0-page vmalloc region starting at 0xffff8000888b0000 allocated at declare_kernel_vmas+0xa4/0xb4 arch/arm64/mm/mmu.c:1383 list_del corruption. prev->next should be ffff0000cbce5400, but was ffff800089396320. (prev=ffff800089396320) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:64! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 5974 Comm: syz.4.964 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62 lr : __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62 sp : ffff800099a06780 x29: ffff800099a06780 x28: 1fffe0001ad92001 x27: ffff800099a06860 x26: dfff800000000000 x25: ffff0000d6c90108 x24: 1ffff00013340d4a x23: 1ffff00011272c64 x22: dfff800000000000 x21: ffff800089396320 x20: ffff800089396320 x19: ffff0000cbce5400 x18: 1fffe00035c1ea20 x17: 20747562202c3030 x16: 3435656362633030 x15: 3030666666662065 x14: 6220646c756f6873 x13: 0000000000000001 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : a5c32a8841b97e00 x8 : a5c32a8841b97e00 x7 : ffff80008047caa0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000804876e0 x2 : 0000000100000000 x1 : ffff0000d8958000 x0 : 000000000000006d Call trace: __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62 (P) __list_del_entry_valid include/linux/list.h:132 [inline] __list_del_entry include/linux/list.h:223 [inline] list_del include/linux/list.h:237 [inline] flow_block_cb_setup_simple+0x584/0x694 net/core/flow_offload.c:367 nsim_setup_tc+0xfc/0x220 drivers/net/netdevsim/tc.c:72 nft_block_offload_cmd net/netfilter/nf_tables_offload.c:397 [inline] nft_chain_offload_cmd+0x1c0/0x48c net/netfilter/nf_tables_offload.c:451 nft_flow_block_chain+0xfc/0x2c4 net/netfilter/nf_tables_offload.c:471 nft_flow_offload_chain net/netfilter/nf_tables_offload.c:513 [inline] nft_flow_rule_offload_commit+0x44c/0xaa0 net/netfilter/nf_tables_offload.c:-1 nf_tables_commit+0x558/0x6b70 net/netfilter/nf_tables_api.c:10912 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:574 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:647 [inline] nfnetlink_rcv+0x1108/0x16f8 net/netfilter/nfnetlink.c:665 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x610/0x800 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x63c/0x920 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg+0xc8/0x138 net/socket.c:802 ____sys_sendmsg+0x418/0x70c net/socket.c:2698 ___sys_sendmsg+0x198/0x224 net/socket.c:2752 __sys_sendmsg+0x160/0x214 net/socket.c:2784 __do_sys_sendmsg net/socket.c:2789 [inline] __se_sys_sendmsg net/socket.c:2787 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2787 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 Code: 913a0000 aa1303e1 aa1503e3 979d9425 (d4210000) ---[ end trace 0000000000000000 ]---