Warning: Permanently added '10.128.1.71' (ED25519) to the list of known hosts.
1970/01/01 00:00:31 parsed 1 programs
[   32.604431][ T4324] cgroup: Unknown subsys name 'net'
[   32.828159][ T4324] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   33.089366][ T4324] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   39.453727][ T4334] chnl_net:caif_netlink_parms(): no params data found
[   39.473018][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.474247][ T4334] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.476675][ T4334] device bridge_slave_0 entered promiscuous mode
[   39.479006][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.480081][ T4334] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.481527][ T4334] device bridge_slave_1 entered promiscuous mode
[   39.489162][ T4334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.491693][ T4334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.499649][ T4334] team0: Port device team_slave_0 added
[   39.501503][ T4334] team0: Port device team_slave_1 added
[   39.507715][ T4334] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.508730][ T4334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.512323][ T4334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.514775][ T4334] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.516240][ T4334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.520086][ T4334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.596679][ T4334] device hsr_slave_0 entered promiscuous mode
[   39.645760][ T4334] device hsr_slave_1 entered promiscuous mode
[   39.728698][ T4334] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   39.767157][ T4334] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   39.817343][ T4334] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   39.856810][ T4334] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   39.904254][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.905545][ T4334] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.906921][ T4334] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.908106][ T4334] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.924821][ T4334] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.929144][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.931707][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.933574][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.935285][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   39.940318][ T4334] 8021q: adding VLAN 0 to HW filter on device team0
[   39.943371][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.944893][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.946061][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.948891][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.950320][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.951429][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.958133][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   39.959678][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   39.962587][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   39.965327][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.969522][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.972132][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   40.023961][ T4334] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.026228][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   40.027457][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   40.033164][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   40.039835][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   40.041418][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   40.042887][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   40.045123][ T4334] device veth0_vlan entered promiscuous mode
[   40.048873][ T4334] device veth1_vlan entered promiscuous mode
[   40.056714][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   40.058120][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   40.059685][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   40.062096][ T4334] device veth0_macvtap entered promiscuous mode
[   40.064355][ T4334] device veth1_macvtap entered promiscuous mode
[   40.070556][ T4334] batman_adv: batadv0: Interface activated: batadv_slave_0
[   40.071771][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   40.073760][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   40.077215][ T4334] batman_adv: batadv0: Interface activated: batadv_slave_1
[   40.078500][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   40.081148][ T4334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.082459][ T4334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.083775][ T4334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.085110][ T4334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.446914][    T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.919570][ T4386] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   40.920999][ T4386] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   40.922276][ T4386] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   40.923699][ T4386] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   40.924965][ T4386] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   40.927059][ T4386] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   41.103214][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.104534][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.111681][  T530] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   41.124067][ T4396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.125416][ T4396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.127888][  T530] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:00:41 executed programs: 0
[   41.745346][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   41.747169][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   41.748860][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   41.750389][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   41.752320][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   41.753532][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   41.803195][ T4421] chnl_net:caif_netlink_parms(): no params data found
[   41.818679][ T4421] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.819873][ T4421] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.821371][ T4421] device bridge_slave_0 entered promiscuous mode
[   41.823303][ T4421] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.824476][ T4421] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.826629][ T4421] device bridge_slave_1 entered promiscuous mode
[   41.834332][ T4421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   41.837427][ T4421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   41.845983][ T4421] team0: Port device team_slave_0 added
[   41.847929][ T4421] team0: Port device team_slave_1 added
[   41.854334][ T4421] batman_adv: batadv0: Adding interface: batadv_slave_0
[   41.855460][ T4421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.859509][ T4421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   41.861824][ T4421] batman_adv: batadv0: Adding interface: batadv_slave_1
[   41.862895][ T4421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.866952][ T4421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   41.916504][ T4421] device hsr_slave_0 entered promiscuous mode
[   41.955708][ T4421] device hsr_slave_1 entered promiscuous mode
[   42.005596][ T4421] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   42.006809][ T4421] Cannot create hsr debugfs directory
[   43.336614][    T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.835999][   T47] Bluetooth: hci0: command 0x0409 tx timeout
[   45.915663][   T47] Bluetooth: hci0: command 0x041b tx timeout
[   45.997316][    T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.087622][    T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   47.017569][ T4421] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   47.118247][ T4421] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   47.197672][ T4421] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   47.246672][ T4421] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.388506][ T4421] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.391971][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   47.393428][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   47.396329][ T4421] 8021q: adding VLAN 0 to HW filter on device team0
[   47.458341][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.460097][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   47.461892][  T250] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.462973][  T250] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.464579][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   47.468290][  T530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   47.469965][  T530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   47.471480][  T530] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.472559][  T530] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.475205][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   47.478480][  T530] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   47.481191][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   47.483176][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.484786][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   47.488883][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   47.490589][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.493134][  T530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   47.494658][  T530] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   47.498591][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   47.500991][  T250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   47.506220][    T9] device hsr_slave_0 left promiscuous mode
[   47.535573][    T9] device hsr_slave_1 left promiscuous mode
[   47.625584][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   47.626815][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[   47.628465][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   47.629572][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[   47.631005][    T9] device bridge_slave_1 left promiscuous mode
[   47.631943][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.686342][    T9] device bridge_slave_0 left promiscuous mode
[   47.687350][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.805735][    T9] device veth1_macvtap left promiscuous mode
[   47.806815][    T9] device veth0_macvtap left promiscuous mode
[   47.807776][    T9] device veth1_vlan left promiscuous mode
[   47.808724][    T9] device veth0_vlan left promiscuous mode
[   47.995546][   T47] Bluetooth: hci0: command 0x040f tx timeout
[   49.616700][    T9] team0 (unregistering): Port device team_slave_1 removed
[   49.806935][    T9] team0 (unregistering): Port device team_slave_0 removed
[   50.015998][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   50.075555][   T47] Bluetooth: hci0: command 0x0419 tx timeout
[   50.226333][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   52.686366][    T9] bond0 (unregistering): Released all slaves
[   52.908926][ T4421] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   52.959085][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   52.960420][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   52.964519][ T4421] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.971199][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   52.973221][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.980513][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   52.982169][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.983689][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.984960][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.988174][ T4421] device veth0_vlan entered promiscuous mode
[   52.991095][ T4421] device veth1_vlan entered promiscuous mode
[   52.999322][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   53.000778][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   53.002251][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   53.003718][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   53.007231][ T4421] device veth0_macvtap entered promiscuous mode
[   53.009386][ T4421] device veth1_macvtap entered promiscuous mode
[   53.013874][ T4421] batman_adv: batadv0: Interface activated: batadv_slave_0
[   53.015046][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   53.018984][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   53.020445][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   53.022017][ T4396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   53.024738][ T4421] batman_adv: batadv0: Interface activated: batadv_slave_1
[   53.026063][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   53.027645][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   53.030420][ T4421] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   53.031699][ T4421] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   53.033005][ T4421] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   53.034237][ T4421] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   53.056525][ T4511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.057857][ T4511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   53.059471][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   53.067857][ T4396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   53.069017][ T4396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   53.070827][ T4511] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   53.117952][ T4518] FAULT_INJECTION: forcing a failure.
[   53.117952][ T4518] name failslab, interval 1, probability 0, space 0, times 1
[   53.119965][ T4518] CPU: 1 PID: 4518 Comm: syz.0.17 Not tainted syzkaller #0
[   53.121110][ T4518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   53.122664][ T4518] Call trace:
[   53.123201][ T4518]  dump_backtrace+0x1c8/0x1f4
[   53.123875][ T4518]  show_stack+0x2c/0x3c
[   53.124467][ T4518]  __dump_stack+0x30/0x40
[   53.125129][ T4518]  dump_stack_lvl+0xf8/0x160
[   53.125813][ T4518]  dump_stack+0x1c/0x5c
[   53.126472][ T4518]  should_fail_ex+0x3c4/0x520
[   53.127180][ T4518]  __should_failslab+0xc0/0x120
[   53.127907][ T4518]  should_failslab+0x10/0x28
[   53.128638][ T4518]  __kmem_cache_alloc_node+0x7c/0x320
[   53.129435][ T4518]  kmalloc_trace+0x48/0x94
[   53.130107][ T4518]  qfq_change_class+0x6d8/0xa68
[   53.130840][ T4518]  tc_ctl_tclass+0x840/0xb34
[   53.131576][ T4518]  rtnetlink_rcv_msg+0x734/0xce4
[   53.132408][ T4518]  netlink_rcv_skb+0x208/0x3c4
[   53.133102][ T4518]  rtnetlink_rcv+0x28/0x38
[   53.133751][ T4518]  netlink_unicast+0x60c/0x824
[   53.134454][ T4518]  netlink_sendmsg+0x6e8/0x9b0
[   53.135175][ T4518]  ____sys_sendmsg+0x5b8/0x918
[   53.135930][ T4518]  __sys_sendmsg+0x25c/0x320
[   53.136562][ T4518]  __arm64_sys_sendmsg+0x80/0x94
[   53.137295][ T4518]  invoke_syscall+0x98/0x2bc
[   53.137990][ T4518]  el0_svc_common+0x138/0x258
[   53.138755][ T4518]  do_el0_svc+0x58/0x13c
[   53.139416][ T4518]  el0_svc+0x58/0x138
[   53.140030][ T4518]  el0t_64_sync_handler+0x84/0xf0
[   53.140759][ T4518]  el0t_64_sync+0x18c/0x190
[   53.178737][ T4518] ==================================================================
[   53.180029][ T4518] BUG: KASAN: use-after-free in qfq_reset_qdisc+0xcc/0x208
[   53.181327][ T4518] Read of size 8 at addr ffff0000c45fad50 by task syz.0.17/4518
[   53.182561][ T4518] 
[   53.182887][ T4518] CPU: 0 PID: 4518 Comm: syz.0.17 Not tainted syzkaller #0
[   53.184030][ T4518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   53.185549][ T4518] Call trace:
[   53.186036][ T4518]  dump_backtrace+0x1c8/0x1f4
[   53.186856][ T4518]  show_stack+0x2c/0x3c
[   53.187474][ T4518]  __dump_stack+0x30/0x40
[   53.188175][ T4518]  dump_stack_lvl+0xf8/0x160
[   53.188840][ T4518]  print_address_description+0x88/0x218
[   53.189718][ T4518]  print_report+0x50/0x68
[   53.190346][ T4518]  kasan_report+0xa8/0x100
[   53.191043][ T4518]  __asan_report_load8_noabort+0x2c/0x38
[   53.191880][ T4518]  qfq_reset_qdisc+0xcc/0x208
[   53.192524][ T4518]  qdisc_reset+0x134/0x604
[   53.193158][ T4518]  __qdisc_destroy+0x100/0x500
[   53.193918][ T4518]  dev_shutdown+0x35c/0x47c
[   53.194548][ T4518]  unregister_netdevice_many+0x944/0x1740
[   53.195404][ T4518]  unregister_netdevice_queue+0x2ac/0x2f8
[   53.196282][ T4518]  __tun_detach+0xb04/0x122c
[   53.196963][ T4518]  tun_chr_close+0x118/0x1f8
[   53.197675][ T4518]  __fput+0x1bc/0x7c0
[   53.198268][ T4518]  ____fput+0x20/0x30
[   53.198867][ T4518]  task_work_run+0x1ec/0x270
[   53.199642][ T4518]  do_notify_resume+0x2038/0x2b28
[   53.200415][ T4518]  el0_svc+0x98/0x138
[   53.201046][ T4518]  el0t_64_sync_handler+0x84/0xf0
[   53.201809][ T4518]  el0t_64_sync+0x18c/0x190
[   53.202472][ T4518] 
[   53.202818][ T4518] Allocated by task 4518:
[   53.203449][ T4518]  kasan_set_track+0x4c/0x80
[   53.204158][ T4518]  kasan_save_alloc_info+0x28/0x34
[   53.204925][ T4518]  __kasan_kmalloc+0xa0/0xb8
[   53.205626][ T4518]  kmalloc_trace+0x7c/0x94
[   53.206274][ T4518]  qfq_change_class+0x358/0xa68
[   53.207020][ T4518]  tc_ctl_tclass+0x840/0xb34
[   53.207725][ T4518]  rtnetlink_rcv_msg+0x734/0xce4
[   53.208455][ T4518]  netlink_rcv_skb+0x208/0x3c4
[   53.209245][ T4518]  rtnetlink_rcv+0x28/0x38
[   53.209908][ T4518]  netlink_unicast+0x60c/0x824
[   53.210728][ T4518]  netlink_sendmsg+0x6e8/0x9b0
[   53.211473][ T4518]  ____sys_sendmsg+0x5b8/0x918
[   53.212253][ T4518]  __sys_sendmsg+0x25c/0x320
[   53.213025][ T4518]  __arm64_sys_sendmsg+0x80/0x94
[   53.213779][ T4518]  invoke_syscall+0x98/0x2bc
[   53.214462][ T4518]  el0_svc_common+0x138/0x258
[   53.215143][ T4518]  do_el0_svc+0x58/0x13c
[   53.215850][ T4518]  el0_svc+0x58/0x138
[   53.216466][ T4518]  el0t_64_sync_handler+0x84/0xf0
[   53.217217][ T4518]  el0t_64_sync+0x18c/0x190
[   53.217960][ T4518] 
[   53.218310][ T4518] Freed by task 4518:
[   53.218914][ T4518]  kasan_set_track+0x4c/0x80
[   53.219566][ T4518]  kasan_save_free_info+0x3c/0x60
[   53.220317][ T4518]  ____kasan_slab_free+0x148/0x1b0
[   53.221020][ T4518]  __kasan_slab_free+0x18/0x28
[   53.221677][ T4518]  slab_free_freelist_hook+0x16c/0x1ec
[   53.222506][ T4518]  __kmem_cache_free+0xc0/0x224
[   53.223186][ T4518]  kfree+0xd0/0x1ac
[   53.223882][ T4518]  qfq_change_class+0x818/0xa68
[   53.224663][ T4518]  tc_ctl_tclass+0x840/0xb34
[   53.225372][ T4518]  rtnetlink_rcv_msg+0x734/0xce4
[   53.226186][ T4518]  netlink_rcv_skb+0x208/0x3c4
[   53.226925][ T4518]  rtnetlink_rcv+0x28/0x38
[   53.227618][ T4518]  netlink_unicast+0x60c/0x824
[   53.228342][ T4518]  netlink_sendmsg+0x6e8/0x9b0
[   53.229077][ T4518]  ____sys_sendmsg+0x5b8/0x918
[   53.229767][ T4518]  __sys_sendmsg+0x25c/0x320
[   53.230484][ T4518]  __arm64_sys_sendmsg+0x80/0x94
[   53.231216][ T4518]  invoke_syscall+0x98/0x2bc
[   53.231881][ T4518]  el0_svc_common+0x138/0x258
[   53.232588][ T4518]  do_el0_svc+0x58/0x13c
[   53.233231][ T4518]  el0_svc+0x58/0x138
[   53.233913][ T4518]  el0t_64_sync_handler+0x84/0xf0
[   53.234653][ T4518]  el0t_64_sync+0x18c/0x190
[   53.235313][ T4518] 
[   53.235666][ T4518] The buggy address belongs to the object at ffff0000c45fad00
[   53.235666][ T4518]  which belongs to the cache kmalloc-128 of size 128
[   53.237662][ T4518] The buggy address is located 80 bytes inside of
[   53.237662][ T4518]  128-byte region [ffff0000c45fad00, ffff0000c45fad80)
[   53.239580][ T4518] 
[   53.239883][ T4518] The buggy address belongs to the physical page:
[   53.240866][ T4518] page:000000002f5cf160 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045fa
[   53.242374][ T4518] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   53.243515][ T4518] raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c0002300
[   53.244755][ T4518] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   53.245975][ T4518] page dumped because: kasan: bad access detected
[   53.246898][ T4518] 
[   53.247224][ T4518] Memory state around the buggy address:
[   53.248037][ T4518]  ffff0000c45fac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.249448][ T4518]  ffff0000c45fac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.250673][ T4518] >ffff0000c45fad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.251919][ T4518]                                                  ^
[   53.253010][ T4518]  ffff0000c45fad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.254268][ T4518]  ffff0000c45fae00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   53.255505][ T4518] ==================================================================
[   53.257327][ T4518] Disabling lock debugging due to kernel taint
[   53.258240][ T4518] Unable to handle kernel paging request at virtual address e0e500762000023d
[   53.259542][ T4518] KASAN: maybe wild-memory-access in range [0x072c03b1000011e8-0x072c03b1000011ef]
[   53.260982][ T4518] Mem abort info:
[   53.261517][ T4518]   ESR = 0x0000000096000004
[   53.262227][ T4518]   EC = 0x25: DABT (current EL), IL = 32 bits
[   53.263186][ T4518]   SET = 0, FnV = 0
[   53.263837][ T4518]   EA = 0, S1PTW = 0
[   53.264418][ T4518]   FSC = 0x04: level 0 translation fault
[   53.265262][ T4518] Data abort info:
[   53.265804][ T4518]   ISV = 0, ISS = 0x00000004
[   53.266493][ T4518]   CM = 0, WnR = 0
[   53.267044][ T4518] [e0e500762000023d] address between user and kernel address ranges
[   53.268285][ T4518] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[   53.269370][ T4518] Modules linked in:
[   53.269933][ T4518] CPU: 0 PID: 4518 Comm: syz.0.17 Tainted: G    B              syzkaller #0
[   53.271223][ T4518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   53.272758][ T4518] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[   53.273960][ T4518] pc : qfq_reset_qdisc+0xbc/0x208
[   53.274678][ T4518] lr : qfq_reset_qdisc+0x158/0x208
[   53.275422][ T4518] sp : ffff8000213275a0
[   53.276075][ T4518] x29: ffff8000213275b0 x28: 0000000000000000 x27: 1fffe0001bc2885a
[   53.277422][ T4518] x26: 00e580762000023d x25: dfff800000000000 x24: 0000000000000000
[   53.278759][ T4518] x23: 072c03b1000011ee x22: 072c03b10000119e x21: ffff0000de1442d0
[   53.279972][ T4518] x20: ffff0000de1442d8 x19: ffff0000de144000 x18: ffff800011a5bd40
[   53.281232][ T4518] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000
[   53.282464][ T4518] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
[   53.283802][ T4518] x11: ff0080000ff41dac x10: 0000000000000000 x9 : ffff80000ff41dac
[   53.284980][ T4518] x8 : ffff0000d337b780 x7 : 0000000000000001 x6 : 0000000000000001
[   53.286177][ T4518] x5 : ffff800021326f78 x4 : ffff800015134e00 x3 : ffff80000ff41d98
[   53.287466][ T4518] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000
[   53.288794][ T4518] Call trace:
[   53.289277][ T4518]  qfq_reset_qdisc+0xbc/0x208
[   53.290000][ T4518]  qdisc_reset+0x134/0x604
[   53.290726][ T4518]  __qdisc_destroy+0x100/0x500
[   53.291430][ T4518]  dev_shutdown+0x35c/0x47c
[   53.292161][ T4518]  unregister_netdevice_many+0x944/0x1740
[   53.293040][ T4518]  unregister_netdevice_queue+0x2ac/0x2f8
[   53.293890][ T4518]  __tun_detach+0xb04/0x122c
[   53.294581][ T4518]  tun_chr_close+0x118/0x1f8
[   53.295291][ T4518]  __fput+0x1bc/0x7c0
[   53.295956][ T4518]  ____fput+0x20/0x30
[   53.296548][ T4518]  task_work_run+0x1ec/0x270
[   53.297257][ T4518]  do_notify_resume+0x2038/0x2b28
[   53.297991][ T4518]  el0_svc+0x98/0x138
[   53.298574][ T4518]  el0t_64_sync_handler+0x84/0xf0
[   53.299256][ T4518]  el0t_64_sync+0x18c/0x190
[   53.299978][ T4518] Code: d1002116 b4000656 910142d7 d343fefa (38796b48) 
[   53.301067][ T4518] ---[ end trace 0000000000000000 ]---
[   53.488855][ T4518] Kernel panic - not syncing: Oops: Fatal exception
[   53.489819][ T4518] SMP: stopping secondary CPUs
[   53.490592][ T4518] Kernel Offset: disabled
[   53.491219][ T4518] CPU features: 0x080000,000f0097,a65bfea7
[   53.492093][ T4518] Memory Limit: none
[   53.675889][ T4518] Rebooting in 86400 seconds..