Warning: Permanently added '10.128.1.46' (ED25519) to the list of known hosts. 1970/01/01 00:00:27 parsed 1 programs [ 28.928643][ T4326] cgroup: Unknown subsys name 'net' [ 29.188114][ T4326] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 29.509225][ T4326] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 33.982197][ T1877] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.983430][ T1877] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.984977][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 33.992758][ T1601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 33.993955][ T1601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 33.995747][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 34.360850][ T4363] chnl_net:caif_netlink_parms(): no params data found [ 34.381311][ T4363] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.382445][ T4363] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.383953][ T4363] device bridge_slave_0 entered promiscuous mode [ 34.386482][ T4363] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.387592][ T4363] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.389137][ T4363] device bridge_slave_1 entered promiscuous mode [ 34.397427][ T4363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.399732][ T4363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.406496][ T4363] team0: Port device team_slave_0 added [ 34.408258][ T4363] team0: Port device team_slave_1 added [ 34.414931][ T4363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.416442][ T4363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.420316][ T4363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.422884][ T4363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.423903][ T4363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.427920][ T4363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.476639][ T4363] device hsr_slave_0 entered promiscuous mode [ 34.516348][ T4363] device hsr_slave_1 entered promiscuous mode [ 34.599955][ T4363] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 34.617324][ T4363] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 34.698637][ T4363] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 34.737185][ T4363] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 34.855992][ T4363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.859594][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.861514][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.864208][ T4363] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.869924][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.871582][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.873402][ T1601] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.874528][ T1601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.876901][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 34.880279][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.881785][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.883286][ T1601] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.884414][ T1601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.890194][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 34.891880][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 34.893397][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 34.895208][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.897055][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.899316][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 34.901055][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.904252][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 34.906558][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.911033][ T4363] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.913099][ T4363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.914578][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 34.916484][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.969790][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.971046][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.974557][ T4363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.980838][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.982360][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.990130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.991726][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.993597][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.994864][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.997740][ T4363] device veth0_vlan entered promiscuous mode [ 35.000735][ T4363] device veth1_vlan entered promiscuous mode [ 35.007386][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.008867][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.010339][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.011870][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.014476][ T4363] device veth0_macvtap entered promiscuous mode [ 35.019907][ T4363] device veth1_macvtap entered promiscuous mode [ 35.025048][ T4363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.027154][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.028633][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.030021][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.031416][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.033797][ T4363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.034997][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.037823][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.040390][ T4363] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.041664][ T4363] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.043004][ T4363] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.044282][ T4363] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.152193][ T4402] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 35.153647][ T4402] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 35.154839][ T4402] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 35.157510][ T4402] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 35.159091][ T4402] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 35.160360][ T4402] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:35 executed programs: 0 [ 35.780426][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 35.782140][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 35.783366][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 35.784757][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 35.786532][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 35.787844][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 35.978530][ T4426] chnl_net:caif_netlink_parms(): no params data found [ 35.993575][ T4426] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.994731][ T4426] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.997422][ T4426] device bridge_slave_0 entered promiscuous mode [ 36.057368][ T4426] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.058588][ T4426] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.060756][ T4426] device bridge_slave_1 entered promiscuous mode [ 36.068269][ T4426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.070801][ T4426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.079591][ T4426] team0: Port device team_slave_0 added [ 36.081293][ T4426] team0: Port device team_slave_1 added [ 36.087273][ T4426] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.088417][ T4426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.092226][ T4426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.094466][ T4426] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.095512][ T4426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.099356][ T4426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.446606][ T4426] device hsr_slave_0 entered promiscuous mode [ 36.495664][ T4426] device hsr_slave_1 entered promiscuous mode [ 36.535605][ T4426] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 36.536841][ T4426] Cannot create hsr debugfs directory [ 36.766752][ T4426] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 37.845807][ T4402] Bluetooth: hci0: command 0x0409 tx timeout [ 39.925831][ T47] Bluetooth: hci0: command 0x041b tx timeout [ 40.076673][ T4426] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.787339][ T4426] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.937203][ T4426] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.137565][ T4426] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 41.187254][ T4426] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 41.267307][ T4426] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 41.357274][ T4426] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 41.405360][ T4426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.480014][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.481874][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.484327][ T4426] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.486652][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.488106][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.489479][ T207] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.490654][ T207] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.492051][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.494175][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.496174][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.497658][ T1601] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.498643][ T1601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.501190][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 41.503659][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 41.506413][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 41.508453][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.509957][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.512292][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 41.513820][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.557986][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.559592][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.561639][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.563052][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.565172][ T4426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.630083][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.631221][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.634340][ T4426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.639899][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.641564][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.646723][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.648199][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.649776][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.651043][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.652645][ T4426] device veth0_vlan entered promiscuous mode [ 41.656745][ T4426] device veth1_vlan entered promiscuous mode [ 41.662888][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.664357][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.667015][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.668480][ T1601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.670758][ T4426] device veth0_macvtap entered promiscuous mode [ 41.672984][ T4426] device veth1_macvtap entered promiscuous mode [ 41.719887][ T4426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.721598][ T4426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.723403][ T4426] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.724534][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.726544][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.727947][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.729400][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.732413][ T4426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.733905][ T4426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.735849][ T4426] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.737006][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.738561][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.740938][ T4426] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.742234][ T4426] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.743512][ T4426] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.744776][ T4426] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.761351][ T207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.762848][ T207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.766551][ T11] device hsr_slave_0 left promiscuous mode [ 41.786358][ T11] device hsr_slave_1 left promiscuous mode [ 41.915622][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 41.916776][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 41.918418][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 41.919491][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 41.920793][ T11] device bridge_slave_1 left promiscuous mode [ 41.922214][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.976140][ T11] device bridge_slave_0 left promiscuous mode [ 41.977228][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.995549][ T47] Bluetooth: hci0: command 0x040f tx timeout [ 42.095729][ T11] device veth1_macvtap left promiscuous mode [ 42.096751][ T11] device veth0_macvtap left promiscuous mode [ 42.097637][ T11] device veth1_vlan left promiscuous mode [ 42.098505][ T11] device veth0_vlan left promiscuous mode [ 43.796775][ T11] team0 (unregistering): Port device team_slave_1 removed [ 44.016053][ T11] team0 (unregistering): Port device team_slave_0 removed [ 44.075528][ T47] Bluetooth: hci0: command 0x0419 tx timeout [ 44.175917][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 44.395919][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 46.877205][ T11] bond0 (unregistering): Released all slaves [ 47.078271][ T207] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 47.090501][ T1877] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.091792][ T1877] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.093478][ T1877] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 47.137903][ T4461] FAULT_INJECTION: forcing a failure. [ 47.137903][ T4461] name failslab, interval 1, probability 0, space 0, times 1 [ 47.139914][ T4461] CPU: 0 PID: 4461 Comm: syz.0.17 Not tainted syzkaller #0 [ 47.141032][ T4461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 47.142585][ T4461] Call trace: [ 47.143121][ T4461] dump_backtrace+0x1c8/0x1f4 [ 47.143863][ T4461] show_stack+0x2c/0x3c [ 47.144489][ T4461] __dump_stack+0x30/0x40 [ 47.145158][ T4461] dump_stack_lvl+0xf8/0x160 [ 47.145863][ T4461] dump_stack+0x1c/0x5c [ 47.146509][ T4461] should_fail_ex+0x3c4/0x520 [ 47.147253][ T4461] __should_failslab+0xc0/0x120 [ 47.148001][ T4461] should_failslab+0x10/0x28 [ 47.148678][ T4461] __kmem_cache_alloc_node+0x7c/0x320 [ 47.149444][ T4461] kmalloc_trace+0x48/0x94 [ 47.150068][ T4461] qfq_change_class+0x6d8/0xa68 [ 47.150764][ T4461] tc_ctl_tclass+0x840/0xb34 [ 47.151413][ T4461] rtnetlink_rcv_msg+0x734/0xce4 [ 47.152110][ T4461] netlink_rcv_skb+0x208/0x3c4 [ 47.152786][ T4461] rtnetlink_rcv+0x28/0x38 [ 47.153412][ T4461] netlink_unicast+0x60c/0x824 [ 47.154099][ T4461] netlink_sendmsg+0x6e8/0x9b0 [ 47.154790][ T4461] ____sys_sendmsg+0x5b8/0x918 [ 47.155488][ T4461] __sys_sendmsg+0x25c/0x320 [ 47.156157][ T4461] __arm64_sys_sendmsg+0x80/0x94 [ 47.156853][ T4461] invoke_syscall+0x98/0x2bc [ 47.157531][ T4461] el0_svc_common+0x138/0x258 [ 47.158188][ T4461] do_el0_svc+0x58/0x13c [ 47.158761][ T4461] el0_svc+0x58/0x138 [ 47.159296][ T4461] el0t_64_sync_handler+0x84/0xf0 [ 47.159972][ T4461] el0t_64_sync+0x18c/0x190 [ 47.196876][ T4461] ================================================================== [ 47.198082][ T4461] BUG: KASAN: use-after-free in qfq_reset_qdisc+0xcc/0x208 [ 47.199120][ T4461] Read of size 8 at addr ffff0000c3d30950 by task syz.0.17/4461 [ 47.200162][ T4461] [ 47.200482][ T4461] CPU: 1 PID: 4461 Comm: syz.0.17 Not tainted syzkaller #0 [ 47.201459][ T4461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 47.202832][ T4461] Call trace: [ 47.203282][ T4461] dump_backtrace+0x1c8/0x1f4 [ 47.203921][ T4461] show_stack+0x2c/0x3c [ 47.204513][ T4461] __dump_stack+0x30/0x40 [ 47.205094][ T4461] dump_stack_lvl+0xf8/0x160 [ 47.205732][ T4461] print_address_description+0x88/0x218 [ 47.206585][ T4461] print_report+0x50/0x68 [ 47.207267][ T4461] kasan_report+0xa8/0x100 [ 47.207917][ T4461] __asan_report_load8_noabort+0x2c/0x38 [ 47.208759][ T4461] qfq_reset_qdisc+0xcc/0x208 [ 47.209462][ T4461] qdisc_reset+0x134/0x604 [ 47.210123][ T4461] __qdisc_destroy+0x100/0x500 [ 47.210826][ T4461] dev_shutdown+0x35c/0x47c [ 47.211480][ T4461] unregister_netdevice_many+0x944/0x1740 [ 47.212279][ T4461] unregister_netdevice_queue+0x2ac/0x2f8 [ 47.213119][ T4461] __tun_detach+0xb04/0x122c [ 47.213771][ T4461] tun_chr_close+0x118/0x1f8 [ 47.214430][ T4461] __fput+0x1bc/0x7c0 [ 47.214999][ T4461] ____fput+0x20/0x30 [ 47.215576][ T4461] task_work_run+0x1ec/0x270 [ 47.216236][ T4461] do_notify_resume+0x2038/0x2b28 [ 47.216951][ T4461] el0_svc+0x98/0x138 [ 47.217509][ T4461] el0t_64_sync_handler+0x84/0xf0 [ 47.218189][ T4461] el0t_64_sync+0x18c/0x190 [ 47.218799][ T4461] [ 47.219109][ T4461] Allocated by task 4461: [ 47.219689][ T4461] kasan_set_track+0x4c/0x80 [ 47.220324][ T4461] kasan_save_alloc_info+0x28/0x34 [ 47.221042][ T4461] __kasan_kmalloc+0xa0/0xb8 [ 47.221662][ T4461] kmalloc_trace+0x7c/0x94 [ 47.222278][ T4461] qfq_change_class+0x358/0xa68 [ 47.222950][ T4461] tc_ctl_tclass+0x840/0xb34 [ 47.223575][ T4461] rtnetlink_rcv_msg+0x734/0xce4 [ 47.224258][ T4461] netlink_rcv_skb+0x208/0x3c4 [ 47.224915][ T4461] rtnetlink_rcv+0x28/0x38 [ 47.225516][ T4461] netlink_unicast+0x60c/0x824 [ 47.226170][ T4461] netlink_sendmsg+0x6e8/0x9b0 [ 47.226872][ T4461] ____sys_sendmsg+0x5b8/0x918 [ 47.227482][ T4461] __sys_sendmsg+0x25c/0x320 [ 47.228084][ T4461] __arm64_sys_sendmsg+0x80/0x94 [ 47.228732][ T4461] invoke_syscall+0x98/0x2bc [ 47.229352][ T4461] el0_svc_common+0x138/0x258 [ 47.229991][ T4461] do_el0_svc+0x58/0x13c [ 47.230559][ T4461] el0_svc+0x58/0x138 [ 47.231093][ T4461] el0t_64_sync_handler+0x84/0xf0 [ 47.231755][ T4461] el0t_64_sync+0x18c/0x190 [ 47.232389][ T4461] [ 47.232707][ T4461] Freed by task 4461: [ 47.233233][ T4461] kasan_set_track+0x4c/0x80 [ 47.233872][ T4461] kasan_save_free_info+0x3c/0x60 [ 47.234547][ T4461] ____kasan_slab_free+0x148/0x1b0 [ 47.235223][ T4461] __kasan_slab_free+0x18/0x28 [ 47.235869][ T4461] slab_free_freelist_hook+0x16c/0x1ec [ 47.236662][ T4461] __kmem_cache_free+0xc0/0x224 [ 47.237333][ T4461] kfree+0xd0/0x1ac [ 47.237885][ T4461] qfq_change_class+0x818/0xa68 [ 47.238575][ T4461] tc_ctl_tclass+0x840/0xb34 [ 47.239243][ T4461] rtnetlink_rcv_msg+0x734/0xce4 [ 47.239928][ T4461] netlink_rcv_skb+0x208/0x3c4 [ 47.240569][ T4461] rtnetlink_rcv+0x28/0x38 [ 47.241192][ T4461] netlink_unicast+0x60c/0x824 [ 47.241884][ T4461] netlink_sendmsg+0x6e8/0x9b0 [ 47.242532][ T4461] ____sys_sendmsg+0x5b8/0x918 [ 47.243214][ T4461] __sys_sendmsg+0x25c/0x320 [ 47.243859][ T4461] __arm64_sys_sendmsg+0x80/0x94 [ 47.244526][ T4461] invoke_syscall+0x98/0x2bc [ 47.245173][ T4461] el0_svc_common+0x138/0x258 [ 47.245841][ T4461] do_el0_svc+0x58/0x13c [ 47.246434][ T4461] el0_svc+0x58/0x138 [ 47.246970][ T4461] el0t_64_sync_handler+0x84/0xf0 [ 47.247644][ T4461] el0t_64_sync+0x18c/0x190 [ 47.248277][ T4461] [ 47.248603][ T4461] The buggy address belongs to the object at ffff0000c3d30900 [ 47.248603][ T4461] which belongs to the cache kmalloc-128 of size 128 [ 47.250483][ T4461] The buggy address is located 80 bytes inside of [ 47.250483][ T4461] 128-byte region [ffff0000c3d30900, ffff0000c3d30980) [ 47.252227][ T4461] [ 47.252552][ T4461] The buggy address belongs to the physical page: [ 47.253389][ T4461] page:00000000d705ecd5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103d30 [ 47.254710][ T4461] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 47.255816][ T4461] raw: 05ffc00000000200 0000000000000000 dead000000000001 ffff0000c0002300 [ 47.256965][ T4461] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 47.258103][ T4461] page dumped because: kasan: bad access detected [ 47.258957][ T4461] [ 47.259272][ T4461] Memory state around the buggy address: [ 47.260040][ T4461] ffff0000c3d30800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.261101][ T4461] ffff0000c3d30880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.262258][ T4461] >ffff0000c3d30900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.263351][ T4461] ^ [ 47.264269][ T4461] ffff0000c3d30980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.265372][ T4461] ffff0000c3d30a00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 47.266455][ T4461] ================================================================== [ 47.268411][ T4461] Disabling lock debugging due to kernel taint [ 47.269396][ T4461] Unable to handle kernel paging request at virtual address e0cf207540000236 [ 47.270669][ T4461] KASAN: maybe wild-memory-access in range [0x067d03aa000011b0-0x067d03aa000011b7] [ 47.272035][ T4461] Mem abort info: [ 47.272571][ T4461] ESR = 0x0000000096000004 [ 47.273216][ T4461] EC = 0x25: DABT (current EL), IL = 32 bits [ 47.274097][ T4461] SET = 0, FnV = 0 [ 47.274688][ T4461] EA = 0, S1PTW = 0 [ 47.275234][ T4461] FSC = 0x04: level 0 translation fault [ 47.276159][ T4461] Data abort info: [ 47.276698][ T4461] ISV = 0, ISS = 0x00000004 [ 47.277383][ T4461] CM = 0, WnR = 0 [ 47.277936][ T4461] [e0cf207540000236] address between user and kernel address ranges [ 47.279095][ T4461] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 47.280105][ T4461] Modules linked in: [ 47.280666][ T4461] CPU: 1 PID: 4461 Comm: syz.0.17 Tainted: G B syzkaller #0 [ 47.281856][ T4461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 [ 47.283187][ T4461] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 47.284281][ T4461] pc : qfq_reset_qdisc+0xbc/0x208 [ 47.284953][ T4461] lr : qfq_reset_qdisc+0x158/0x208 [ 47.285657][ T4461] sp : ffff8000212475a0 [ 47.286212][ T4461] x29: ffff8000212475b0 x28: 0000000000000000 x27: 1fffe00019f5305a [ 47.287303][ T4461] x26: 00cfa07540000236 x25: dfff800000000000 x24: 0000000000000000 [ 47.288400][ T4461] x23: 067d03aa000011b5 x22: 067d03aa00001165 x21: ffff0000cfa982d0 [ 47.289503][ T4461] x20: ffff0000cfa982d8 x19: ffff0000cfa98000 x18: ffff800011a5bd40 [ 47.290574][ T4461] x17: 1fffe00033eebd7e x16: ffff800008042d90 x15: ffff80001504d000 [ 47.291653][ T4461] x14: 0000000000000100 x13: 0000000000000120 x12: 0000000000ff0100 [ 47.292787][ T4461] x11: ff0080000ff41dac x10: 0000000000000000 x9 : ffff80000ff41dac [ 47.293928][ T4461] x8 : ffff0000deba3780 x7 : 0000000000000004 x6 : ffff8000082532dc [ 47.295049][ T4461] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000ff41d98 [ 47.296135][ T4461] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 47.297312][ T4461] Call trace: [ 47.297776][ T4461] qfq_reset_qdisc+0xbc/0x208 [ 47.298427][ T4461] qdisc_reset+0x134/0x604 [ 47.299056][ T4461] __qdisc_destroy+0x100/0x500 [ 47.299732][ T4461] dev_shutdown+0x35c/0x47c [ 47.300341][ T4461] unregister_netdevice_many+0x944/0x1740 [ 47.301130][ T4461] unregister_netdevice_queue+0x2ac/0x2f8 [ 47.301979][ T4461] __tun_detach+0xb04/0x122c [ 47.302627][ T4461] tun_chr_close+0x118/0x1f8 [ 47.303263][ T4461] __fput+0x1bc/0x7c0 [ 47.303809][ T4461] ____fput+0x20/0x30 [ 47.304321][ T4461] task_work_run+0x1ec/0x270 [ 47.304947][ T4461] do_notify_resume+0x2038/0x2b28 [ 47.305635][ T4461] el0_svc+0x98/0x138 [ 47.306182][ T4461] el0t_64_sync_handler+0x84/0xf0 [ 47.306868][ T4461] el0t_64_sync+0x18c/0x190 [ 47.307494][ T4461] Code: d1002116 b4000656 910142d7 d343fefa (38796b48) [ 47.308439][ T4461] ---[ end trace 0000000000000000 ]--- [ 47.485833][ T4461] Kernel panic - not syncing: Oops: Fatal exception [ 47.486724][ T4461] SMP: stopping secondary CPUs [ 47.487384][ T4461] Kernel Offset: disabled [ 47.487955][ T4461] CPU features: 0x080000,000f0097,a65bfea7 [ 47.488728][ T4461] Memory Limit: none [ 47.669360][ T4461] Rebooting in 86400 seconds..