Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts.
1970/01/01 00:00:25 parsed 1 programs
[   27.042242][ T4325] cgroup: Unknown subsys name 'net'
[   27.319528][ T4325] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   27.568836][ T4325] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   33.864705][ T4346] chnl_net:caif_netlink_parms(): no params data found
[   33.881476][ T4346] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.882683][ T4346] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.884159][ T4346] device bridge_slave_0 entered promiscuous mode
[   33.886484][ T4346] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.887680][ T4346] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.889022][ T4346] device bridge_slave_1 entered promiscuous mode
[   33.896052][ T4346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   33.898430][ T4346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   33.905464][ T4346] team0: Port device team_slave_0 added
[   33.907332][ T4346] team0: Port device team_slave_1 added
[   33.912772][ T4346] batman_adv: batadv0: Adding interface: batadv_slave_0
[   33.913864][ T4346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   33.918443][ T4346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   33.922494][ T4346] batman_adv: batadv0: Adding interface: batadv_slave_1
[   33.923592][ T4346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   33.927734][ T4346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   33.987666][ T4346] device hsr_slave_0 entered promiscuous mode
[   34.026902][ T4346] device hsr_slave_1 entered promiscuous mode
[   34.099738][ T4346] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   34.129120][ T4346] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   34.168622][ T4346] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   34.207604][ T4346] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   34.256808][ T4346] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.258112][ T4346] bridge0: port 2(bridge_slave_1) entered forwarding state
[   34.259388][ T4346] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.260487][ T4346] bridge0: port 1(bridge_slave_0) entered forwarding state
[   34.277982][ T4346] 8021q: adding VLAN 0 to HW filter on device bond0
[   34.282367][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.284416][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.286271][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.291739][ T4346] 8021q: adding VLAN 0 to HW filter on device team0
[   34.295062][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   34.296454][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.297666][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   34.302510][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   34.304089][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.305125][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   34.311613][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   34.313011][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   34.315745][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   34.319538][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   34.322039][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   34.324350][ T4346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   34.374095][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   34.375401][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   34.381157][ T4346] 8021q: adding VLAN 0 to HW filter on device batadv0
[   34.386844][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.393268][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.394947][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.396205][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.398509][ T4346] device veth0_vlan entered promiscuous mode
[   34.401847][ T4346] device veth1_vlan entered promiscuous mode
[   34.409483][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   34.410897][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   34.412316][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.414544][ T4346] device veth0_macvtap entered promiscuous mode
[   34.417077][ T4346] device veth1_macvtap entered promiscuous mode
[   34.422766][ T4346] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.424053][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.425933][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   34.429922][ T4346] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.431207][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.435111][ T4346] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.436491][ T4346] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.439138][ T4346] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.440500][ T4346] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.561604][ T1703] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.562835][ T1703] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.564833][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   34.571406][ T1703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.572692][ T1703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.574335][  T570] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   34.918268][   T39] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.169809][ T4387] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   35.171352][ T4387] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   35.172693][ T4387] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   35.174076][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   35.175562][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   35.177542][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
1970/01/01 00:00:35 executed programs: 0
[   35.871091][ T4387] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   35.872674][ T4387] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   35.874129][ T4387] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   35.875764][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   35.877526][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   35.878771][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   35.923301][ T4417] chnl_net:caif_netlink_parms(): no params data found
[   35.944921][ T4417] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.946043][ T4417] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.948242][ T4417] device bridge_slave_0 entered promiscuous mode
[   35.950141][ T4417] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.951157][ T4417] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.952600][ T4417] device bridge_slave_1 entered promiscuous mode
[   35.961511][ T4417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   35.963866][ T4417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   35.971459][ T4417] team0: Port device team_slave_0 added
[   35.973153][ T4417] team0: Port device team_slave_1 added
[   35.980546][ T4417] batman_adv: batadv0: Adding interface: batadv_slave_0
[   35.981560][ T4417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   35.985583][ T4417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   35.988107][ T4417] batman_adv: batadv0: Adding interface: batadv_slave_1
[   35.989215][ T4417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   35.993307][ T4417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.047608][ T4417] device hsr_slave_0 entered promiscuous mode
[   36.096869][ T4417] device hsr_slave_1 entered promiscuous mode
[   36.136666][ T4417] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.137968][ T4417] Cannot create hsr debugfs directory
[   37.447824][   T39] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   37.926821][ T4387] Bluetooth: hci0: command 0x0409 tx timeout
[   40.006657][ T4387] Bluetooth: hci0: command 0x041b tx timeout
[   40.009071][   T39] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.098489][   T39] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.150210][ T4417] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   41.250038][ T4417] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   41.287770][ T4417] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   41.337498][ T4417] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   41.450784][ T4417] 8021q: adding VLAN 0 to HW filter on device bond0
[   41.454224][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   41.455642][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.533613][ T4417] 8021q: adding VLAN 0 to HW filter on device team0
[   41.536274][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.538156][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.539638][ T1703] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.540936][ T1703] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.542389][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   41.545506][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   41.547386][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.549067][ T1703] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.550076][ T1703] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.552397][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   41.555039][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   41.557856][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   41.559297][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   41.560784][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   41.563189][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   41.564676][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   41.630173][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   41.631805][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.634232][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   41.635796][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.638316][ T4417] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   41.713111][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   41.714442][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   41.717670][ T4417] 8021q: adding VLAN 0 to HW filter on device batadv0
[   41.722849][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   41.724656][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.730937][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   41.732462][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.734135][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.735500][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.738014][ T4417] device veth0_vlan entered promiscuous mode
[   41.740996][ T4417] device veth1_vlan entered promiscuous mode
[   41.747067][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   41.748403][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   41.749847][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   41.751425][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.753731][ T4417] device veth0_macvtap entered promiscuous mode
[   41.755953][ T4417] device veth1_macvtap entered promiscuous mode
[   41.762333][ T4417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   41.764027][ T4417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   41.766048][ T4417] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.768039][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   41.769582][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   41.770998][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.772557][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.774615][ T4417] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   41.776236][ T4417] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   41.778407][ T4417] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.779727][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.781324][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.783618][ T4417] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   41.785081][ T4417] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   41.786557][ T4417] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   41.787866][ T4417] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   42.086924][ T4389] Bluetooth: hci0: command 0x040f tx timeout
[   42.147071][ T1703] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   42.148230][ T1703] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.151135][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   42.155648][  T570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   42.157298][  T570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   42.158847][ T1703] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   42.210414][ T4510] FAULT_INJECTION: forcing a failure.
[   42.210414][ T4510] name failslab, interval 1, probability 0, space 0, times 1
[   42.212440][ T4510] CPU: 0 PID: 4510 Comm: syz.0.17 Not tainted syzkaller #0
[   42.213607][ T4510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   42.215264][ T4510] Call trace:
[   42.215811][ T4510]  dump_backtrace+0x1c8/0x1f4
[   42.216580][ T4510]  show_stack+0x2c/0x3c
[   42.217236][ T4510]  __dump_stack+0x30/0x40
[   42.217938][ T4510]  dump_stack_lvl+0xf8/0x160
[   42.218638][ T4510]  dump_stack+0x1c/0x5c
[   42.219320][ T4510]  should_fail_ex+0x3c4/0x520
[   42.220012][ T4510]  __should_failslab+0xc0/0x120
[   42.220733][ T4510]  should_failslab+0x10/0x28
[   42.221490][ T4510]  __kmem_cache_alloc_node+0x7c/0x320
[   42.222369][ T4510]  kmalloc_trace+0x48/0x94
[   42.223019][ T4510]  qfq_change_class+0x6d8/0xa68
[   42.223779][ T4510]  tc_ctl_tclass+0x840/0xb34
[   42.224493][ T4510]  rtnetlink_rcv_msg+0x734/0xce4
[   42.225296][ T4510]  netlink_rcv_skb+0x208/0x3c4
[   42.225941][ T4510]  rtnetlink_rcv+0x28/0x38
[   42.226558][ T4510]  netlink_unicast+0x60c/0x824
[   42.227278][ T4510]  netlink_sendmsg+0x6e8/0x9b0
[   42.227980][ T4510]  ____sys_sendmsg+0x5b8/0x918
[   42.228710][ T4510]  __sys_sendmsg+0x25c/0x320
[   42.229407][ T4510]  __arm64_sys_sendmsg+0x80/0x94
[   42.230100][ T4510]  invoke_syscall+0x98/0x2bc
[   42.230734][ T4510]  el0_svc_common+0x138/0x258
[   42.231391][ T4510]  do_el0_svc+0x58/0x13c
[   42.232039][ T4510]  el0_svc+0x58/0x138
[   42.232622][ T4510]  el0t_64_sync_handler+0x84/0xf0
[   42.233354][ T4510]  el0t_64_sync+0x18c/0x190
[   42.560096][ T4510] ==================================================================
[   42.561398][ T4510] BUG: KASAN: use-after-free in qfq_reset_qdisc+0xcc/0x208
[   42.562553][ T4510] Read of size 8 at addr ffff0000d80cc750 by task syz.0.17/4510
[   42.563800][ T4510] 
[   42.564140][ T4510] CPU: 1 PID: 4510 Comm: syz.0.17 Not tainted syzkaller #0
[   42.565309][ T4510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   42.566809][ T4510] Call trace:
[   42.567341][ T4510]  dump_backtrace+0x1c8/0x1f4
[   42.568079][ T4510]  show_stack+0x2c/0x3c
[   42.568782][ T4510]  __dump_stack+0x30/0x40
[   42.569490][ T4510]  dump_stack_lvl+0xf8/0x160
[   42.570190][ T4510]  print_address_description+0x88/0x218
[   42.571045][ T4510]  print_report+0x50/0x68
[   42.571747][ T4510]  kasan_report+0xa8/0x100
[   42.572434][ T4510]  __asan_report_load8_noabort+0x2c/0x38
[   42.573321][ T4510]  qfq_reset_qdisc+0xcc/0x208
[   42.574016][ T4510]  qdisc_reset+0x134/0x604
[   42.574701][ T4510]  __qdisc_destroy+0x100/0x500
[   42.575395][ T4510]  dev_shutdown+0x35c/0x47c
[   42.576112][ T4510]  unregister_netdevice_many+0x944/0x1740
[   42.577087][ T4510]  unregister_netdevice_queue+0x2ac/0x2f8
[   42.578014][ T4510]  __tun_detach+0xb04/0x122c
[   42.578755][ T4510]  tun_chr_close+0x118/0x1f8
[   42.579491][ T4510]  __fput+0x1bc/0x7c0
[   42.580202][ T4510]  ____fput+0x20/0x30
[   42.580820][ T4510]  task_work_run+0x1ec/0x270
[   42.581546][ T4510]  do_notify_resume+0x2038/0x2b28
[   42.582284][ T4510]  el0_svc+0x98/0x138
[   42.582878][ T4510]  el0t_64_sync_handler+0x84/0xf0
[   42.583637][ T4510]  el0t_64_sync+0x18c/0x190
[   42.584344][ T4510] 
[   42.584713][ T4510] Allocated by task 4510:
[   42.585391][ T4510]  kasan_set_track+0x4c/0x80
[   42.586070][ T4510]  kasan_save_alloc_info+0x28/0x34
[   42.586878][ T4510]  __kasan_kmalloc+0xa0/0xb8
[   42.587588][ T4510]  kmalloc_trace+0x7c/0x94
[   42.588250][ T4510]  qfq_change_class+0x358/0xa68
[   42.588920][ T4510]  tc_ctl_tclass+0x840/0xb34
[   42.589593][ T4510]  rtnetlink_rcv_msg+0x734/0xce4
[   42.590363][ T4510]  netlink_rcv_skb+0x208/0x3c4
[   42.591082][ T4510]  rtnetlink_rcv+0x28/0x38
[   42.591709][ T4510]  netlink_unicast+0x60c/0x824
[   42.592440][ T4510]  netlink_sendmsg+0x6e8/0x9b0
[   42.593056][ T4510]  ____sys_sendmsg+0x5b8/0x918
[   42.593686][ T4510]  __sys_sendmsg+0x25c/0x320
[   42.594340][ T4510]  __arm64_sys_sendmsg+0x80/0x94
[   42.595102][ T4510]  invoke_syscall+0x98/0x2bc
[   42.595783][ T4510]  el0_svc_common+0x138/0x258
[   42.596472][ T4510]  do_el0_svc+0x58/0x13c
[   42.597157][ T4510]  el0_svc+0x58/0x138
[   42.597734][ T4510]  el0t_64_sync_handler+0x84/0xf0
[   42.598455][ T4510]  el0t_64_sync+0x18c/0x190
[   42.599127][ T4510] 
[   42.599452][ T4510] Freed by task 4510:
[   42.600002][ T4510]  kasan_set_track+0x4c/0x80
[   42.600662][ T4510]  kasan_save_free_info+0x3c/0x60
[   42.601380][ T4510]  ____kasan_slab_free+0x148/0x1b0
[   42.602114][ T4510]  __kasan_slab_free+0x18/0x28
[   42.602799][ T4510]  slab_free_freelist_hook+0x16c/0x1ec
[   42.603623][ T4510]  __kmem_cache_free+0xc0/0x224
[   42.604410][ T4510]  kfree+0xd0/0x1ac
[   42.605013][ T4510]  qfq_change_class+0x818/0xa68
[   42.605721][ T4510]  tc_ctl_tclass+0x840/0xb34
[   42.606445][ T4510]  rtnetlink_rcv_msg+0x734/0xce4
[   42.607228][ T4510]  netlink_rcv_skb+0x208/0x3c4
[   42.607997][ T4510]  rtnetlink_rcv+0x28/0x38
[   42.608711][ T4510]  netlink_unicast+0x60c/0x824
[   42.609494][ T4510]  netlink_sendmsg+0x6e8/0x9b0
[   42.610217][ T4510]  ____sys_sendmsg+0x5b8/0x918
[   42.611021][ T4510]  __sys_sendmsg+0x25c/0x320
[   42.611717][ T4510]  __arm64_sys_sendmsg+0x80/0x94
[   42.612473][ T4510]  invoke_syscall+0x98/0x2bc
[   42.613147][ T4510]  el0_svc_common+0x138/0x258
[   42.613868][ T4510]  do_el0_svc+0x58/0x13c
[   42.614514][ T4510]  el0_svc+0x58/0x138
[   42.615110][ T4510]  el0t_64_sync_handler+0x84/0xf0
[   42.615881][ T4510]  el0t_64_sync+0x18c/0x190
[   42.616596][ T4510] 
[   42.616933][ T4510] Last potentially related work creation:
[   42.617872][ T4510]  kasan_save_stack+0x40/0x70
[   42.618633][ T4510]  __kasan_record_aux_stack+0xc0/0xdc
[   42.619407][ T4510]  kasan_record_aux_stack_noalloc+0x14/0x20
[   42.620289][ T4510]  kvfree_call_rcu+0xb4/0x6f0
[   42.620974][ T4510]  kernfs_unlink_open_file+0x37c/0x42c
[   42.621826][ T4510]  kernfs_fop_release+0x128/0x190
[   42.622610][ T4510]  __fput+0x1bc/0x7c0
[   42.623201][ T4510]  ____fput+0x20/0x30
[   42.623848][ T4510]  task_work_run+0x1ec/0x270
[   42.624569][ T4510]  do_notify_resume+0x2038/0x2b28
[   42.625277][ T4510]  el0_svc+0x98/0x138
[   42.625864][ T4510]  el0t_64_sync_handler+0x84/0xf0
[   42.626626][ T4510]  el0t_64_sync+0x18c/0x190
[   42.627312][ T4510] 
[   42.627649][ T4510] The buggy address belongs to the object at ffff0000d80cc700
[   42.627649][ T4510]  which belongs to the cache kmalloc-128 of size 128
[   42.629854][ T4510] The buggy address is located 80 bytes inside of
[   42.629854][ T4510]  128-byte region [ffff0000d80cc700, ffff0000d80cc780)
[   42.631962][ T4510] 
[   42.632321][ T4510] The buggy address belongs to the physical page:
[   42.633317][ T4510] page:00000000cb61cffd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1180cc
[   42.634925][ T4510] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   42.636198][ T4510] raw: 05ffc00000000200 fffffc0003491440 dead000000000003 ffff0000c0002300
[   42.637556][ T4510] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   42.638905][ T4510] page dumped because: kasan: bad access detected
[   42.639846][ T4510] 
[   42.640172][ T4510] Memory state around the buggy address:
[   42.641011][ T4510]  ffff0000d80cc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.642192][ T4510]  ffff0000d80cc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.643399][ T4510] >ffff0000d80cc700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.644631][ T4510]                                                  ^
[   42.645737][ T4510]  ffff0000d80cc780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.646935][ T4510]  ffff0000d80cc800: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   42.648072][ T4510] ==================================================================
[   42.649848][ T4510] Disabling lock debugging due to kernel taint
[   42.650827][ T4510] Unable to handle kernel paging request at virtual address e0d84074e000023c
[   42.652226][ T4510] KASAN: maybe wild-memory-access in range [0x06c603a7000011e0-0x06c603a7000011e7]
[   42.653746][ T4510] Mem abort info:
[   42.654278][ T4510]   ESR = 0x0000000096000004
[   42.654997][ T4510]   EC = 0x25: DABT (current EL), IL = 32 bits
[   42.655925][ T4510]   SET = 0, FnV = 0
[   42.656486][ T4510]   EA = 0, S1PTW = 0
[   42.657221][ T4510]   FSC = 0x04: level 0 translation fault
[   42.658084][ T4510] Data abort info:
[   42.658676][ T4510]   ISV = 0, ISS = 0x00000004
[   42.659343][ T4510]   CM = 0, WnR = 0
[   42.660006][ T4510] [e0d84074e000023c] address between user and kernel address ranges
[   42.661205][ T4510] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[   42.662329][ T4510] Modules linked in:
[   42.662935][ T4510] CPU: 1 PID: 4510 Comm: syz.0.17 Tainted: G    B              syzkaller #0
[   42.664227][ T4510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   42.665705][ T4510] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[   42.666900][ T4510] pc : qfq_reset_qdisc+0xbc/0x208
[   42.667711][ T4510] lr : qfq_reset_qdisc+0x158/0x208
[   42.668532][ T4510] sp : ffff8000211f75a0
[   42.669169][ T4510] x29: ffff8000211f75b0 x28: 0000000000000000 x27: 1fffe0001b27f05a
[   42.670381][ T4510] x26: 00d8c074e000023c x25: dfff800000000000 x24: 0000000000000000
[   42.671616][ T4510] x23: 06c603a7000011e6 x22: 06c603a700001196 x21: ffff0000d93f82d0
[   42.672834][ T4510] x20: ffff0000d93f82d8 x19: ffff0000d93f8000 x18: ffff800011a5bd40
[   42.673993][ T4510] x17: 0000000000000000 x16: ffff800008042d90 x15: 0000000000000000
[   42.675178][ T4510] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
[   42.676363][ T4510] x11: ff0080000ff41dac x10: 0000000000000000 x9 : ffff80000ff41dac
[   42.677585][ T4510] x8 : ffff0000c38d1bc0 x7 : 0000000000000001 x6 : 0000000000000001
[   42.678764][ T4510] x5 : ffff8000211f6f78 x4 : ffff800015134e00 x3 : ffff80000ff41d98
[   42.679913][ T4510] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000
[   42.681108][ T4510] Call trace:
[   42.681566][ T4510]  qfq_reset_qdisc+0xbc/0x208
[   42.682244][ T4510]  qdisc_reset+0x134/0x604
[   42.682904][ T4510]  __qdisc_destroy+0x100/0x500
[   42.683571][ T4510]  dev_shutdown+0x35c/0x47c
[   42.684301][ T4510]  unregister_netdevice_many+0x944/0x1740
[   42.685152][ T4510]  unregister_netdevice_queue+0x2ac/0x2f8
[   42.686046][ T4510]  __tun_detach+0xb04/0x122c
[   42.686752][ T4510]  tun_chr_close+0x118/0x1f8
[   42.687415][ T4510]  __fput+0x1bc/0x7c0
[   42.687978][ T4510]  ____fput+0x20/0x30
[   42.688574][ T4510]  task_work_run+0x1ec/0x270
[   42.689268][ T4510]  do_notify_resume+0x2038/0x2b28
[   42.690038][ T4510]  el0_svc+0x98/0x138
[   42.690627][ T4510]  el0t_64_sync_handler+0x84/0xf0
[   42.691433][ T4510]  el0t_64_sync+0x18c/0x190
[   42.692121][ T4510] Code: d1002116 b4000656 910142d7 d343fefa (38796b48) 
[   42.693105][ T4510] ---[ end trace 0000000000000000 ]---
[   42.862438][ T4510] Kernel panic - not syncing: Oops: Fatal exception
[   42.863348][ T4510] SMP: stopping secondary CPUs
[   42.864074][ T4510] Kernel Offset: disabled
[   42.864692][ T4510] CPU features: 0x080000,000f0097,a65bfea7
[   42.865597][ T4510] Memory Limit: none
[   43.031304][ T4510] Rebooting in 86400 seconds..