Warning: Permanently added '10.128.0.45' (ED25519) to the list of known hosts. 1970/01/01 00:00:29 parsed 1 programs [ 31.175987][ T6580] cgroup: Unknown subsys name 'net' [ 31.355953][ T6580] cgroup: Unknown subsys name 'cpuset' [ 31.357774][ T6580] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 31.522116][ T6580] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 38.417505][ T6591] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 38.745205][ T6615] chnl_net:caif_netlink_parms(): no params data found [ 38.824706][ T6615] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.824999][ T6615] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.825088][ T6615] bridge_slave_0: entered allmulticast mode [ 38.825569][ T6615] bridge_slave_0: entered promiscuous mode [ 38.826861][ T6615] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.826908][ T6615] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.826956][ T6615] bridge_slave_1: entered allmulticast mode [ 38.827344][ T6615] bridge_slave_1: entered promiscuous mode [ 38.834040][ T6615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 38.836997][ T6615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.846559][ T6615] team0: Port device team_slave_0 added [ 38.847269][ T6615] team0: Port device team_slave_1 added [ 38.855423][ T6615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.855443][ T6615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.855458][ T6615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.856210][ T6615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.856216][ T6615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.856228][ T6615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.866404][ T6615] hsr_slave_0: entered promiscuous mode [ 38.866760][ T6615] hsr_slave_1: entered promiscuous mode [ 38.930906][ T6615] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.933718][ T6615] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.936358][ T6615] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.937385][ T6615] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.953098][ T6615] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.953146][ T6615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.953378][ T6615] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.953408][ T6615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.967451][ T6615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.970368][ T869] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.972182][ T869] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.977378][ T6615] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.979991][ T794] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.980031][ T794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.984400][ T3476] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.984434][ T3476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.129702][ T6615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.142534][ T6615] veth0_vlan: entered promiscuous mode [ 39.144135][ T6615] veth1_vlan: entered promiscuous mode [ 39.151111][ T6615] veth0_macvtap: entered promiscuous mode [ 39.152102][ T6615] veth1_macvtap: entered promiscuous mode [ 39.156658][ T6615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.157923][ T6615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.161760][ T652] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.163328][ T652] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.166292][ T652] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.167826][ T652] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.417686][ T41] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.437339][ T869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.439424][ T869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.447617][ T869] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 39.447646][ T869] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 39.461306][ T41] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.502007][ T41] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.545829][ T41] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.768779][ T6168] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.770109][ T6168] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.771330][ T6168] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.772881][ T6168] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.774428][ T6168] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:40 executed programs: 0 [ 40.311140][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.312715][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.314224][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.316204][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.316405][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.363576][ T6692] chnl_net:caif_netlink_parms(): no params data found [ 40.384136][ T6692] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.384205][ T6692] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.384294][ T6692] bridge_slave_0: entered allmulticast mode [ 40.385398][ T6692] bridge_slave_0: entered promiscuous mode [ 40.386217][ T6692] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.386255][ T6692] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.386329][ T6692] bridge_slave_1: entered allmulticast mode [ 40.386772][ T6692] bridge_slave_1: entered promiscuous mode [ 40.394099][ T6692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.396254][ T6692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.403069][ T6692] team0: Port device team_slave_0 added [ 40.404823][ T6692] team0: Port device team_slave_1 added [ 40.410180][ T6692] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.410611][ T6692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 40.410628][ T6692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.411141][ T6692] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.411148][ T6692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 40.411160][ T6692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.421354][ T6692] hsr_slave_0: entered promiscuous mode [ 40.421657][ T6692] hsr_slave_1: entered promiscuous mode [ 40.421848][ T6692] debugfs: 'hsr0' already exists in 'hsr' [ 40.421902][ T6692] Cannot create hsr debugfs directory [ 42.344903][ T53] Bluetooth: hci0: command tx timeout [ 42.786533][ T41] bridge_slave_1: left allmulticast mode [ 42.786580][ T41] bridge_slave_1: left promiscuous mode [ 42.786936][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.791028][ T41] bridge_slave_0: left allmulticast mode [ 42.792068][ T41] bridge_slave_0: left promiscuous mode [ 42.793167][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.939827][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 42.955972][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 42.995549][ T41] bond0 (unregistering): Released all slaves [ 43.061455][ T41] hsr_slave_0: left promiscuous mode [ 43.062963][ T41] hsr_slave_1: left promiscuous mode [ 43.064166][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.067596][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 43.069399][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.070630][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 43.077107][ T41] veth1_macvtap: left promiscuous mode [ 43.078133][ T41] veth0_macvtap: left promiscuous mode [ 43.079330][ T41] veth1_vlan: left promiscuous mode [ 43.080243][ T41] veth0_vlan: left promiscuous mode [ 43.197400][ T41] team0 (unregistering): Port device team_slave_1 removed [ 43.204037][ T41] team0 (unregistering): Port device team_slave_0 removed [ 43.526235][ T6692] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 43.529024][ T6692] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 43.531207][ T6692] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 43.533301][ T6692] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 43.606731][ T6692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.609532][ T6692] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.611867][ T794] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.611891][ T794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.621875][ T652] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.621921][ T652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.813541][ T6692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.822500][ T6692] veth0_vlan: entered promiscuous mode [ 43.824029][ T6692] veth1_vlan: entered promiscuous mode [ 43.833638][ T6692] veth0_macvtap: entered promiscuous mode [ 43.841447][ T6692] veth1_macvtap: entered promiscuous mode [ 43.846084][ T6692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.846972][ T6692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.852114][ T794] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.852686][ T794] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.852709][ T794] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.852723][ T794] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.895447][ T794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.896809][ T794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.913968][ T652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.916046][ T652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.994310][ T6768] netlink: 'syz.0.17': attribute type 1 has an invalid length. [ 43.994340][ T6768] FAULT_INJECTION: forcing a failure. [ 43.994340][ T6768] name failslab, interval 1, probability 0, space 0, times 1 [ 43.994353][ T6768] CPU: 0 UID: ** replaying previous printk message ** [ 43.994353][ T6768] CPU: 0 UID: 0 PID: 6768 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 43.994362][ T6768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 43.994367][ T6768] Call trace: [ 43.994371][ T6768] show_stack+0x2c/0x3c (C) [ 43.994388][ T6768] __dump_stack+0x30/0x40 [ 43.994398][ T6768] dump_stack_lvl+0xd8/0x12c [ 43.994404][ T6768] dump_stack+0x1c/0x28 [ 43.994409][ T6768] should_fail_ex+0x41c/0x594 [ 43.994416][ T6768] should_failslab+0xc0/0x128 [ 43.994424][ T6768] __kmalloc_cache_noprof+0x8c/0x698 [ 43.994430][ T6768] qfq_change_class+0x858/0xbe8 [ 43.994438][ T6768] tc_ctl_tclass+0x988/0x10b0 [ 43.994444][ T6768] rtnetlink_rcv_msg+0x624/0x97c [ 43.994452][ T6768] netlink_rcv_skb+0x220/0x3fc [ 43.994459][ T6768] rtnetlink_rcv+0x28/0x38 [ 43.994465][ T6768] netlink_unicast+0x694/0x8c4 [ 43.994471][ T6768] netlink_sendmsg+0x648/0x930 [ 43.994477][ T6768] ____sys_sendmsg+0x490/0x7c4 [ 43.994484][ T6768] ___sys_sendmsg+0x204/0x278 [ 43.994489][ T6768] __arm64_sys_sendmsg+0x184/0x238 [ 43.994494][ T6768] invoke_syscall+0x98/0x254 [ 43.994500][ T6768] el0_svc_common+0xe8/0x23c [ 43.994505][ T6768] do_el0_svc+0x48/0x58 [ 43.994511][ T6768] el0_svc+0x5c/0x26c [ 43.994517][ T6768] el0t_64_sync_handler+0x84/0x12c [ 43.994527][ T6768] el0t_64_sync+0x198/0x19c [ 43.998141][ T6768] ================================================================== [ 43.998147][ T6768] BUG: KASAN: slab-use-after-free in qfq_reset_qdisc+0xcc/0x208 [ 43.998157][ T6768] Read of size 8 at addr ffff0000caba4150 by task syz.0.17/6768 [ 43.998161][ T6768] [ 43.998164][ T6768] CPU: 0 UID: 0 PID: 6768 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 43.998169][ T6768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 43.998172][ T6768] Call trace: [ 43.998174][ T6768] show_stack+0x2c/0x3c (C) [ 43.998181][ T6768] __dump_stack+0x30/0x40 [ 43.998186][ T6768] dump_stack_lvl+0xd8/0x12c [ 43.998191][ T6768] print_address_description+0xa8/0x238 [ 43.998197][ T6768] print_report+0x68/0x84 [ 43.998201][ T6768] kasan_report+0xb0/0x110 [ 43.998207][ T6768] __asan_report_load8_noabort+0x20/0x2c [ 43.998213][ T6768] qfq_reset_qdisc+0xcc/0x208 [ 43.998218][ T6768] qdisc_reset+0x110/0x598 [ 43.998225][ T6768] __qdisc_destroy+0x134/0x4bc [ 43.998231][ T6768] dev_shutdown+0x35c/0x47c [ 43.998237][ T6768] unregister_netdevice_many_notify+0xecc/0x2110 [ 43.998244][ T6768] unregister_netdevice_queue+0x26c/0x2fc [ 43.998250][ T6768] __tun_detach+0x5d4/0x1304 [ 43.998255][ T6768] tun_chr_close+0x118/0x1f8 [ 43.998260][ T6768] __fput+0x340/0x75c [ 43.998265][ T6768] ____fput+0x20/0x58 [ 43.998271][ T6768] task_work_run+0x1dc/0x260 [ 43.998278][ T6768] exit_to_user_mode_loop+0x10c/0x18c [ 43.998284][ T6768] el0_svc+0x17c/0x26c [ 43.998289][ T6768] el0t_64_sync_handler+0x84/0x12c [ 43.998295][ T6768] el0t_64_sync+0x198/0x19c [ 43.998300][ T6768] [ 43.998301][ T6768] Allocated by task 6768: [ 43.998304][ T6768] kasan_save_track+0x40/0x78 [ 43.998309][ T6768] kasan_save_alloc_info+0x44/0x54 [ 43.998313][ T6768] __kasan_kmalloc+0x9c/0xb4 [ 43.998317][ T6768] __kmalloc_cache_noprof+0x3b8/0x698 [ 43.998321][ T6768] qfq_change_class+0x498/0xbe8 [ 43.998326][ T6768] tc_ctl_tclass+0x988/0x10b0 [ 43.998330][ T6768] rtnetlink_rcv_msg+0x624/0x97c [ 43.998335][ T6768] netlink_rcv_skb+0x220/0x3fc [ 43.998341][ T6768] rtnetlink_rcv+0x28/0x38 [ 43.998346][ T6768] netlink_unicast+0x694/0x8c4 [ 43.998351][ T6768] netlink_sendmsg+0x648/0x930 [ 43.998356][ T6768] ____sys_sendmsg+0x490/0x7c4 [ 43.998360][ T6768] ___sys_sendmsg+0x204/0x278 [ 43.998364][ T6768] __arm64_sys_sendmsg+0x184/0x238 [ 43.998369][ T6768] invoke_syscall+0x98/0x254 [ 43.998373][ T6768] el0_svc_common+0xe8/0x23c [ 43.998377][ T6768] do_el0_svc+0x48/0x58 [ 43.998382][ T6768] el0_svc+0x5c/0x26c [ 43.998386][ T6768] el0t_64_sync_handler+0x84/0x12c [ 43.998391][ T6768] el0t_64_sync+0x198/0x19c [ 43.998394][ T6768] [ 43.998395][ T6768] Freed by task 6768: [ 43.998398][ T6768] kasan_save_track+0x40/0x78 [ 43.998401][ T6768] kasan_save_free_info+0x58/0x70 [ 43.998406][ T6768] __kasan_slab_free+0x74/0xa4 [ 43.998410][ T6768] kfree+0x1c4/0x5fc [ 43.998413][ T6768] qfq_change_class+0x92c/0xbe8 [ 43.998418][ T6768] tc_ctl_tclass+0x988/0x10b0 [ 43.998422][ T6768] rtnetlink_rcv_msg+0x624/0x97c [ 43.998427][ T6768] netlink_rcv_skb+0x220/0x3fc [ 43.998432][ T6768] rtnetlink_rcv+0x28/0x38 [ 43.998437][ T6768] netlink_unicast+0x694/0x8c4 [ 43.998442][ T6768] netlink_sendmsg+0x648/0x930 [ 43.998447][ T6768] ____sys_sendmsg+0x490/0x7c4 [ 43.998451][ T6768] ___sys_sendmsg+0x204/0x278 [ 43.998455][ T6768] __arm64_sys_sendmsg+0x184/0x238 [ 43.998459][ T6768] invoke_syscall+0x98/0x254 [ 43.998463][ T6768] el0_svc_common+0xe8/0x23c [ 43.998468][ T6768] do_el0_svc+0x48/0x58 [ 43.998472][ T6768] el0_svc+0x5c/0x26c [ 43.998476][ T6768] el0t_64_sync_handler+0x84/0x12c [ 43.998481][ T6768] el0t_64_sync+0x198/0x19c [ 43.998484][ T6768] [ 43.998486][ T6768] The buggy address belongs to the object at ffff0000caba4100 [ 43.998486][ T6768] which belongs to the cache kmalloc-128 of size 128 [ 43.998490][ T6768] The buggy address is located 80 bytes inside of [ 43.998490][ T6768] freed 128-byte region [ffff0000caba4100, ffff0000caba4180) [ 43.998495][ T6768] [ 43.998496][ T6768] The buggy address belongs to the physical page: [ 43.998500][ T6768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10aba4 [ 43.998505][ T6768] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 43.998511][ T6768] page_type: f5(slab) [ 43.998516][ T6768] raw: 05ffc00000000000 ffff0000c0001a00 fffffdffc30c5840 dead000000000004 [ 43.998520][ T6768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 43.998523][ T6768] page dumped because: kasan: bad access detected [ 43.998525][ T6768] [ 43.998526][ T6768] Memory state around the buggy address: [ 43.998529][ T6768] ffff0000caba4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 43.998532][ T6768] ffff0000caba4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.998535][ T6768] >ffff0000caba4100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.998537][ T6768] ^ [ 43.998540][ T6768] ffff0000caba4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.998543][ T6768] ffff0000caba4200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.998545][ T6768] ================================================================== [ 43.998548][ T6768] Disabling lock debugging due to kernel taint [ 43.998557][ T6768] Unable to handle kernel paging request at virtual address 0052007bc0000357 [ 43.998561][ T6768] Mem abort info: [ 43.998563][ T6768] ESR = 0x0000000096000004 [ 43.998566][ T6768] EC = 0x25: DABT (current EL), IL = 32 bits [ 43.998570][ T6768] SET = 0, FnV = 0 [ 43.998576][ T6768] EA = 0, S1PTW = 0 [ 43.998579][ T6768] FSC = 0x04: level 0 translation fault [ 43.998582][ T6768] Data abort info: [ 43.998583][ T6768] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 43.998587][ T6768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 43.998590][ T6768] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 43.998594][ T6768] [0052007bc0000357] address between user and kernel address ranges [ 43.998599][ T6768] Internal error: Oops: 0000000096000004 [#1] SMP [ 44.102252][ T6768] Modules linked in: [ 44.102877][ T6768] CPU: 0 UID: 0 PID: 6768 Comm: syz.0.17 Tainted: G B syzkaller #0 PREEMPT [ 44.104450][ T6768] Tainted: [B]=BAD_PAGE [ 44.105104][ T6768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 44.106604][ T6768] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 44.107732][ T6768] pc : qfq_reset_qdisc+0xbc/0x208 [ 44.108516][ T6768] lr : qfq_reset_qdisc+0x158/0x208 [ 44.109366][ T6768] sp : ffff8000a10977a0 [ 44.109957][ T6768] x29: ffff8000a10977b0 x28: 0000000000000000 x27: 1fffe0001af75052 [ 44.111179][ T6768] x26: 0052807bc0000357 x25: dfff800000000000 x24: 0000000000000000 [ 44.112423][ T6768] x23: 029403de00001ab8 x22: 029403de00001a68 x21: ffff0000d7ba8290 [ 44.113686][ T6768] x20: ffff0000d7ba8298 x19: ffff0000d7ba8000 x18: 1fffe0003377d090 [ 44.114960][ T6768] x17: 3d3d3d3d3d3d3d3d x16: ffff800082e5e68c x15: 0000000000000001 [ 44.116252][ T6768] x14: 1ffff0001255c918 x13: 0000000000000000 x12: 0000000000000000 [ 44.117532][ T6768] x11: ffff70001255c919 x10: 0000000000ff0100 x9 : 0000000000000000 [ 44.118817][ T6768] x8 : ffff0000dcb2b900 x7 : 0000000000000001 x6 : ffff8000805761f8 [ 44.120076][ T6768] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000894e0168 [ 44.121298][ T6768] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 44.122495][ T6768] Call trace: [ 44.122960][ T6768] qfq_reset_qdisc+0xbc/0x208 (P) [ 44.123764][ T6768] qdisc_reset+0x110/0x598 [ 44.124408][ T6768] __qdisc_destroy+0x134/0x4bc [ 44.125186][ T6768] dev_shutdown+0x35c/0x47c [ 44.125873][ T6768] unregister_netdevice_many_notify+0xecc/0x2110 [ 44.126890][ T6768] unregister_netdevice_queue+0x26c/0x2fc [ 44.127790][ T6768] __tun_detach+0x5d4/0x1304 [ 44.128437][ T6768] tun_chr_close+0x118/0x1f8 [ 44.129157][ T6768] __fput+0x340/0x75c [ 44.129757][ T6768] ____fput+0x20/0x58 [ 44.130330][ T6768] task_work_run+0x1dc/0x260 [ 44.131058][ T6768] exit_to_user_mode_loop+0x10c/0x18c [ 44.131775][ T6768] el0_svc+0x17c/0x26c [ 44.132357][ T6768] el0t_64_sync_handler+0x84/0x12c [ 44.133092][ T6768] el0t_64_sync+0x198/0x19c [ 44.133797][ T6768] Code: d1002116 b4000656 910142d7 d343fefa (38796b48) [ 44.134787][ T6768] ---[ end trace 0000000000000000 ]--- [ 44.370088][ T6768] Kernel panic - not syncing: Oops: Fatal exception [ 44.370997][ T6768] SMP: stopping secondary CPUs [ 44.371683][ T6768] Kernel Offset: disabled [ 44.372330][ T6768] CPU features: 0x400000,00078001,04e04501,5427fea7 [ 44.373300][ T6768] Memory Limit: none [ 44.576616][ T6768] Rebooting in 86400 seconds..