Warning: Permanently added '10.128.1.91' (ED25519) to the list of known hosts.
1970/01/01 00:01:21 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:01:22 parsed 1 programs
[   84.961689][ T4404] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   93.659780][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.661479][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.663790][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   93.676574][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.678532][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.680771][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   94.012356][ T4465] chnl_net:caif_netlink_parms(): no params data found
[   94.045851][ T4465] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.047469][ T4465] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.051998][ T4465] device bridge_slave_0 entered promiscuous mode
[   94.055127][ T4465] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.056694][ T4465] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.059104][ T4465] device bridge_slave_1 entered promiscuous mode
[   94.074852][ T4465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.078891][ T4465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.094765][ T4465] team0: Port device team_slave_0 added
[   94.097556][ T4465] team0: Port device team_slave_1 added
[   94.109895][ T4465] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.111449][ T4465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.116666][ T4465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.120474][ T4465] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.121951][ T4465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.127426][ T4465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.180108][ T4465] device hsr_slave_0 entered promiscuous mode
[   94.229862][ T4465] device hsr_slave_1 entered promiscuous mode
[   95.018578][ T4465] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.060067][ T4465] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.130040][ T4465] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.145490][ T4465] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.245222][ T4465] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.255817][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   95.257786][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   95.263137][ T4465] 8021q: adding VLAN 0 to HW filter on device team0
[   95.305507][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   95.307891][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   95.328121][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.329716][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.332422][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   95.340121][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   95.342389][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   95.344497][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.345949][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.347819][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   95.359263][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   95.361736][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   95.364962][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   95.369253][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   95.372188][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   95.374625][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   95.382289][ T4465] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   95.384489][ T4465] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   95.400981][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   95.403390][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   95.406069][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   95.414927][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   95.418528][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   95.488975][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   95.490673][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   95.494487][ T4465] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.505571][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   95.507955][ T1636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   95.519729][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   95.521909][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   95.524389][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   95.526370][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   95.533118][ T4465] device veth0_vlan entered promiscuous mode
[   95.541008][ T4465] device veth1_vlan entered promiscuous mode
[   95.554714][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   95.557371][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   95.560103][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   95.562562][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   95.566619][ T4465] device veth0_macvtap entered promiscuous mode
[   95.570587][ T4465] device veth1_macvtap entered promiscuous mode
[   95.581120][ T4465] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.582782][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   95.584657][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   95.586752][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   95.591398][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   95.595946][ T4465] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.598876][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   95.601552][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   95.604931][ T4465] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.606911][ T4465] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.609313][ T4465] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.611201][ T4465] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:01:35 executed programs: 0
[   95.993622][ T4571] chnl_net:caif_netlink_parms(): no params data found
[   96.034209][ T4571] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.035890][ T4571] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.038040][ T4571] device bridge_slave_0 entered promiscuous mode
[   96.042120][ T4571] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.043651][ T4571] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.045795][ T4571] device bridge_slave_1 entered promiscuous mode
[   96.060992][ T4571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   96.064837][ T4571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   96.080311][ T4571] team0: Port device team_slave_0 added
[   96.083771][ T4571] team0: Port device team_slave_1 added
[   96.102575][ T4571] batman_adv: batadv0: Adding interface: batadv_slave_0
[   96.104265][ T4571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.110225][ T4571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   96.114030][ T4571] batman_adv: batadv0: Adding interface: batadv_slave_1
[   96.115648][ T4571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.121580][ T4571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.171382][ T4571] device hsr_slave_0 entered promiscuous mode
[   96.218696][ T4571] device hsr_slave_1 entered promiscuous mode
[   96.248868][ T4571] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.250583][ T4571] Cannot create hsr debugfs directory
[   96.326392][ T4571] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.938564][    T7] Bluetooth: hci0: command 0x0409 tx timeout
[   98.493796][ T4571] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.018794][ T4455] Bluetooth: hci0: command 0x041b tx timeout
[  100.894327][ T4571] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.928366][ T4571] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.338976][ T4571] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  101.371363][ T4571] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  101.420497][ T4571] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.474404][ T4571] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.553247][ T4571] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.559692][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.561891][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.565902][ T4571] 8021q: adding VLAN 0 to HW filter on device team0
[  101.583496][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.585660][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.587661][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.589270][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.591700][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  101.594883][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.597051][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.599728][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.601310][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.605295][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.610228][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.620433][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.622844][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.625255][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.638825][ T4571] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  101.641025][ T4571] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  101.645679][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.647893][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.653289][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.655843][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.659101][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.661331][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.665738][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.744852][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  101.746549][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  101.753460][ T4571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.775023][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  101.777585][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.788506][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.791147][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.793493][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.796193][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.808666][ T4571] device veth0_vlan entered promiscuous mode
[  101.814773][ T4571] device veth1_vlan entered promiscuous mode
[  101.830108][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  101.832622][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  101.840117][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  101.842874][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.846949][ T4571] device veth0_macvtap entered promiscuous mode
[  101.856465][ T4571] device veth1_macvtap entered promiscuous mode
[  101.865694][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.867787][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.874109][ T4571] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.875780][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  101.880267][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  101.882394][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  101.885169][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  101.900720][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  101.903128][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.906132][ T4571] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.913415][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  101.915587][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.930298][ T4571] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.932422][ T4571] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.934294][ T4571] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.935987][ T4571] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.976170][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.977813][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.984977][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  102.001836][  T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.003800][  T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.006428][  T291] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:42 executed programs: 2
[  102.053781][ T4833] loop0: detected capacity change from 0 to 1024
[  102.075084][ T4833] ==================================================================
[  102.076978][ T4833] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x120/0x24c
[  102.078611][ T4833] Write of size 3970 at addr ffff0000da798000 by task syz.0.15/4833
[  102.080391][ T4833] 
[  102.080800][ T4833] CPU: 1 PID: 4833 Comm: syz.0.15 Not tainted 5.15.171-syzkaller-00073-g3c17fc483905 #0
[  102.082857][ T4833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  102.085044][ T4833] Call trace:
[  102.085790][ T4833]  dump_backtrace+0x0/0x530
[  102.086834][ T4833]  show_stack+0x2c/0x3c
[  102.087729][ T4833]  dump_stack_lvl+0x108/0x170
[  102.088429][ T4119] Bluetooth: hci0: command 0x040f tx timeout
[  102.088754][ T4833]  print_address_description+0x7c/0x3f0
[  102.091447][ T4833]  kasan_report+0x174/0x1e4
[  102.092436][ T4833]  kasan_check_range+0x274/0x2b4
[  102.093466][ T4833]  memcpy+0xb4/0xe8
[  102.094362][ T4833]  hfsplus_bnode_read+0x120/0x24c
[  102.095470][ T4833]  hfsplus_bnode_read_key+0x170/0x278
[  102.096594][ T4833]  hfsplus_brec_insert+0x520/0xaa0
[  102.097753][ T4833]  hfsplus_create_attr+0x3b0/0x568
[  102.098916][ T4833]  __hfsplus_setxattr+0x9a8/0x1df0
[  102.100024][ T4833]  hfsplus_setxattr+0xb4/0xec
[  102.101156][ T4833]  hfsplus_security_setxattr+0x54/0x6c
[  102.102302][ T4833]  __vfs_setxattr+0x388/0x3a4
[  102.103497][ T4833]  __vfs_setxattr_noperm+0x110/0x528
[  102.104701][ T4833]  __vfs_setxattr_locked+0x1ec/0x218
[  102.105741][ T4833]  vfs_setxattr+0x1a8/0x344
[  102.106700][ T4833]  setxattr+0x250/0x2b4
[  102.107593][ T4833]  path_setxattr+0x17c/0x258
[  102.108523][ T4833]  __arm64_sys_setxattr+0xbc/0xd8
[  102.109600][ T4833]  invoke_syscall+0x98/0x2b8
[  102.110555][ T4833]  el0_svc_common+0x138/0x258
[  102.111480][ T4833]  do_el0_svc+0x58/0x14c
[  102.112381][ T4833]  el0_svc+0x7c/0x1f0
[  102.113251][ T4833]  el0t_64_sync_handler+0x84/0xe4
[  102.114333][ T4833]  el0t_64_sync+0x1a0/0x1a4
[  102.115338][ T4833] 
[  102.115871][ T4833] Allocated by task 4833:
[  102.116767][ T4833]  ____kasan_kmalloc+0xbc/0xfc
[  102.117714][ T4833]  __kasan_kmalloc+0x10/0x1c
[  102.118654][ T4833]  __kmalloc+0x29c/0x4c8
[  102.119527][ T4833]  hfsplus_find_init+0x84/0x1bc
[  102.120541][ T4833]  hfsplus_create_attr+0x14c/0x568
[  102.121575][ T4833]  __hfsplus_setxattr+0x9a8/0x1df0
[  102.122582][ T4833]  hfsplus_setxattr+0xb4/0xec
[  102.123609][ T4833]  hfsplus_security_setxattr+0x54/0x6c
[  102.124747][ T4833]  __vfs_setxattr+0x388/0x3a4
[  102.125729][ T4833]  __vfs_setxattr_noperm+0x110/0x528
[  102.126839][ T4833]  __vfs_setxattr_locked+0x1ec/0x218
[  102.127992][ T4833]  vfs_setxattr+0x1a8/0x344
[  102.128975][ T4833]  setxattr+0x250/0x2b4
[  102.129822][ T4833]  path_setxattr+0x17c/0x258
[  102.130765][ T4833]  __arm64_sys_setxattr+0xbc/0xd8
[  102.131819][ T4833]  invoke_syscall+0x98/0x2b8
[  102.132762][ T4833]  el0_svc_common+0x138/0x258
[  102.133716][ T4833]  do_el0_svc+0x58/0x14c
[  102.134624][ T4833]  el0_svc+0x7c/0x1f0
[  102.135435][ T4833]  el0t_64_sync_handler+0x84/0xe4
[  102.136542][ T4833]  el0t_64_sync+0x1a0/0x1a4
[  102.137431][ T4833] 
[  102.137984][ T4833] The buggy address belongs to the object at ffff0000da798000
[  102.137984][ T4833]  which belongs to the cache kmalloc-1k of size 1024
[  102.140820][ T4833] The buggy address is located 0 bytes inside of
[  102.140820][ T4833]  1024-byte region [ffff0000da798000, ffff0000da798400)
[  102.143508][ T4833] The buggy address belongs to the page:
[  102.144639][ T4833] page:00000000a7cd00d7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a798
[  102.146863][ T4833] head:00000000a7cd00d7 order:3 compound_mapcount:0 compound_pincount:0
[  102.148544][ T4833] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[  102.150214][ T4833] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002780
[  102.151956][ T4833] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[  102.153742][ T4833] page dumped because: kasan: bad access detected
[  102.155096][ T4833] 
[  102.155569][ T4833] Memory state around the buggy address:
[  102.156713][ T4833]  ffff0000da798100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.158417][ T4833]  ffff0000da798180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  102.160052][ T4833] >ffff0000da798200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.161750][ T4833]                             ^
[  102.162791][ T4833]  ffff0000da798280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.164517][ T4833]  ffff0000da798300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  102.166211][ T4833] ==================================================================
[  102.167884][ T4833] Disabling lock debugging due to kernel taint
[  102.174321][  T136] Unable to handle kernel paging request at virtual address dfff806000000008
[  102.176295][  T136] Mem abort info:
[  102.177053][  T136]   ESR = 0x0000000096000005
[  102.178027][  T136]   EC = 0x25: DABT (current EL), IL = 32 bits
[  102.180669][ T4119] list_add corruption. prev->next should be next (ffff800016d01488), but was 0000000000000000. (prev=ffff0000da79bad8).
[  102.183725][ T4119] ------------[ cut here ]------------
[  102.184901][ T4119] kernel BUG at lib/list_debug.c:32!
[  102.186007][ T4119] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[  102.187430][ T4119] Modules linked in:
[  102.188237][  T136]   SET = 0, FnV = 0
[  102.188282][ T4119] CPU: 0 PID: 4119 Comm: kworker/0:4 Tainted: G    B             5.15.171-syzkaller-00073-g3c17fc483905 #0
[  102.189141][  T136]   EA = 0, S1PTW = 0
[  102.191469][ T4119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  102.192200][  T136]   FSC = 0x05: level 1 translation fault
[  102.194372][ T4119] Workqueue: ipv6_addrconf addrconf_dad_work
[  102.195480][  T136] Data abort info:
[  102.196833][ T4119] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  102.197670][  T136]   ISV = 0, ISS = 0x00000005
[  102.199424][ T4119] pc : __list_add_valid+0x10c/0x110
[  102.199443][ T4119] lr : __list_add_valid+0x10c/0x110
[  102.199452][ T4119] sp : ffff8000200b73c0
[  102.199456][ T4119] x29: ffff8000200b73c0 x28: dfff800000000000 x27: ffff0000da2c7300
[  102.199476][ T4119] x26: 1fffe0001b458e60 x25: ffff0000dd229000 x24: 00000000000000dc
[  102.199492][ T4119] x23: dfff800000000000
[  102.200778][  T136]   CM = 0, WnR = 0
[  102.201612][ T4119]  x22: ffff800016d01490
[  102.202674][  T136] [dfff806000000008] address between user and kernel address ranges
[  102.203612][ T4119]  x21: ffff0000dd2292d8
[  102.211999][ T4119] x20: ffff0000da79bad8 x19: ffff800016d01488 x18: 0000000000000402
[  102.213578][ T4119] x17: 0000000000000000 x16: ffff800011ac0310 x15: 00000000ffffffff
[  102.215399][ T4119] x14: ffff0000d0c5d1c0 x13: 0000000000000001 x12: 0000000000000001
[  102.217241][ T4119] x11: 0000000000000401 x10: 0000000000000000 x9 : 8f4cd6f119993a00
[  102.218962][ T4119] x8 : 8f4cd6f119993a00 x7 : 0000000000000001 x6 : 0000000000000001
[  102.220685][ T4119] x5 : ffff8000200b6b38 x4 : ffff800014bb05e0 x3 : ffff80000a983ebc
[  102.222473][ T4119] x2 : ffff0001b418bd10 x1 : 0000000100000401 x0 : 0000000000000075
[  102.224207][ T4119] Call trace:
[  102.224910][ T4119]  __list_add_valid+0x10c/0x110
[  102.225936][ T4119]  ___neigh_create+0x1930/0x24fc
[  102.227066][ T4119]  __neigh_create+0x44/0x58
[  102.227998][ T4119]  ip6_finish_output2+0xc8c/0x1cec
[  102.229077][ T4119]  __ip6_finish_output+0x580/0x6ec
[  102.230195][ T4119]  ip6_finish_output+0x40/0x218
[  102.231216][ T4119]  ip6_output+0x274/0x594
[  102.232152][ T4119]  ndisc_send_skb+0xbf8/0x1788
[  102.233169][ T4119]  ndisc_send_ns+0x538/0x6ec
[  102.234162][ T4119]  addrconf_dad_work+0x81c/0x126c
[  102.235203][ T4119]  process_one_work+0x790/0x11b8
[  102.236183][ T4119]  worker_thread+0x910/0x1034
[  102.237139][ T4119]  kthread+0x37c/0x45c
[  102.237903][ T4119]  ret_from_fork+0x10/0x20
[  102.238869][ T4119] Code: 910d0000 aa1303e1 aa1403e3 95c35f4b (d4210000) 
[  102.240241][ T4119] ---[ end trace 83442c804c6f3d7a ]---
[  102.683575][ T4119] Kernel panic - not syncing: Oops - BUG: Fatal exception in interrupt
[  102.685310][ T4119] SMP: stopping secondary CPUs
[  103.771909][ T4119] SMP: failed to stop secondary CPUs 0-1
[  103.773232][ T4119] Kernel Offset: disabled
[  103.774120][ T4119] CPU features: 0x8,000081c1,21302e40
[  103.775222][ T4119] Memory Limit: none
[  104.237798][ T4119] Rebooting in 86400 seconds..