Extracting prog: 3m20.553164502s
Minimizing prog: 6m14.320409969s
Simplifying prog options: 5m43.523783368s
Extracting C: 46.020895193s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$I2C-syz_open_dev$usbfs
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x1f, 0x66, 0x8, 0x58f, 0x6610, 0x4805, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x70, 0x81}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)

program crashed: BUG: corrupted list in dst_destroy
program crashed: BUG: corrupted list in dst_destroy
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=47.243843053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$I2C
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x1f, 0x66, 0x8, 0x58f, 0x6610, 0x4805, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x70, 0x81}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23})
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)

program crashed: BUG: corrupted list in dst_destroy
testing program (duration=47.243843053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x1f, 0x66, 0x8, 0x58f, 0x6610, 0x4805, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x70, 0x81}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23})

program crashed: BUG: corrupted list in dst_destroy
testing program (duration=47.243843053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0})

program crashed: BUG: corrupted list in dst_destroy
testing program (duration=47.243843053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program crashed: BUG: corrupted list in dst_destroy
extracting C reproducer
testing compiled C program (duration=47.243843053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
simplifying guilty program options
testing program (duration=47.243843053s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program crashed: BUG: corrupted list in dst_destroy
extracting C reproducer
testing compiled C program (duration=47.243843053s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing program (duration=47.243843053s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program crashed: BUG: corrupted list in dst_destroy
extracting C reproducer
testing compiled C program (duration=47.243843053s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program did not crash
testing program (duration=47.243843053s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program crashed: BUG: corrupted list in dst_destroy
validation run: crashed=true
testing program (duration=47.243843053s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program crashed: BUG: corrupted list in dst_destroy
validation run: crashed=true
testing program (duration=47.243843053s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x0, 0x0, 0x0)

program crashed: BUG: corrupted list in dst_destroy
validation run: crashed=true
reproducing took 21m35.961530779s
repro crashed as (corrupted=false):
list_del corruption, ffff888026e6dc90->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 5c f8 06 cc 48 c7 c7 a0 e8 27 8c 48 89 de e8 12 51 6e fc 90 <0f> 0b 48 c7 c7 00 e9 27 8c 48 89 de e8 00 51 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888026e6dc90 RCX: e4f97afeb5e8fd00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004dcdb92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125457000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564c1939c138 CR3: 000000000e54c000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 dst_destroy+0x202/0x5a0 net/core/dst.c:163
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x870 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:-1 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:172 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:191 [inline]
RIP: 0010:kasan_check_range+0x23b/0x2c0 mm/kasan/generic.c:200
Code: db 0f 85 88 00 00 00 4c 89 fb 48 c1 eb 28 84 db 0f 85 82 00 00 00 49 c1 ef 30 bb 07 00 00 00 45 84 ff 75 7d 4d 01 f3 49 01 db <4d> 89 dc 4d 85 db 74 84 4d 01 d1 4d 39 cc 75 11 41 83 e0 07 45 0f
RSP: 0018:ffffc90000117888 EFLAGS: 00000206
RAX: ffffc90000117901 RBX: ffffffffffffffff RCX: ffffffff816ad49d
RDX: 0000000000000001 RSI: 0000000000000006 RDI: ffffc90000117990
RBP: 0000000000000000 R08: ffffc90000117995 R09: 1ffff92000022f32
R10: dffffc0000000000 R11: fffff52000022f32 R12: 0000000000000001
R13: dffffc0000000000 R14: fffff52000022f33 R15: 1ffff92000022f32
 __asan_memset+0x22/0x50 mm/kasan/shadow.c:84
 smp_text_poke_batch_finish+0x71d/0x1160 arch/x86/kernel/alternative.c:2978
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_disable_cpuslocked+0xc5/0x1a0 kernel/jump_label.c:240
 static_key_disable+0x1a/0x20 kernel/jump_label.c:248
 toggle_allocation_gate+0x1fe/0x290 mm/kfence/core.c:913
 process_one_work+0x949/0x1650 kernel/workqueue.c:3279
 process_scheduled_works kernel/workqueue.c:3362 [inline]
 worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 5c f8 06 cc 48 c7 c7 a0 e8 27 8c 48 89 de e8 12 51 6e fc 90 <0f> 0b 48 c7 c7 00 e9 27 8c 48 89 de e8 00 51 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888026e6dc90 RCX: e4f97afeb5e8fd00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004dcdb92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125457000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564c1939c138 CR3: 000000000e54c000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	db 0f                	fisttpl (%rdi)
   2:	85 88 00 00 00 4c    	test   %ecx,0x4c000000(%rax)
   8:	89 fb                	mov    %edi,%ebx
   a:	48 c1 eb 28          	shr    $0x28,%rbx
   e:	84 db                	test   %bl,%bl
  10:	0f 85 82 00 00 00    	jne    0x98
  16:	49 c1 ef 30          	shr    $0x30,%r15
  1a:	bb 07 00 00 00       	mov    $0x7,%ebx
  1f:	45 84 ff             	test   %r15b,%r15b
  22:	75 7d                	jne    0xa1
  24:	4d 01 f3             	add    %r14,%r11
  27:	49 01 db             	add    %rbx,%r11
* 2a:	4d 89 dc             	mov    %r11,%r12 <-- trapping instruction
  2d:	4d 85 db             	test   %r11,%r11
  30:	74 84                	je     0xffffffb6
  32:	4d 01 d1             	add    %r10,%r9
  35:	4d 39 cc             	cmp    %r9,%r12
  38:	75 11                	jne    0x4b
  3a:	41 83 e0 07          	and    $0x7,%r8d
  3e:	45                   	rex.RB
  3f:	0f                   	.byte 0xf

final repro crashed as (corrupted=false):
list_del corruption, ffff888026e6dc90->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 5c f8 06 cc 48 c7 c7 a0 e8 27 8c 48 89 de e8 12 51 6e fc 90 <0f> 0b 48 c7 c7 00 e9 27 8c 48 89 de e8 00 51 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888026e6dc90 RCX: e4f97afeb5e8fd00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004dcdb92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125457000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564c1939c138 CR3: 000000000e54c000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 dst_destroy+0x202/0x5a0 net/core/dst.c:163
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x870 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:-1 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:172 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:191 [inline]
RIP: 0010:kasan_check_range+0x23b/0x2c0 mm/kasan/generic.c:200
Code: db 0f 85 88 00 00 00 4c 89 fb 48 c1 eb 28 84 db 0f 85 82 00 00 00 49 c1 ef 30 bb 07 00 00 00 45 84 ff 75 7d 4d 01 f3 49 01 db <4d> 89 dc 4d 85 db 74 84 4d 01 d1 4d 39 cc 75 11 41 83 e0 07 45 0f
RSP: 0018:ffffc90000117888 EFLAGS: 00000206
RAX: ffffc90000117901 RBX: ffffffffffffffff RCX: ffffffff816ad49d
RDX: 0000000000000001 RSI: 0000000000000006 RDI: ffffc90000117990
RBP: 0000000000000000 R08: ffffc90000117995 R09: 1ffff92000022f32
R10: dffffc0000000000 R11: fffff52000022f32 R12: 0000000000000001
R13: dffffc0000000000 R14: fffff52000022f33 R15: 1ffff92000022f32
 __asan_memset+0x22/0x50 mm/kasan/shadow.c:84
 smp_text_poke_batch_finish+0x71d/0x1160 arch/x86/kernel/alternative.c:2978
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_disable_cpuslocked+0xc5/0x1a0 kernel/jump_label.c:240
 static_key_disable+0x1a/0x20 kernel/jump_label.c:248
 toggle_allocation_gate+0x1fe/0x290 mm/kfence/core.c:913
 process_one_work+0x949/0x1650 kernel/workqueue.c:3279
 process_scheduled_works kernel/workqueue.c:3362 [inline]
 worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 5c f8 06 cc 48 c7 c7 a0 e8 27 8c 48 89 de e8 12 51 6e fc 90 <0f> 0b 48 c7 c7 00 e9 27 8c 48 89 de e8 00 51 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888026e6dc90 RCX: e4f97afeb5e8fd00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004dcdb92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125457000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564c1939c138 CR3: 000000000e54c000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	db 0f                	fisttpl (%rdi)
   2:	85 88 00 00 00 4c    	test   %ecx,0x4c000000(%rax)
   8:	89 fb                	mov    %edi,%ebx
   a:	48 c1 eb 28          	shr    $0x28,%rbx
   e:	84 db                	test   %bl,%bl
  10:	0f 85 82 00 00 00    	jne    0x98
  16:	49 c1 ef 30          	shr    $0x30,%r15
  1a:	bb 07 00 00 00       	mov    $0x7,%ebx
  1f:	45 84 ff             	test   %r15b,%r15b
  22:	75 7d                	jne    0xa1
  24:	4d 01 f3             	add    %r14,%r11
  27:	49 01 db             	add    %rbx,%r11
* 2a:	4d 89 dc             	mov    %r11,%r12 <-- trapping instruction
  2d:	4d 85 db             	test   %r11,%r11
  30:	74 84                	je     0xffffffb6
  32:	4d 01 d1             	add    %r10,%r9
  35:	4d 39 cc             	cmp    %r9,%r12
  38:	75 11                	jne    0x4b
  3a:	41 83 e0 07          	and    $0x7,%r8d
  3e:	45                   	rex.RB
  3f:	0f                   	.byte 0xf