][ T1019] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.033641][ T1019] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.043498][ T1019] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.199761][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.289327][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.358734][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.441413][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/04/05 08:39:20 executed programs: 0
[  100.121593][ T5916] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.129822][ T5916] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.139901][ T5916] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.152590][ T5916] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.160498][ T5916] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.328055][ T5959] chnl_net:caif_netlink_parms(): no params data found
[  100.415200][ T5959] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.422464][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.429682][ T5959] bridge_slave_0: entered allmulticast mode
[  100.437248][ T5959] bridge_slave_0: entered promiscuous mode
[  100.445782][ T5959] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.453238][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.460905][ T5959] bridge_slave_1: entered allmulticast mode
[  100.468164][ T5959] bridge_slave_1: entered promiscuous mode
[  100.502362][ T5959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.515811][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.551914][ T5959] team0: Port device team_slave_0 added
[  100.561396][ T5959] team0: Port device team_slave_1 added
[  100.591534][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.598506][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.624939][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.638549][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.645700][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  100.672272][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.724981][ T5959] hsr_slave_0: entered promiscuous mode
[  100.731930][ T5959] hsr_slave_1: entered promiscuous mode
[  100.738718][ T5959] debugfs: 'hsr0' already exists in 'hsr'
[  100.744792][ T5959] Cannot create hsr debugfs directory
[  101.639127][   T13] bridge_slave_1: left allmulticast mode
[  101.646610][   T13] bridge_slave_1: left promiscuous mode
[  101.656894][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.669922][   T13] bridge_slave_0: left allmulticast mode
[  101.677084][   T13] bridge_slave_0: left promiscuous mode
[  101.683592][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.859986][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  101.872789][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  101.882879][   T13] bond0 (unregistering): Released all slaves
[  101.986915][   T13] hsr_slave_0: left promiscuous mode
[  101.993265][   T13] hsr_slave_1: left promiscuous mode
[  102.000564][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.008182][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.016936][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.025906][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.045483][   T13] veth1_macvtap: left promiscuous mode
[  102.051785][   T13] veth0_macvtap: left promiscuous mode
[  102.057404][   T13] veth1_vlan: left promiscuous mode
[  102.069277][   T13] veth0_vlan: left promiscuous mode
[  102.221270][ T5916] Bluetooth: hci0: command tx timeout
[  102.412836][   T13] team0 (unregistering): Port device team_slave_1 removed
[  102.435028][   T13] team0 (unregistering): Port device team_slave_0 removed
[  102.883864][ T5959] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.902887][ T5959] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.925406][ T5959] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.943225][ T5959] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.289216][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.318779][ T5959] 8021q: adding VLAN 0 to HW filter on device team0
[  103.333004][  T644] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.340561][  T644] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.368691][ T1127] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.376043][ T1127] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.634970][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.685111][ T5959] veth0_vlan: entered promiscuous mode
[  103.699412][ T5959] veth1_vlan: entered promiscuous mode
[  103.729414][ T5959] veth0_macvtap: entered promiscuous mode
[  103.738802][ T5959] veth1_macvtap: entered promiscuous mode
[  103.759348][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.774083][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.789780][ T1127] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.799484][ T1127] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.808934][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.819075][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.886356][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.898812][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.928403][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.936386][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.986476][ T6005] lo speed is unknown, defaulting to 1000
[  103.994323][ T6005] lo speed is unknown, defaulting to 1000
[  104.004801][ T6005] lo speed is unknown, defaulting to 1000
[  104.012983][ T6005] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  104.028462][ T6005] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  104.046807][ T6005] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  104.062466][ T6005] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  104.076845][ T6005] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  104.108452][ T6005] lo speed is unknown, defaulting to 1000
[  104.301300][ T5916] Bluetooth: hci0: command tx timeout
2026/04/05 08:39:25 executed programs: 43
[  106.392020][ T5916] Bluetooth: hci0: command tx timeout
[  108.460700][ T5916] Bluetooth: hci0: command tx timeout
2026/04/05 08:39:30 executed programs: 302
2026/04/05 08:39:35 executed programs: 566
[  115.877064][ T5164] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  115.898877][ T5164] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  115.910619][ T5164] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  115.919690][ T5164] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  115.928081][ T5164] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  115.964446][ T6608] lo speed is unknown, defaulting to 1000
[  116.084861][ T1127] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.113209][ T6608] chnl_net:caif_netlink_parms(): no params data found
[  116.154761][ T1127] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.222086][ T1127] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.252679][ T6608] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.259901][ T6608] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.267482][ T6608] bridge_slave_0: entered allmulticast mode
[  116.274851][ T6608] bridge_slave_0: entered promiscuous mode
[  116.283651][ T6608] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.290910][ T6608] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.298158][ T6608] bridge_slave_1: entered allmulticast mode
[  116.306197][ T6608] bridge_slave_1: entered promiscuous mode
[  116.327229][ T1127] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.364030][ T6608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.375693][ T6608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.407437][ T6608] team0: Port device team_slave_0 added
[  116.415762][ T6608] team0: Port device team_slave_1 added
[  116.443709][ T6608] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.450852][ T6608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  116.476846][ T6608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.489938][ T6608] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.497333][ T6608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  116.523432][ T6608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.573282][ T6608] hsr_slave_0: entered promiscuous mode
[  116.579673][ T6608] hsr_slave_1: entered promiscuous mode
[  116.709672][ T1127] bridge_slave_1: left allmulticast mode
[  116.715961][ T1127] bridge_slave_1: left promiscuous mode
[  116.722852][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.733068][ T1127] bridge_slave_0: left allmulticast mode
[  116.738754][ T1127] bridge_slave_0: left promiscuous mode
[  116.744959][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.896669][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.908594][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.918888][ T1127] bond0 (unregistering): Released all slaves
[  117.168929][ T1127] hsr_slave_0: left promiscuous mode
[  117.175392][ T1127] hsr_slave_1: left promiscuous mode
[  117.181990][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  117.189457][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  117.200446][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  117.207901][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  117.224845][ T1127] veth1_macvtap: left promiscuous mode
[  117.234911][ T1127] veth0_macvtap: left promiscuous mode
[  117.240663][ T1127] veth1_vlan: left promiscuous mode
[  117.245993][ T1127] veth0_vlan: left promiscuous mode
[  117.560060][ T1127] team0 (unregistering): Port device team_slave_1 removed
[  117.594868][ T1127] team0 (unregistering): Port device team_slave_0 removed
[  117.776522][  T644] smbdirect: ib_dev[syz0] removed
[  117.786927][ T5862] lo speed is unknown, defaulting to 1000
[  117.796052][ T5862] infiniband syz0: ib_query_port failed (-19)
[  117.809375][  T644] ==================================================================
[  117.817497][  T644] BUG: KASAN: invalid-free in gid_table_release_one+0x384/0x470
[  117.825197][  T644] Free of addr ffff88807bca0ad8 by task kworker/u8:6/644
[  117.832244][  T644] 
[  117.834603][  T644] CPU: 0 UID: 0 PID: 644 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  117.834622][  T644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  117.834634][  T644] Workqueue: ib-unreg-wq ib_unregister_work
[  117.834669][  T644] Call Trace:
[  117.834678][  T644]  <TASK>
[  117.834686][  T644]  dump_stack_lvl+0xe8/0x150
[  117.834711][  T644]  print_address_description+0x55/0x1e0
[  117.834736][  T644]  print_report+0x58/0x70
[  117.834757][  T644]  ? gid_table_release_one+0x384/0x470
[  117.834774][  T644]  kasan_report_invalid_free+0xea/0x110
[  117.834793][  T644]  ? gid_table_release_one+0x384/0x470
[  117.834812][  T644]  ? gid_table_release_one+0x384/0x470
[  117.834829][  T644]  __kasan_slab_pre_free+0x104/0x120
[  117.834845][  T644]  kfree+0x173/0x640
[  117.834866][  T644]  ? gid_table_release_one+0x384/0x470
[  117.834885][  T644]  gid_table_release_one+0x384/0x470
[  117.834908][  T644]  ib_device_release+0xd2/0x1c0
[  117.834933][  T644]  ? __pfx_ib_device_release+0x10/0x10
[  117.834957][  T644]  device_release+0xc4/0x1f0
[  117.834974][  T644]  kobject_put+0x228/0x560
[  117.835000][  T644]  ? process_scheduled_works+0xa70/0x1860
[  117.835025][  T644]  process_scheduled_works+0xb5d/0x1860
[  117.835061][  T644]  ? __pfx_process_scheduled_works+0x10/0x10
[  117.835088][  T644]  ? assign_work+0x3d5/0x5e0
[  117.835112][  T644]  worker_thread+0xa53/0xfc0
[  117.835146][  T644]  kthread+0x388/0x470
[  117.835163][  T644]  ? __pfx_worker_thread+0x10/0x10
[  117.835186][  T644]  ? __pfx_kthread+0x10/0x10
[  117.835203][  T644]  ret_from_fork+0x514/0xb70
[  117.835228][  T644]  ? __pfx_ret_from_fork+0x10/0x10
[  117.835250][  T644]  ? __switch_to+0xc79/0x1410
[  117.835270][  T644]  ? __pfx_kthread+0x10/0x10
[  117.835287][  T644]  ret_from_fork_asm+0x1a/0x30
[  117.835314][  T644]  </TASK>
[  117.835319][  T644] 
[  118.012606][  T644] Allocated by task 6005:
[  118.016948][  T644]  kasan_save_track+0x3e/0x80
[  118.021742][  T644]  __kasan_kmalloc+0x93/0xb0
[  118.026481][  T644]  __kmalloc_noprof+0x35c/0x760
[  118.031367][  T644]  ib_cache_setup_one+0x198/0x570
[  118.036426][  T644]  ib_register_device+0xfbd/0x13e0
[  118.041570][  T644]  siw_newlink+0x8fe/0xde0
[  118.046040][  T644]  nldev_newlink+0x5bc/0x650
[  118.050657][  T644]  rdma_nl_rcv+0x6d1/0xa10
[  118.055105][  T644]  netlink_unicast+0x80f/0x9b0
[  118.059891][  T644]  netlink_sendmsg+0x813/0xb40
[  118.064690][  T644]  ____sys_sendmsg+0x972/0x9f0
[  118.069475][  T644]  ___sys_sendmsg+0x2a5/0x360
[  118.074357][  T644]  __x64_sys_sendmsg+0x1bd/0x2a0
[  118.079319][  T644]  do_syscall_64+0x15f/0xf80
[  118.083928][  T644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.089842][  T644] 
[  118.092180][  T644] The buggy address belongs to the object at ffff88807bca0a00
[  118.092180][  T644]  which belongs to the cache kmalloc-256 of size 256
[  118.106597][  T644] The buggy address is located 216 bytes inside of
[  118.106597][  T644]  224-byte region [ffff88807bca0a00, ffff88807bca0ae0)
[  118.119900][  T644] 
[  118.122249][  T644] The buggy address belongs to the physical page:
[  118.128693][  T644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807bca0200 pfn:0x7bca0
[  118.138807][  T644] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  118.147513][  T644] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  118.156231][  T644] page_type: f5(slab)
[  118.160249][  T644] raw: 00fff00000000240 ffff88813fe34b40 ffffea000098a990 ffffea0001e9c310
[  118.168896][  T644] raw: ffff88807bca0200 000000080010000a 00000000f5000000 0000000000000000
[  118.177514][  T644] head: 00fff00000000240 ffff88813fe34b40 ffffea000098a990 ffffea0001e9c310
[  118.186206][  T644] head: ffff88807bca0200 000000080010000a 00000000f5000000 0000000000000000
[  118.194913][  T644] head: 00fff00000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff
[  118.203618][  T644] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  118.212315][  T644] page dumped because: kasan: bad access detected
[  118.218787][  T644] page_owner tracks the page as allocated
[  118.224572][  T644] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5959, tgid 5959 (syz-executor), ts 103836371052, free_ts 103751145604
[  118.246346][  T644]  post_alloc_hook+0x231/0x280
[  118.251241][  T644]  get_page_from_freelist+0x24ba/0x2540
[  118.256819][  T644]  __alloc_frozen_pages_noprof+0x18d/0x380
[  118.262641][  T644]  allocate_slab+0x77/0x660
[  118.267166][  T644]  refill_objects+0x339/0x3d0
[  118.271892][  T644]  __pcs_replace_empty_main+0x321/0x720
[  118.277466][  T644]  __kmalloc_noprof+0x474/0x760
[  118.282431][  T644]  fib_create_info+0x1723/0x31f0
[  118.287391][  T644]  fib_table_insert+0xc8/0x1b50
[  118.292271][  T644]  fib_magic+0x434/0x510
[  118.296534][  T644]  fib_add_ifaddr+0x3fb/0x5f0
[  118.301232][  T644]  fib_netdev_event+0x382/0x490
[  118.306103][  T644]  notifier_call_chain+0x1ad/0x3d0
[  118.311345][  T644]  __dev_notify_flags+0x1a9/0x310
[  118.316400][  T644]  netif_change_flags+0xe8/0x1a0
[  118.321369][  T644]  do_setlink+0xf82/0x4590
[  118.325981][  T644] page last free pid 1127 tgid 1127 stack trace:
[  118.332319][  T644]  __free_frozen_pages+0xbc7/0xd30
[  118.337460][  T644]  rcu_core+0x7cd/0x1070
[  118.341752][  T644]  handle_softirqs+0x22a/0x840
[  118.346550][  T644]  do_softirq+0x76/0xd0
[  118.350736][  T644]  __local_bh_enable_ip+0xf8/0x130
[  118.355957][  T644]  addrconf_dad_work+0x2bd/0x14c0
[  118.361006][  T644]  process_scheduled_works+0xb5d/0x1860
[  118.366581][  T644]  worker_thread+0xa53/0xfc0
[  118.371198][  T644]  kthread+0x388/0x470
[  118.375378][  T644]  ret_from_fork+0x514/0xb70
[  118.379995][  T644]  ret_from_fork_asm+0x1a/0x30
[  118.384774][  T644] 
[  118.387113][  T644] Memory state around the buggy address:
[  118.392757][  T644]  ffff88807bca0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  118.400832][  T644]  ffff88807bca0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  118.408904][  T644] >ffff88807bca0a80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  118.416981][  T644]                                                     ^
[  118.423924][  T644]  ffff88807bca0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  118.431997][  T644]  ffff88807bca0b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  118.440085][  T644] ==================================================================
[  118.456413][ T5164] Bluetooth: hci1: command tx timeout
[  118.464175][  T644] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  118.471420][  T644] CPU: 0 UID: 0 PID: 644 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  118.480820][  T644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  118.490905][  T644] Workqueue: ib-unreg-wq ib_unregister_work
[  118.496854][  T644] Call Trace:
[  118.500163][  T644]  <TASK>
[  118.503119][  T644]  vpanic+0x56c/0xa60
[  118.507136][  T644]  ? __pfx_vpanic+0x10/0x10
[  118.511676][  T644]  panic+0xc5/0xd0
[  118.515420][  T644]  ? __pfx_panic+0x10/0x10
[  118.519861][  T644]  ? preempt_schedule_thunk+0x16/0x30
[  118.525278][  T644]  ? preempt_schedule_thunk+0x16/0x30
[  118.530701][  T644]  check_panic_on_warn+0x89/0xb0
[  118.535681][  T644]  end_report+0x73/0x170
[  118.539996][  T644]  ? gid_table_release_one+0x384/0x470
[  118.545481][  T644]  kasan_report_invalid_free+0xfa/0x110
[  118.551054][  T644]  ? gid_table_release_one+0x384/0x470
[  118.556543][  T644]  ? gid_table_release_one+0x384/0x470
[  118.562030][  T644]  __kasan_slab_pre_free+0x104/0x120
[  118.567343][  T644]  kfree+0x173/0x640
[  118.571265][  T644]  ? gid_table_release_one+0x384/0x470
[  118.576746][  T644]  gid_table_release_one+0x384/0x470
[  118.582063][  T644]  ib_device_release+0xd2/0x1c0
[  118.586943][  T644]  ? __pfx_ib_device_release+0x10/0x10
[  118.592520][  T644]  device_release+0xc4/0x1f0
[  118.597137][  T644]  kobject_put+0x228/0x560
[  118.601582][  T644]  ? process_scheduled_works+0xa70/0x1860
[  118.607334][  T644]  process_scheduled_works+0xb5d/0x1860
[  118.612921][  T644]  ? __pfx_process_scheduled_works+0x10/0x10
[  118.618934][  T644]  ? assign_work+0x3d5/0x5e0
[  118.623549][  T644]  worker_thread+0xa53/0xfc0
[  118.628176][  T644]  kthread+0x388/0x470
[  118.632349][  T644]  ? __pfx_worker_thread+0x10/0x10
[  118.637495][  T644]  ? __pfx_kthread+0x10/0x10
[  118.642106][  T644]  ret_from_fork+0x514/0xb70
[  118.646738][  T644]  ? __pfx_ret_from_fork+0x10/0x10
[  118.651878][  T644]  ? __switch_to+0xc79/0x1410
[  118.656578][  T644]  ? __pfx_kthread+0x10/0x10
[  118.661196][  T644]  ret_from_fork_asm+0x1a/0x30
[  118.665985][  T644]  </TASK>
[  118.669468][  T644] Kernel Offset: disabled
[  118.673802][  T644] Rebooting in 86400 seconds..