Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts.
1970/01/01 00:01:23 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:01:24 parsed 1 programs
[   86.808443][ T4450] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   93.880593][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.882248][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.887556][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   93.898751][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.900409][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.903094][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   94.982678][ T4505] chnl_net:caif_netlink_parms(): no params data found
[   95.018885][ T4505] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.020533][ T4505] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.022698][ T4505] device bridge_slave_0 entered promiscuous mode
[   95.026113][ T4505] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.027630][ T4505] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.029723][ T4505] device bridge_slave_1 entered promiscuous mode
[   95.045741][ T4505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.049805][ T4505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.065017][ T4505] team0: Port device team_slave_0 added
[   95.068679][ T4505] team0: Port device team_slave_1 added
[   95.083201][ T4505] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.084682][ T4505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.090286][ T4505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.094821][ T4505] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.096669][ T4505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.101971][ T4505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.157966][ T4505] device hsr_slave_0 entered promiscuous mode
[   95.197250][ T4505] device hsr_slave_1 entered promiscuous mode
[   95.961299][ T4505] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.987584][ T4505] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.020341][ T4505] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.059014][ T4505] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.135986][ T4505] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.142916][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   96.145098][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   96.151733][ T4505] 8021q: adding VLAN 0 to HW filter on device team0
[   96.156698][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   96.158933][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   96.160990][  T136] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.162447][  T136] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.165049][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   96.173031][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   96.175186][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   96.178898][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.180555][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.185375][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   96.193844][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   96.200419][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   96.203095][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   96.206693][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   96.214809][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   96.217382][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   96.219521][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   96.221583][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   96.230565][ T4505] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   96.233261][ T4505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   96.246150][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   96.248425][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   96.326099][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   96.327821][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   96.334155][ T4505] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.350924][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   96.353103][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   96.366981][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   96.369154][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   96.371336][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   96.373226][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   96.378879][ T4505] device veth0_vlan entered promiscuous mode
[   96.387332][ T4505] device veth1_vlan entered promiscuous mode
[   96.404893][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   96.408280][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   96.410525][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   96.412810][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   96.420775][ T4505] device veth0_macvtap entered promiscuous mode
[   96.425154][ T4505] device veth1_macvtap entered promiscuous mode
[   96.440046][ T4505] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.441698][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   96.443831][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   96.446810][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   96.449389][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   96.458849][ T4505] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.460393][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   96.462701][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   96.507315][ T4505] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.509296][ T4505] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.511053][ T4505] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.512879][ T4505] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:01:36 executed programs: 0
[   97.019559][ T4615] chnl_net:caif_netlink_parms(): no params data found
[   97.060186][ T4615] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.061811][ T4615] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.064050][ T4615] device bridge_slave_0 entered promiscuous mode
[   97.068426][ T4615] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.069972][ T4615] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.072050][ T4615] device bridge_slave_1 entered promiscuous mode
[   97.103128][ T4615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.108595][ T4615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.127743][ T4615] team0: Port device team_slave_0 added
[   97.131043][ T4615] team0: Port device team_slave_1 added
[   97.148413][ T4615] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.149811][ T4615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.154781][ T4615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.164516][ T4615] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.167467][ T4615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.172883][ T4615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.247790][ T4615] device hsr_slave_0 entered promiscuous mode
[   97.296429][ T4615] device hsr_slave_1 entered promiscuous mode
[   97.325640][ T4615] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   97.327185][ T4615] Cannot create hsr debugfs directory
[   97.466991][ T4615] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.908579][ T4105] Bluetooth: hci0: command 0x0409 tx timeout
[  100.290815][ T4615] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.986071][ T4105] Bluetooth: hci0: command 0x041b tx timeout
[  102.162986][ T4615] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.214566][ T4615] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  102.404374][ T4615] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.439138][ T4615] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.527694][ T4615] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.567692][ T4615] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  102.677705][ T4615] 8021q: adding VLAN 0 to HW filter on device bond0
[  102.684354][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  102.687245][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.691650][ T4615] 8021q: adding VLAN 0 to HW filter on device team0
[  102.698286][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  102.700587][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.702961][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.704506][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.707794][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  102.723553][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  102.727920][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.730127][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.731723][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.737151][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  102.743212][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  102.748284][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  102.751120][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  102.754606][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  102.771533][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  102.773982][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  102.782127][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  102.784389][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.788241][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  102.790573][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.794574][ T4615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  102.879463][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  102.881120][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  102.887595][ T4615] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.900093][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  102.902355][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  102.918181][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  102.920402][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  102.922729][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  102.924984][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  102.930100][ T4615] device veth0_vlan entered promiscuous mode
[  102.949553][ T4615] device veth1_vlan entered promiscuous mode
[  102.967500][ T4615] device veth0_macvtap entered promiscuous mode
[  102.969699][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  102.972163][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  102.974315][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  102.978679][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  102.980985][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  102.985117][ T4615] device veth1_macvtap entered promiscuous mode
[  102.995284][ T4615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  102.997570][ T4615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.000751][ T4615] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.002656][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  103.004930][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  103.008656][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.013540][ T4615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  103.016337][ T4615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  103.019317][ T4615] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.021052][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  103.023259][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.028744][ T4615] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.030624][ T4615] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.032503][ T4615] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.034383][ T4615] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.065976][ T4089] Bluetooth: hci0: command 0x040f tx timeout
[  103.090679][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.092595][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.095171][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  103.111310][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.113048][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.116137][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:43 executed programs: 2
[  103.167296][ T4877] loop0: detected capacity change from 0 to 1024
[  103.219249][ T4877] ==================================================================
[  103.221324][ T4877] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x120/0x24c
[  103.222991][ T4877] Write of size 4026 at addr ffff0000dd738800 by task syz.0.15/4877
[  103.225051][ T4877] 
[  103.225596][ T4877] CPU: 1 PID: 4877 Comm: syz.0.15 Not tainted 5.15.171-syzkaller-00073-g3c17fc483905 #0
[  103.227721][ T4877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  103.229946][ T4877] Call trace:
[  103.230780][ T4877]  dump_backtrace+0x0/0x530
[  103.231862][ T4877]  show_stack+0x2c/0x3c
[  103.232716][ T4877]  dump_stack_lvl+0x108/0x170
[  103.233789][ T4877]  print_address_description+0x7c/0x3f0
[  103.235121][ T4877]  kasan_report+0x174/0x1e4
[  103.236323][ T4877]  kasan_check_range+0x274/0x2b4
[  103.237391][ T4877]  memcpy+0xb4/0xe8
[  103.238337][ T4877]  hfsplus_bnode_read+0x120/0x24c
[  103.239473][ T4877]  hfsplus_bnode_read_key+0x170/0x278
[  103.240695][ T4877]  hfsplus_brec_insert+0x520/0xaa0
[  103.241820][ T4877]  hfsplus_create_attr+0x3b0/0x568
[  103.242861][ T4877]  __hfsplus_setxattr+0x9a8/0x1df0
[  103.243867][ T4877]  hfsplus_setxattr+0xb4/0xec
[  103.244887][ T4877]  hfsplus_user_setxattr+0x54/0x6c
[  103.245937][ T4877]  __vfs_setxattr+0x388/0x3a4
[  103.246912][ T4877]  __vfs_setxattr_noperm+0x110/0x528
[  103.247992][ T4877]  __vfs_setxattr_locked+0x1ec/0x218
[  103.249065][ T4877]  vfs_setxattr+0x1a8/0x344
[  103.250034][ T4877]  setxattr+0x250/0x2b4
[  103.250928][ T4877]  path_setxattr+0x17c/0x258
[  103.251907][ T4877]  __arm64_sys_setxattr+0xbc/0xd8
[  103.252986][ T4877]  invoke_syscall+0x98/0x2b8
[  103.253880][ T4877]  el0_svc_common+0x138/0x258
[  103.254900][ T4877]  do_el0_svc+0x58/0x14c
[  103.255737][ T4877]  el0_svc+0x7c/0x1f0
[  103.256673][ T4877]  el0t_64_sync_handler+0x84/0xe4
[  103.257706][ T4877]  el0t_64_sync+0x1a0/0x1a4
[  103.258712][ T4877] 
[  103.259192][ T4877] Allocated by task 4877:
[  103.260154][ T4877]  ____kasan_kmalloc+0xbc/0xfc
[  103.261196][ T4877]  __kasan_kmalloc+0x10/0x1c
[  103.262118][ T4877]  __kmalloc+0x29c/0x4c8
[  103.262994][ T4877]  hfsplus_find_init+0x84/0x1bc
[  103.264048][ T4877]  hfsplus_create_attr+0x14c/0x568
[  103.265171][ T4877]  __hfsplus_setxattr+0x9a8/0x1df0
[  103.266221][ T4877]  hfsplus_setxattr+0xb4/0xec
[  103.267251][ T4877]  hfsplus_user_setxattr+0x54/0x6c
[  103.268292][ T4877]  __vfs_setxattr+0x388/0x3a4
[  103.269354][ T4877]  __vfs_setxattr_noperm+0x110/0x528
[  103.270456][ T4877]  __vfs_setxattr_locked+0x1ec/0x218
[  103.271548][ T4877]  vfs_setxattr+0x1a8/0x344
[  103.272527][ T4877]  setxattr+0x250/0x2b4
[  103.273408][ T4877]  path_setxattr+0x17c/0x258
[  103.274401][ T4877]  __arm64_sys_setxattr+0xbc/0xd8
[  103.275507][ T4877]  invoke_syscall+0x98/0x2b8
[  103.276427][ T4877]  el0_svc_common+0x138/0x258
[  103.277392][ T4877]  do_el0_svc+0x58/0x14c
[  103.278315][ T4877]  el0_svc+0x7c/0x1f0
[  103.279173][ T4877]  el0t_64_sync_handler+0x84/0xe4
[  103.280169][ T4877]  el0t_64_sync+0x1a0/0x1a4
[  103.281165][ T4877] 
[  103.281692][ T4877] The buggy address belongs to the object at ffff0000dd738800
[  103.281692][ T4877]  which belongs to the cache kmalloc-1k of size 1024
[  103.284640][ T4877] The buggy address is located 0 bytes inside of
[  103.284640][ T4877]  1024-byte region [ffff0000dd738800, ffff0000dd738c00)
[  103.287479][ T4877] The buggy address belongs to the page:
[  103.288716][ T4877] page:0000000033d34810 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d738
[  103.290748][ T4877] head:0000000033d34810 order:3 compound_mapcount:0 compound_pincount:0
[  103.292490][ T4877] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[  103.294184][ T4877] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780
[  103.295945][ T4877] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  103.297897][ T4877] page dumped because: kasan: bad access detected
[  103.299164][ T4877] 
[  103.299695][ T4877] Memory state around the buggy address:
[  103.300939][ T4877]  ffff0000dd738900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  103.302680][ T4877]  ffff0000dd738980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  103.304337][ T4877] >ffff0000dd738a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  103.305986][ T4877]                             ^
[  103.307147][ T4877]  ffff0000dd738a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  103.308783][ T4877]  ffff0000dd738b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  103.310599][ T4877] ==================================================================
[  103.312406][ T4877] Disabling lock debugging due to kernel taint
[  103.316606][ T4125] list_add corruption. prev->next should be next (ffff800016d01488), but was 0000030000000000. (prev=ffff0000dd73aad8).
[  103.319479][ T4125] ------------[ cut here ]------------
[  103.320573][ T4125] kernel BUG at lib/list_debug.c:32!
[  103.321659][ T4125] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[  103.323233][ T4125] Modules linked in:
[  103.324072][ T4125] CPU: 0 PID: 4125 Comm: kworker/0:8 Tainted: G    B             5.15.171-syzkaller-00073-g3c17fc483905 #0
[  103.326364][ T4125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  103.328352][ T4125] Workqueue: ipv6_addrconf addrconf_dad_work
[  103.329729][ T4125] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  103.331417][ T4125] pc : __list_add_valid+0x10c/0x110
[  103.332571][ T4125] lr : __list_add_valid+0x10c/0x110
[  103.333621][ T4125] sp : ffff8000203e73c0
[  103.334515][ T4125] x29: ffff8000203e73c0 x28: dfff800000000000 x27: ffff0000c18c3800
[  103.336310][ T4125] x26: 1fffe00018318700 x25: ffff0000db628000 x24: 00000000000000b6
[  103.338011][ T4125] x23: dfff800000000000 x22: ffff800016d01490 x21: ffff0000db6282d8
[  103.339814][ T4125] x20: ffff0000dd73aad8 x19: ffff800016d01488 x18: 0000000000000402
[  103.341470][ T4125] x17: 0000000000000000 x16: ffff8000083364dc x15: 00000000ffffffff
[  103.343229][ T4125] x14: ffff0000d2fc8000 x13: 0000000000000001 x12: 0000000000000001
[  103.344857][ T4125] x11: 0000000000000401 x10: 0000000000000000 x9 : 0b533daa4dec3000
[  103.346606][ T4125] x8 : 0b533daa4dec3000 x7 : 0000000000000001 x6 : 0000000000000001
[  103.348396][ T4125] x5 : ffff8000203e6b38 x4 : ffff800014bb05e0 x3 : ffff800008336628
[  103.350086][ T4125] x2 : 0000000000000001 x1 : 0000000100000401 x0 : 0000000000000075
[  103.351752][ T4125] Call trace:
[  103.352425][ T4125]  __list_add_valid+0x10c/0x110
[  103.353445][ T4125]  ___neigh_create+0x1930/0x24fc
[  103.354482][ T4125]  __neigh_create+0x44/0x58
[  103.355399][ T4125]  ip6_finish_output2+0xc8c/0x1cec
[  103.356411][ T4125]  __ip6_finish_output+0x580/0x6ec
[  103.357609][ T4125]  ip6_finish_output+0x40/0x218
[  103.358661][ T4125]  ip6_output+0x274/0x594
[  103.359594][ T4125]  ndisc_send_skb+0xbf8/0x1788
[  103.360569][ T4125]  ndisc_send_ns+0x538/0x6ec
[  103.361440][ T4125]  addrconf_dad_work+0x81c/0x126c
[  103.362509][ T4125]  process_one_work+0x790/0x11b8
[  103.363495][ T4125]  worker_thread+0x910/0x1034
[  103.364463][ T4125]  kthread+0x37c/0x45c
[  103.365351][ T4125]  ret_from_fork+0x10/0x20
[  103.366316][ T4125] Code: 910d0000 aa1303e1 aa1403e3 95c35f4b (d4210000) 
[  103.368040][ T4125] ---[ end trace 711da7be781ea109 ]---
[  103.785776][ T4165] Unable to handle kernel paging request at virtual address dfff80000000000e
[  103.787755][ T4165] Mem abort info:
[  103.788596][ T4165]   ESR = 0x0000000096000006
[  103.789554][ T4165]   EC = 0x25: DABT (current EL), IL = 32 bits
[  103.790812][ T4165]   SET = 0, FnV = 0
[  103.791599][ T4165]   EA = 0, S1PTW = 0
[  103.792351][ T4165]   FSC = 0x06: level 2 translation fault
[  103.793490][ T4165] Data abort info:
[  103.794435][ T4165]   ISV = 0, ISS = 0x00000006
[  103.795561][ T4165]   CM = 0, WnR = 0
[  103.796435][ T4165] [dfff80000000000e] address between user and kernel address ranges
[  103.882263][ T4125] Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt
[  103.884223][ T4125] SMP: stopping secondary CPUs
[  104.970216][ T4125] SMP: failed to stop secondary CPUs 0-1
[  104.971397][ T4125] Kernel Offset: disabled
[  104.972221][ T4125] CPU features: 0x8,000081c1,21302e40
[  104.973392][ T4125] Memory Limit: none
[  105.425594][ T4125] Rebooting in 86400 seconds..