Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. 1970/01/01 00:00:33 parsed 1 programs [ 34.811338][ T6556] cgroup: Unknown subsys name 'net' [ 34.991202][ T6556] cgroup: Unknown subsys name 'cpuset' [ 34.993250][ T6556] cgroup: Unknown subsys name 'rlimit' [ 35.175784][ T6556] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 41.102665][ T6568] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 41.476948][ T6604] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.478471][ T6604] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.479177][ T6604] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.479538][ T6604] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.479743][ T6604] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.643673][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.643703][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.652187][ T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.652215][ T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.379191][ T6642] chnl_net:caif_netlink_parms(): no params data found [ 42.402179][ T6642] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.402472][ T6642] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.402543][ T6642] bridge_slave_0: entered allmulticast mode [ 42.403001][ T6642] bridge_slave_0: entered promiscuous mode [ 42.404098][ T6642] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.404141][ T6642] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.404190][ T6642] bridge_slave_1: entered allmulticast mode [ 42.404581][ T6642] bridge_slave_1: entered promiscuous mode [ 42.416467][ T6642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.417395][ T6642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.424575][ T6642] team0: Port device team_slave_0 added [ 42.425292][ T6642] team0: Port device team_slave_1 added [ 42.434446][ T6642] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.434465][ T6642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.434476][ T6642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.435335][ T6642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.435342][ T6642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 42.435354][ T6642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.522044][ T6642] hsr_slave_0: entered promiscuous mode [ 42.522380][ T6642] hsr_slave_1: entered promiscuous mode [ 42.577656][ T6642] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 42.585367][ T6642] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 42.587805][ T6642] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 42.591784][ T6642] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 42.612034][ T6642] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.612078][ T6642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.612260][ T6642] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.612285][ T6642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.626616][ T6642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.631839][ T1163] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.633310][ T1163] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.636934][ T6642] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.641359][ T1163] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.641418][ T1163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.646343][ T1163] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.646380][ T1163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.794628][ T6642] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.795211][ T6642] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.845748][ T6642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.856396][ T6642] veth0_vlan: entered promiscuous mode [ 42.859055][ T6642] veth1_vlan: entered promiscuous mode [ 42.866117][ T6642] veth0_macvtap: entered promiscuous mode [ 42.868146][ T6642] veth1_macvtap: entered promiscuous mode [ 42.872394][ T6642] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.875877][ T6642] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.878153][ T14] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.881904][ T14] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.883734][ T14] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.883776][ T14] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.105515][ T914] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.162770][ T914] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.185732][ T914] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.235866][ T914] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:43 executed programs: 0 [ 43.282466][ T6145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 43.282838][ T6145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 43.283004][ T6145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 43.283297][ T6145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 43.283504][ T6145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 43.328647][ T6667] chnl_net:caif_netlink_parms(): no params data found [ 43.347913][ T6667] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.347981][ T6667] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.348034][ T6667] bridge_slave_0: entered allmulticast mode [ 43.348438][ T6667] bridge_slave_0: entered promiscuous mode [ 43.349669][ T6667] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.349721][ T6667] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.349765][ T6667] bridge_slave_1: entered allmulticast mode [ 43.350355][ T6667] bridge_slave_1: entered promiscuous mode [ 43.362518][ T6667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.363366][ T6667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.370376][ T6667] team0: Port device team_slave_0 added [ 43.371151][ T6667] team0: Port device team_slave_1 added [ 43.377339][ T6667] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.377361][ T6667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 43.377373][ T6667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.377891][ T6667] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.377896][ T6667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 43.377908][ T6667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.397016][ T6667] hsr_slave_0: entered promiscuous mode [ 43.397321][ T6667] hsr_slave_1: entered promiscuous mode [ 43.397530][ T6667] debugfs: 'hsr0' already exists in 'hsr' [ 43.397575][ T6667] Cannot create hsr debugfs directory [ 45.300184][ T6604] Bluetooth: hci0: command tx timeout [ 45.964441][ T914] bridge_slave_1: left allmulticast mode [ 45.964481][ T914] bridge_slave_1: left promiscuous mode [ 45.964745][ T914] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.972998][ T914] bridge_slave_0: left allmulticast mode [ 45.974127][ T914] bridge_slave_0: left promiscuous mode [ 45.975117][ T914] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.142251][ T914] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 46.181055][ T914] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 46.200620][ T914] bond0 (unregistering): Released all slaves [ 46.286913][ T914] hsr_slave_0: left promiscuous mode [ 46.287909][ T914] hsr_slave_1: left promiscuous mode [ 46.288175][ T914] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.288187][ T914] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.289351][ T914] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.289372][ T914] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.297564][ T914] veth1_macvtap: left promiscuous mode [ 46.297628][ T914] veth0_macvtap: left promiscuous mode [ 46.297677][ T914] veth1_vlan: left promiscuous mode [ 46.297727][ T914] veth0_vlan: left promiscuous mode [ 46.408077][ T914] team0 (unregistering): Port device team_slave_1 removed [ 46.414216][ T914] team0 (unregistering): Port device team_slave_0 removed [ 46.762716][ T6667] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.765077][ T6667] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.767459][ T6667] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.773137][ T6667] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.830665][ T6667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.834435][ T6667] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.836157][ T808] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.836194][ T808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.840755][ T808] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.840788][ T808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.893226][ T6667] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.905982][ T6667] veth0_vlan: entered promiscuous mode [ 46.907641][ T6667] veth1_vlan: entered promiscuous mode [ 46.914669][ T6667] veth0_macvtap: entered promiscuous mode [ 46.915582][ T6667] veth1_macvtap: entered promiscuous mode [ 46.918654][ T6667] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.920639][ T6667] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.923369][ T1163] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.924773][ T1163] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.929192][ T1163] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.930798][ T1163] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.947397][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.947424][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.957478][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.958953][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.013167][ T6744] netlink: 'syz.0.17': attribute type 1 has an invalid length. [ 47.014539][ T6744] FAULT_INJECTION: forcing a failure. [ 47.014539][ T6744] name failslab, interval 1, probability 0, space 0, times 1 [ 47.014781][ T6744] CPU: 1 UID: 0 PID: 6744 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 47.014798][ T6744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 47.014803][ T6744] Call trace: [ 47.014806][ T6744] show_stack+0x2c/0x3c (C) [ 47.014817][ T6744] __dump_stack+0x30/0x40 [ 47.014824][ T6744] dump_stack_lvl+0xd8/0x12c [ 47.014829][ T6744] dump_stack+0x1c/0x28 [ 47.014833][ T6744] should_fail_ex+0x41c/0x594 [ 47.014841][ T6744] should_failslab ** replaying previous printk message ** [ 47.014841][ T6744] should_failslab+0xc0/0x128 [ 47.014849][ T6744] __kmalloc_cache_noprof+0x80/0x65c [ 47.014855][ T6744] qfq_change_class+0x858/0xbe8 [ 47.014863][ T6744] tc_ctl_tclass+0x988/0x10b0 [ 47.014869][ T6744] rtnetlink_rcv_msg+0x624/0x97c [ 47.014874][ T6744] netlink_rcv_skb+0x220/0x3fc [ 47.014882][ T6744] rtnetlink_rcv+0x28/0x38 [ 47.014886][ T6744] netlink_unicast+0x694/0x8c4 [ 47.014892][ T6744] netlink_sendmsg+0x648/0x930 [ 47.014897][ T6744] ____sys_sendmsg+0x490/0x7b8 [ 47.014903][ T6744] ___sys_sendmsg+0x204/0x278 [ 47.014909][ T6744] __arm64_sys_sendmsg+0x184/0x238 [ 47.014914][ T6744] invoke_syscall+0x98/0x254 [ 47.014920][ T6744] el0_svc_common+0x130/0x23c [ 47.014924][ T6744] do_el0_svc+0x48/0x58 [ 47.014929][ T6744] el0_svc+0x5c/0x254 [ 47.014935][ T6744] el0t_64_sync_handler+0x84/0x12c [ 47.014940][ T6744] el0t_64_sync+0x198/0x19c [ 47.023712][ T6744] ================================================================== [ 47.023721][ T6744] BUG: KASAN: slab-use-after-free in qfq_reset_qdisc+0xcc/0x208 [ 47.023740][ T6744] Read of size 8 at addr ffff0000d891ae50 by task syz.0.17/6744 [ 47.023746][ T6744] [ 47.023750][ T6744] CPU: 1 UID: 0 PID: 6744 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 47.023757][ T6744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 47.023760][ T6744] Call trace: [ 47.023763][ T6744] show_stack+0x2c/0x3c (C) [ 47.023771][ T6744] __dump_stack+0x30/0x40 [ 47.023777][ T6744] dump_stack_lvl+0xd8/0x12c [ 47.023782][ T6744] print_address_description+0xa8/0x238 [ 47.023790][ T6744] print_report+0x68/0x84 [ 47.023796][ T6744] kasan_report+0xb0/0x110 [ 47.023802][ T6744] __asan_report_load8_noabort+0x20/0x2c [ 47.023808][ T6744] qfq_reset_qdisc+0xcc/0x208 [ 47.023814][ T6744] qdisc_reset+0x128/0x598 [ 47.023819][ T6744] __qdisc_destroy+0x134/0x4bc [ 47.023824][ T6744] dev_shutdown+0x35c/0x47c [ 47.023828][ T6744] unregister_netdevice_many_notify+0xbb8/0x1de0 [ 47.023836][ T6744] unregister_netdevice_queue+0x2b4/0x300 [ 47.023843][ T6744] __tun_detach+0x5d4/0x1304 [ 47.023850][ T6744] tun_chr_close+0x118/0x1f8 [ 47.023855][ T6744] __fput+0x340/0x75c [ 47.023861][ T6744] ____fput+0x20/0x58 [ 47.023867][ T6744] task_work_run+0x1dc/0x260 [ 47.023873][ T6744] exit_to_user_mode_loop+0xfc/0x178 [ 47.023880][ T6744] el0_svc+0x170/0x254 [ 47.023886][ T6744] el0t_64_sync_handler+0x84/0x12c [ 47.023891][ T6744] el0t_64_sync+0x198/0x19c [ 47.023897][ T6744] [ 47.023898][ T6744] Allocated by task 6744: [ 47.023901][ T6744] kasan_save_track+0x40/0x78 [ 47.023906][ T6744] kasan_save_alloc_info+0x44/0x54 [ 47.023911][ T6744] __kasan_kmalloc+0x9c/0xb4 [ 47.023915][ T6744] __kmalloc_cache_noprof+0x3a4/0x65c [ 47.023919][ T6744] qfq_change_class+0x498/0xbe8 [ 47.023924][ T6744] tc_ctl_tclass+0x988/0x10b0 [ 47.023929][ T6744] rtnetlink_rcv_msg+0x624/0x97c [ 47.023933][ T6744] netlink_rcv_skb+0x220/0x3fc [ 47.023940][ T6744] rtnetlink_rcv+0x28/0x38 [ 47.023943][ T6744] netlink_unicast+0x694/0x8c4 [ 47.023949][ T6744] netlink_sendmsg+0x648/0x930 [ 47.023952][ T6744] ____sys_sendmsg+0x490/0x7b8 [ 47.023958][ T6744] ___sys_sendmsg+0x204/0x278 [ 47.023962][ T6744] __arm64_sys_sendmsg+0x184/0x238 [ 47.023967][ T6744] invoke_syscall+0x98/0x254 [ 47.023972][ T6744] el0_svc_common+0x130/0x23c [ 47.023976][ T6744] do_el0_svc+0x48/0x58 [ 47.023979][ T6744] el0_svc+0x5c/0x254 [ 47.023984][ T6744] el0t_64_sync_handler+0x84/0x12c [ 47.023988][ T6744] el0t_64_sync+0x198/0x19c [ 47.023992][ T6744] [ 47.023993][ T6744] Freed by task 6744: [ 47.023996][ T6744] kasan_save_track+0x40/0x78 [ 47.024000][ T6744] __kasan_save_free_info+0x58/0x70 [ 47.024004][ T6744] __kasan_slab_free+0x74/0xa4 [ 47.024008][ T6744] kfree+0x184/0x600 [ 47.024012][ T6744] qfq_change_class+0x92c/0xbe8 [ 47.024017][ T6744] tc_ctl_tclass+0x988/0x10b0 [ 47.024022][ T6744] rtnetlink_rcv_msg+0x624/0x97c [ 47.024025][ T6744] netlink_rcv_skb+0x220/0x3fc [ 47.024031][ T6744] rtnetlink_rcv+0x28/0x38 [ 47.024035][ T6744] netlink_unicast+0x694/0x8c4 [ 47.024040][ T6744] netlink_sendmsg+0x648/0x930 [ 47.024044][ T6744] ____sys_sendmsg+0x490/0x7b8 [ 47.024049][ T6744] ___sys_sendmsg+0x204/0x278 [ 47.024054][ T6744] __arm64_sys_sendmsg+0x184/0x238 [ 47.024059][ T6744] invoke_syscall+0x98/0x254 [ 47.024063][ T6744] el0_svc_common+0x130/0x23c [ 47.024066][ T6744] do_el0_svc+0x48/0x58 [ 47.024070][ T6744] el0_svc+0x5c/0x254 [ 47.024074][ T6744] el0t_64_sync_handler+0x84/0x12c [ 47.024079][ T6744] el0t_64_sync+0x198/0x19c [ 47.024083][ T6744] [ 47.024084][ T6744] The buggy address belongs to the object at ffff0000d891ae00 [ 47.024084][ T6744] which belongs to the cache kmalloc-128 of size 128 [ 47.024089][ T6744] The buggy address is located 80 bytes inside of [ 47.024089][ T6744] freed 128-byte region [ffff0000d891ae00, ffff0000d891ae80) [ 47.024094][ T6744] [ 47.024095][ T6744] The buggy address belongs to the physical page: [ 47.024099][ T6744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11891a [ 47.024104][ T6744] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 47.024109][ T6744] page_type: f5(slab) [ 47.024114][ T6744] raw: 05ffc00000000000 ffff0000c0001a00 dead000000000122 0000000000000000 [ 47.024118][ T6744] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 47.024121][ T6744] page dumped because: kasan: bad access detected [ 47.024123][ T6744] [ 47.024124][ T6744] Memory state around the buggy address: [ 47.024127][ T6744] ffff0000d891ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 47.024130][ T6744] ffff0000d891ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.024134][ T6744] >ffff0000d891ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.024136][ T6744] ^ [ 47.024139][ T6744] ffff0000d891ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.024142][ T6744] ffff0000d891af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 47.024144][ T6744] ================================================================== [ 47.024148][ T6744] Disabling lock debugging due to kernel taint [ 47.024157][ T6744] Unable to handle kernel paging request at virtual address 006e807b40000354 [ 47.024161][ T6744] Mem abort info: [ 47.024164][ T6744] ESR = 0x0000000096000004 [ 47.024167][ T6744] EC = 0x25: DABT (current EL), IL = 32 bits [ 47.024171][ T6744] SET = 0, FnV = 0 [ 47.024174][ T6744] EA = 0, S1PTW = 0 [ 47.024176][ T6744] FSC = 0x04: level 0 translation fault [ 47.024180][ T6744] Data abort info: [ 47.024182][ T6744] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 47.024185][ T6744] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 47.024189][ T6744] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 47.024193][ T6744] [006e807b40000354] address between user and kernel address ranges [ 47.024198][ T6744] Internal error: Oops: 0000000096000004 [#1] SMP [ 47.120778][ T6744] Modules linked in: [ 47.121384][ T6744] CPU: 1 UID: 0 PID: 6744 Comm: syz.0.17 Tainted: G B syzkaller #0 PREEMPT [ 47.122953][ T6744] Tainted: [B]=BAD_PAGE [ 47.123549][ T6744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 47.125102][ T6744] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 47.126313][ T6744] pc : qfq_reset_qdisc+0xbc/0x208 [ 47.127133][ T6744] lr : qfq_reset_qdisc+0x158/0x208 [ 47.127910][ T6744] sp : ffff80009df077c0 [ 47.128572][ T6744] x29: ffff80009df077d0 x28: 0000000000000000 x27: 1fffe0001920305a [ 47.129918][ T6744] x26: 006f007b40000354 x25: dfff800000000000 x24: 0000000000000000 [ 47.131289][ T6744] x23: 037803da00001aa0 x22: 037803da00001a50 x21: ffff0000c90182d0 [ 47.132620][ T6744] x20: ffff0000c90182d8 x19: ffff0000c9018000 x18: 1fffe000337dfe90 [ 47.133915][ T6744] x17: 3d3d3d3d3d3d3d3d x16: ffff800082de9540 x15: 0000000000000001 [ 47.135230][ T6744] x14: 1ffff0001250b1b8 x13: 0000000000000000 x12: 0000000000000000 [ 47.136546][ T6744] x11: ffff70001250b1b9 x10: 0000000000ff0100 x9 : 0000000000000000 [ 47.137854][ T6744] x8 : ffff0000dc8d3d80 x7 : 0000000000000001 x6 : ffff8000805638d4 [ 47.139111][ T6744] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008936af34 [ 47.140371][ T6744] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 47.141640][ T6744] Call trace: [ 47.142190][ T6744] qfq_reset_qdisc+0xbc/0x208 (P) [ 47.143002][ T6744] qdisc_reset+0x128/0x598 [ 47.143679][ T6744] __qdisc_destroy+0x134/0x4bc [ 47.144482][ T6744] dev_shutdown+0x35c/0x47c [ 47.145152][ T6744] unregister_netdevice_many_notify+0xbb8/0x1de0 [ 47.146169][ T6744] unregister_netdevice_queue+0x2b4/0x300 [ 47.147118][ T6744] __tun_detach+0x5d4/0x1304 [ 47.147879][ T6744] tun_chr_close+0x118/0x1f8 [ 47.148574][ T6744] __fput+0x340/0x75c [ 47.149165][ T6744] ____fput+0x20/0x58 [ 47.149814][ T6744] task_work_run+0x1dc/0x260 [ 47.150567][ T6744] exit_to_user_mode_loop+0xfc/0x178 [ 47.151493][ T6744] el0_svc+0x170/0x254 [ 47.152077][ T6744] el0t_64_sync_handler+0x84/0x12c [ 47.152863][ T6744] el0t_64_sync+0x198/0x19c [ 47.153545][ T6744] Code: d1002116 b4000656 910142d7 d343fefa (38796b48) [ 47.154703][ T6744] ---[ end trace 0000000000000000 ]--- [ 47.382386][ T6744] Kernel panic - not syncing: Oops: Fatal exception [ 47.383430][ T6744] SMP: stopping secondary CPUs [ 47.384220][ T6744] Kernel Offset: disabled [ 47.384903][ T6744] CPU features: 0x100000,0001e000,42702281,5427fea7 [ 47.385917][ T6744] Memory Limit: none [ 47.607244][ T6744] Rebooting in 86400 seconds..