[ 45.599183][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.600248][ T39] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.601644][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.602855][ T39] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.607582][ T39] veth1_macvtap: left promiscuous mode [ 45.608470][ T39] veth0_macvtap: left promiscuous mode [ 45.609483][ T39] veth1_vlan: left promiscuous mode [ 45.610307][ T39] veth0_vlan: left promiscuous mode [ 45.720057][ T39] team0 (unregistering): Port device team_slave_1 removed [ 45.729076][ T39] team0 (unregistering): Port device team_slave_0 removed Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts. 1970/01/01 00:01:00 parsed 1 programs [ 61.771407][ T6882] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 64.484243][ T2373] cfg80211: failed to load regulatory.db [ 64.494514][ T2455] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.494564][ T2455] ieee802154 phy1 wpan1: encryption failed: -22 [ 66.823861][ T6153] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.827654][ T6153] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.829388][ T6153] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.831085][ T6153] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.832553][ T6153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.926321][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.927759][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.936944][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.936978][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.916280][ T6946] chnl_net:caif_netlink_parms(): no params data found [ 68.120137][ T6946] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.120846][ T6946] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.120919][ T6946] bridge_slave_0: entered allmulticast mode [ 68.121355][ T6946] bridge_slave_0: entered promiscuous mode [ 68.123177][ T6946] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.123222][ T6946] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.123285][ T6946] bridge_slave_1: entered allmulticast mode [ 68.127825][ T6946] bridge_slave_1: entered promiscuous mode [ 68.144435][ T6946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.146531][ T6946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.159585][ T6946] team0: Port device team_slave_0 added [ 68.160255][ T6946] team0: Port device team_slave_1 added [ 68.166811][ T6946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.166831][ T6946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 68.166841][ T6946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.167359][ T6946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.167365][ T6946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 68.167377][ T6946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.186432][ T6946] hsr_slave_0: entered promiscuous mode [ 68.186762][ T6946] hsr_slave_1: entered promiscuous mode [ 68.564555][ T6946] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.567182][ T6946] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.569841][ T6946] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.572577][ T6946] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.581489][ T6946] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.581540][ T6946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.581614][ T6946] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.581645][ T6946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.600417][ T6946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.605864][ T2214] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.607344][ T2214] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.616222][ T6946] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.621353][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.621404][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.634123][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.634175][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.681733][ T6946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.698258][ T6946] veth0_vlan: entered promiscuous mode [ 68.701284][ T6946] veth1_vlan: entered promiscuous mode [ 68.708556][ T6946] veth0_macvtap: entered promiscuous mode [ 68.710874][ T6946] veth1_macvtap: entered promiscuous mode [ 68.717671][ T6946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.721337][ T6946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.725396][ T15] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.726908][ T15] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.728437][ T15] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.728835][ T15] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.908431][ T2214] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.941419][ T2214] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.997190][ T2214] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.058687][ T2214] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:09 executed programs: 0 [ 69.243161][ T6619] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.244639][ T6619] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.246037][ T6619] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 69.247743][ T6619] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.249203][ T6619] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.306911][ T7093] chnl_net:caif_netlink_parms(): no params data found [ 69.338858][ T7093] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.340198][ T7093] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.341382][ T7093] bridge_slave_0: entered allmulticast mode [ 69.341842][ T7093] bridge_slave_0: entered promiscuous mode [ 69.343160][ T7093] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.343181][ T7093] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.343230][ T7093] bridge_slave_1: entered allmulticast mode [ 69.343628][ T7093] bridge_slave_1: entered promiscuous mode [ 69.354488][ T7093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.357270][ T7093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.367381][ T7093] team0: Port device team_slave_0 added [ 69.369199][ T7093] team0: Port device team_slave_1 added [ 69.380145][ T7093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.381414][ T7093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.386631][ T7093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.389212][ T7093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.390404][ T7093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.395133][ T7093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.413501][ T7093] hsr_slave_0: entered promiscuous mode [ 69.414990][ T7093] hsr_slave_1: entered promiscuous mode [ 69.416371][ T7093] debugfs: 'hsr0' already exists in 'hsr' [ 69.417430][ T7093] Cannot create hsr debugfs directory [ 71.282260][ T6619] Bluetooth: hci0: command tx timeout [ 72.005308][ T2214] bridge_slave_1: left allmulticast mode [ 72.005346][ T2214] bridge_slave_1: left promiscuous mode [ 72.005472][ T2214] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.008685][ T2214] bridge_slave_0: left allmulticast mode [ 72.008714][ T2214] bridge_slave_0: left promiscuous mode [ 72.008784][ T2214] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.145673][ T2214] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 72.193230][ T2214] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 72.202996][ T2214] bond0 (unregistering): Released all slaves [ 72.293633][ T2214] hsr_slave_0: left promiscuous mode [ 72.295011][ T2214] hsr_slave_1: left promiscuous mode [ 72.296267][ T2214] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.297548][ T2214] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 72.299072][ T2214] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 72.300310][ T2214] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 72.305684][ T2214] veth1_macvtap: left promiscuous mode [ 72.307061][ T2214] veth0_macvtap: left promiscuous mode [ 72.308118][ T2214] veth1_vlan: left promiscuous mode [ 72.309309][ T2214] veth0_vlan: left promiscuous mode [ 72.421751][ T2214] team0 (unregistering): Port device team_slave_1 removed [ 72.428450][ T2214] team0 (unregistering): Port device team_slave_0 removed [ 72.607358][ T7093] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.610030][ T7093] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.614379][ T7093] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.620084][ T7093] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.657631][ T7093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.660467][ T7093] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.664547][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.664592][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.666430][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.666448][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.675867][ T7093] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.675910][ T7093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.726068][ T7093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.740221][ T7093] veth0_vlan: entered promiscuous mode [ 72.741771][ T7093] veth1_vlan: entered promiscuous mode [ 72.748623][ T7093] veth0_macvtap: entered promiscuous mode [ 72.749519][ T7093] veth1_macvtap: entered promiscuous mode [ 72.794524][ T7093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.795672][ T7093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.799162][ T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.799218][ T42] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.799236][ T42] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.799249][ T42] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.824716][ T15] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.826082][ T15] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.838872][ T15] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.838898][ T15] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.867957][ T7204] netlink: 'syz.0.17': attribute type 1 has an invalid length. [ 72.867993][ T7204] FAULT_INJECTION: forcing a failure. [ 72.867993][ T7204] name failslab, interval 1, probability 0, space 0, times 1 [ 72.868007][ T7204] CPU: 0 UID: 0 PID: 7204 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 72.868015][ T7204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 72.868020][ T7204] Call trace: [ 72.868023][ T7204] show_stack+0x2c/0x3 ** replaying previous printk message ** [ 72.868023][ T7204] show_stack+0x2c/0x3c (C) [ 72.868037][ T7204] __dump_stack+0x30/0x40 [ 72.868043][ T7204] dump_stack_lvl+0xd8/0x12c [ 72.868048][ T7204] dump_stack+0x1c/0x28 [ 72.868052][ T7204] should_fail_ex+0x41c/0x594 [ 72.868060][ T7204] should_failslab+0xc0/0x128 [ 72.868068][ T7204] __kmalloc_cache_noprof+0x80/0x65c [ 72.868074][ T7204] qfq_change_class+0x858/0xbe8 [ 72.868082][ T7204] tc_ctl_tclass+0x988/0x10b0 [ 72.868089][ T7204] rtnetlink_rcv_msg+0x624/0x97c [ 72.868094][ T7204] netlink_rcv_skb+0x220/0x3fc [ 72.868099][ T7204] rtnetlink_rcv+0x28/0x38 [ 72.868104][ T7204] netlink_unicast+0x694/0x8c4 [ 72.868119][ T7204] netlink_sendmsg+0x648/0x930 [ 72.868124][ T7204] ____sys_sendmsg+0x490/0x7b8 [ 72.868131][ T7204] ___sys_sendmsg+0x204/0x278 [ 72.868137][ T7204] __arm64_sys_sendmsg+0x184/0x238 [ 72.868143][ T7204] invoke_syscall+0x98/0x254 [ 72.868149][ T7204] el0_svc_common+0x130/0x23c [ 72.868154][ T7204] do_el0_svc+0x48/0x58 [ 72.868159][ T7204] el0_svc+0x5c/0x254 [ 72.868166][ T7204] el0t_64_sync_handler+0x84/0x12c [ 72.868172][ T7204] el0t_64_sync+0x198/0x19c [ 72.875303][ T7203] ================================================================== [ 72.875315][ T7203] BUG: KASAN: slab-use-after-free in qfq_reset_qdisc+0xcc/0x208 [ 72.875338][ T7203] Read of size 8 at addr ffff0000ded3dc50 by task syz.0.17/7203 [ 72.875344][ T7203] [ 72.875348][ T7203] CPU: 0 UID: 0 PID: 7203 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT [ 72.875355][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 72.875359][ T7203] Call trace: [ 72.875362][ T7203] show_stack+0x2c/0x3c (C) [ 72.875370][ T7203] __dump_stack+0x30/0x40 [ 72.875375][ T7203] dump_stack_lvl+0xd8/0x12c [ 72.875380][ T7203] print_address_description+0xa8/0x238 [ 72.875387][ T7203] print_report+0x68/0x84 [ 72.875393][ T7203] kasan_report+0xb0/0x110 [ 72.875399][ T7203] __asan_report_load8_noabort+0x20/0x2c [ 72.875406][ T7203] qfq_reset_qdisc+0xcc/0x208 [ 72.875412][ T7203] qdisc_reset+0x128/0x598 [ 72.875417][ T7203] __qdisc_destroy+0x134/0x4bc [ 72.875422][ T7203] dev_shutdown+0x35c/0x47c [ 72.875428][ T7203] unregister_netdevice_many_notify+0xec0/0x20e8 [ 72.875435][ T7203] unregister_netdevice_queue+0x2b4/0x300 [ 72.875442][ T7203] __tun_detach+0x5d4/0x1304 [ 72.875449][ T7203] tun_chr_close+0x118/0x1f8 [ 72.875455][ T7203] __fput+0x340/0x75c [ 72.875461][ T7203] ____fput+0x20/0x58 [ 72.875467][ T7203] task_work_run+0x1dc/0x260 [ 72.875473][ T7203] exit_to_user_mode_loop+0xfc/0x178 [ 72.875480][ T7203] el0_svc+0x170/0x254 [ 72.875486][ T7203] el0t_64_sync_handler+0x84/0x12c [ 72.875492][ T7203] el0t_64_sync+0x198/0x19c [ 72.875497][ T7203] [ 72.875499][ T7203] Allocated by task 7204: [ 72.875502][ T7203] kasan_save_track+0x40/0x78 [ 72.875507][ T7203] kasan_save_alloc_info+0x44/0x54 [ 72.875512][ T7203] __kasan_kmalloc+0x9c/0xb4 [ 72.875516][ T7203] __kmalloc_cache_noprof+0x3a4/0x65c [ 72.875521][ T7203] qfq_change_class+0x498/0xbe8 [ 72.875527][ T7203] tc_ctl_tclass+0x988/0x10b0 [ 72.875532][ T7203] rtnetlink_rcv_msg+0x624/0x97c [ 72.875536][ T7203] netlink_rcv_skb+0x220/0x3fc [ 72.875540][ T7203] rtnetlink_rcv+0x28/0x38 [ 72.875544][ T7203] netlink_unicast+0x694/0x8c4 [ 72.875550][ T7203] netlink_sendmsg+0x648/0x930 [ 72.875554][ T7203] ____sys_sendmsg+0x490/0x7b8 [ 72.875560][ T7203] ___sys_sendmsg+0x204/0x278 [ 72.875565][ T7203] __arm64_sys_sendmsg+0x184/0x238 [ 72.875570][ T7203] invoke_syscall+0x98/0x254 [ 72.875574][ T7203] el0_svc_common+0x130/0x23c [ 72.875578][ T7203] do_el0_svc+0x48/0x58 [ 72.875582][ T7203] el0_svc+0x5c/0x254 [ 72.875586][ T7203] el0t_64_sync_handler+0x84/0x12c [ 72.875591][ T7203] el0t_64_sync+0x198/0x19c [ 72.875595][ T7203] [ 72.875596][ T7203] Freed by task 7204: [ 72.875599][ T7203] kasan_save_track+0x40/0x78 [ 72.875603][ T7203] __kasan_save_free_info+0x58/0x70 [ 72.875607][ T7203] __kasan_slab_free+0x74/0xa4 [ 72.875612][ T7203] kfree+0x184/0x600 [ 72.875615][ T7203] qfq_change_class+0x92c/0xbe8 [ 72.875621][ T7203] tc_ctl_tclass+0x988/0x10b0 [ 72.875626][ T7203] rtnetlink_rcv_msg+0x624/0x97c [ 72.875630][ T7203] netlink_rcv_skb+0x220/0x3fc [ 72.875633][ T7203] rtnetlink_rcv+0x28/0x38 [ 72.875637][ T7203] netlink_unicast+0x694/0x8c4 [ 72.875643][ T7203] netlink_sendmsg+0x648/0x930 [ 72.875647][ T7203] ____sys_sendmsg+0x490/0x7b8 [ 72.875652][ T7203] ___sys_sendmsg+0x204/0x278 [ 72.875657][ T7203] __arm64_sys_sendmsg+0x184/0x238 [ 72.875662][ T7203] invoke_syscall+0x98/0x254 [ 72.875666][ T7203] el0_svc_common+0x130/0x23c [ 72.875670][ T7203] do_el0_svc+0x48/0x58 [ 72.875674][ T7203] el0_svc+0x5c/0x254 [ 72.875678][ T7203] el0t_64_sync_handler+0x84/0x12c [ 72.875683][ T7203] el0t_64_sync+0x198/0x19c [ 72.875687][ T7203] [ 72.875688][ T7203] The buggy address belongs to the object at ffff0000ded3dc00 [ 72.875688][ T7203] which belongs to the cache kmalloc-128 of size 128 [ 72.875693][ T7203] The buggy address is located 80 bytes inside of [ 72.875693][ T7203] freed 128-byte region [ffff0000ded3dc00, ffff0000ded3dc80) [ 72.875698][ T7203] [ 72.875699][ T7203] The buggy address belongs to the physical page: [ 72.875703][ T7203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ed3d [ 72.875709][ T7203] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 72.875714][ T7203] page_type: f5(slab) [ 72.875720][ T7203] raw: 05ffc00000000000 ffff0000c0001a00 dead000000000122 0000000000000000 [ 72.875724][ T7203] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 72.875727][ T7203] page dumped because: kasan: bad access detected [ 72.875729][ T7203] [ 72.875730][ T7203] Memory state around the buggy address: [ 72.875733][ T7203] ffff0000ded3db00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 72.875736][ T7203] ffff0000ded3db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.875739][ T7203] >ffff0000ded3dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.875742][ T7203] ^ [ 72.875745][ T7203] ffff0000ded3dc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.875748][ T7203] ffff0000ded3dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 72.875750][ T7203] ================================================================== [ 72.875754][ T7203] Disabling lock debugging due to kernel taint [ 72.875765][ T7203] Unable to handle kernel paging request at virtual address 004ac07e2000038d [ 72.875769][ T7203] Mem abort info: [ 72.875771][ T7203] ESR = 0x0000000096000004 [ 72.875775][ T7203] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.875778][ T7203] SET = 0, FnV = 0 [ 72.875781][ T7203] EA = 0, S1PTW = 0 [ 72.875784][ T7203] FSC = 0x04: level 0 translation fault [ 72.875787][ T7203] Data abort info: [ 72.875789][ T7203] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 72.875792][ T7203] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 72.875796][ T7203] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 72.875800][ T7203] [004ac07e2000038d] address between user and kernel address ranges [ 72.875804][ T7203] Internal error: Oops: 0000000096000004 [#1] SMP [ 72.976293][ T7203] Modules linked in: [ 72.976877][ T7203] CPU: 0 UID: 0 PID: 7203 Comm: syz.0.17 Tainted: G B syzkaller #0 PREEMPT [ 72.978439][ T7203] Tainted: [B]=BAD_PAGE [ 72.978977][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 72.980433][ T7203] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 72.981689][ T7203] pc : qfq_reset_qdisc+0xbc/0x208 [ 72.982454][ T7203] lr : qfq_reset_qdisc+0x158/0x208 [ 72.983235][ T7203] sp : ffff8000a0fa77c0 [ 72.983814][ T7203] x29: ffff8000a0fa77d0 x28: 0000000000000000 x27: 1fffe0001a92085a [ 72.985039][ T7203] x26: 004b407e2000038d x25: dfff800000000000 x24: 0000000000000000 [ 72.986264][ T7203] x23: 025a03f100001c6c x22: 025a03f100001c1c x21: ffff0000d49042d0 [ 72.987470][ T7203] x20: ffff0000d49042d8 x19: ffff0000d4904000 x18: 1fffe000337db690 [ 72.988654][ T7203] x17: 3d3d3d3d3d3d3d3d x16: ffff800082deb6c0 x15: 0000000000000001 [ 72.989858][ T7203] x14: 1ffff0001250ae08 x13: 0000000000000000 x12: 0000000000000000 [ 72.991040][ T7203] x11: ffff70001250ae09 x10: 0000000000ff0100 x9 : 0000000000000000 [ 72.992302][ T7203] x8 : ffff0000d5713d80 x7 : 0000000000000001 x6 : ffff800080564a40 [ 72.993539][ T7203] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008936e214 [ 72.994758][ T7203] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 72.996027][ T7203] Call trace: [ 72.996555][ T7203] qfq_reset_qdisc+0xbc/0x208 (P) [ 72.997335][ T7203] qdisc_reset+0x128/0x598 [ 72.998017][ T7203] __qdisc_destroy+0x134/0x4bc [ 72.998788][ T7203] dev_shutdown+0x35c/0x47c [ 72.999563][ T7203] unregister_netdevice_many_notify+0xec0/0x20e8 [ 73.000679][ T7203] unregister_netdevice_queue+0x2b4/0x300 [ 73.001604][ T7203] __tun_detach+0x5d4/0x1304 [ 73.002316][ T7203] tun_chr_close+0x118/0x1f8 [ 73.003027][ T7203] __fput+0x340/0x75c [ 73.003607][ T7203] ____fput+0x20/0x58 [ 73.004231][ T7203] task_work_run+0x1dc/0x260 [ 73.004993][ T7203] exit_to_user_mode_loop+0xfc/0x178 [ 73.005811][ T7203] el0_svc+0x170/0x254 [ 73.006434][ T7203] el0t_64_sync_handler+0x84/0x12c [ 73.007226][ T7203] el0t_64_sync+0x198/0x19c [ 73.007884][ T7203] Code: d1002116 b4000656 910142d7 d343fefa (38796b48) [ 73.008891][ T7203] ---[ end trace 0000000000000000 ]--- [ 73.329059][ T7203] Kernel panic - not syncing: Oops: Fatal exception [ 73.329991][ T7203] SMP: stopping secondary CPUs [ 73.330768][ T7203] Kernel Offset: disabled [ 73.331394][ T7203] CPU features: 0x100000,0001e000,42702281,5427fea7 [ 73.332318][ T7203] Memory Limit: none [ 73.645423][ T7203] Rebooting in 86400 seconds..