BUG: corrupted list in dst_destroy
list_del corruption, ffff888025f25090->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 5959 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888025f25090 RCX: 4b95326452f83600
RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004be4a12
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125559000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffb14bb3068 CR3: 0000000078d80000 CR4: 00000000003526f0
Call Trace:
__list_del_entry_valid include/linux/list.h:132 [inline]
__list_del_entry include/linux/list.h:223 [inline]
list_del_init include/linux/list.h:295 [inline]
dst_destroy+0x202/0x5a0 net/core/dst.c:163
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
__do_softirq kernel/softirq.c:660 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x20b/0x2e0 kernel/locking/lockdep.c:5872
Code: e9 30 ff ff ff e8 d5 f8 0c 0a f7 c3 00 02 00 00 0f 84 38 ff ff ff 65 48 8b 05 51 e6 7a 11 48 3b 44 24 30 75 33 fb 48 83 c4 38 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d 6e 9e 73
RSP: 0018:ffffc90003467320 EFLAGS: 00000292
RAX: 4b95326452f83600 RBX: 0000000000000246 RCX: 0000000000000046
RDX: 000000003f34dd00 RSI: ffffffff8e16b4c2 RDI: ffffffff8c27cf80
RBP: 0000000000000000 R08: ffffffff821448e4 R09: ffffffff8e8996e0
R10: 0000000000000000 R11: 0000000300000001 R12: 0000000000000000
R13: ffffffff8e8996e0 R14: 0000000000000000 R15: 0000000000000001
mmu_notifier_invalidate_range_start include/linux/mmu_notifier.h:436 [inline]
unmap_vmas+0x1e1/0x6a0 mm/memory.c:2147
unmap_region+0x3bd/0x4e0 mm/vma.c:485
vms_clear_ptes mm/vma.c:1284 [inline]
vms_clean_up_area mm/vma.c:1296 [inline]
__mmap_setup mm/vma.c:2448 [inline]
__mmap_region mm/vma.c:2741 [inline]
mmap_region+0xbac/0x2240 mm/vma.c:2837
do_mmap+0xc39/0x10c0 mm/mmap.c:559
vm_mmap_pgoff+0x2c9/0x4f0 mm/util.c:581
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ffb14ead242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007ffec49f4b78 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007ffb14bb4000 RCX: 00007ffb14ead242
RDX: 0000000000000003 RSI: 00000000000016d0 RDI: 00007ffb14bb4000
RBP: 0000000000000032 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000032 R11: 0000000000000206 R12: 00007ffec49f4c38
R13: 00007ffb14e82ab0 R14: 00007ffec49f4ff0 R15: 00007ffb14bb4000
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888025f25090 RCX: 4b95326452f83600
RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004be4a12
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888125559000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffb14bb3068 CR3: 0000000078d80000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: e9 30 ff ff ff jmp 0xffffff35
5: e8 d5 f8 0c 0a call 0xa0cf8df
a: f7 c3 00 02 00 00 test $0x200,%ebx
10: 0f 84 38 ff ff ff je 0xffffff4e
16: 65 48 8b 05 51 e6 7a mov %gs:0x117ae651(%rip),%rax # 0x117ae66f
1d: 11
1e: 48 3b 44 24 30 cmp 0x30(%rsp),%rax
23: 75 33 jne 0x58
25: fb sti
26: 48 83 c4 38 add $0x38,%rsp
* 2a: 5b pop %rbx <-- trapping instruction
2b: 41 5c pop %r12
2d: 41 5d pop %r13
2f: 41 5e pop %r14
31: 41 5f pop %r15
33: 5d pop %rbp
34: c3 ret
35: cc int3
36: cc int3
37: cc int3
38: cc int3
39: cc int3
3a: 48 rex.W
3b: 8d .byte 0x8d
3c: 3d .byte 0x3d
3d: 6e outsb %ds:(%rsi),(%dx)
3e: 9e sahf
3f: 73 .byte 0x73
Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts.
2026/02/24 21:38:50 parsed 1 programs
[ 73.772209][ T5824] cgroup: Unknown subsys name 'net'
[ 73.880646][ T5824] cgroup: Unknown subsys name 'cpuset'
[ 73.889029][ T5824] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 75.342314][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 77.919188][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 77.927690][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 77.936329][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 77.946247][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 77.954723][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 78.057591][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 78.951210][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 78.962814][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 78.997908][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.005948][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.521464][ T5901] chnl_net:caif_netlink_parms(): no params data found
[ 80.642160][ T5901] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.650127][ T5901] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.657471][ T5901] bridge_slave_0: entered allmulticast mode
[ 80.665048][ T5901] bridge_slave_0: entered promiscuous mode
[ 80.677152][ T5901] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.685035][ T5901] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.693024][ T5901] bridge_slave_1: entered allmulticast mode
[ 80.701886][ T5901] bridge_slave_1: entered promiscuous mode
[ 80.748423][ T5901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.760805][ T5901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.794984][ T5901] team0: Port device team_slave_0 added
[ 80.804206][ T5901] team0: Port device team_slave_1 added
[ 80.842398][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 80.849523][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 80.876918][ T5901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 80.891965][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 80.898975][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 80.925675][ T5901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 80.969980][ T5901] hsr_slave_0: entered promiscuous mode
[ 80.977083][ T5901] hsr_slave_1: entered promiscuous mode
[ 81.129480][ T5901] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.142248][ T5901] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.153936][ T5901] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.164364][ T5901] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.198247][ T5901] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.205960][ T5901] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.214263][ T5901] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.221826][ T5901] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.284755][ T5901] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.306424][ T1054] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.317179][ T1054] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.333836][ T5901] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.348022][ T60] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.355355][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.372007][ T1054] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.379534][ T1054] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.553785][ T5901] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.611007][ T5901] veth0_vlan: entered promiscuous mode
[ 81.624267][ T5901] veth1_vlan: entered promiscuous mode
[ 81.660557][ T5901] veth0_macvtap: entered promiscuous mode
[ 81.671431][ T5901] veth1_macvtap: entered promiscuous mode
[ 81.694420][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.712168][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.729988][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.740066][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.751775][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.762105][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.969182][ T3443] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.051354][ T3443] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.157106][ T3443] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.236645][ T3443] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/24 21:39:02 executed programs: 0
[ 83.031848][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 83.041197][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 83.050345][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 83.059558][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 83.069225][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.219136][ T5937] chnl_net:caif_netlink_parms(): no params data found
[ 83.296634][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.303989][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.311531][ T5937] bridge_slave_0: entered allmulticast mode
[ 83.319077][ T5937] bridge_slave_0: entered promiscuous mode
[ 83.327325][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.334544][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.342130][ T5937] bridge_slave_1: entered allmulticast mode
[ 83.349999][ T5937] bridge_slave_1: entered promiscuous mode
[ 83.388356][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.402450][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.441664][ T5937] team0: Port device team_slave_0 added
[ 83.451177][ T5937] team0: Port device team_slave_1 added
[ 83.485534][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.492771][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.519316][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.533017][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.540591][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.567274][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.609539][ T5937] hsr_slave_0: entered promiscuous mode
[ 83.616221][ T5937] hsr_slave_1: entered promiscuous mode
[ 83.622696][ T5937] debugfs: 'hsr0' already exists in 'hsr'
[ 83.628574][ T5937] Cannot create hsr debugfs directory
[ 84.311327][ T3443] bridge_slave_1: left allmulticast mode
[ 84.317296][ T3443] bridge_slave_1: left promiscuous mode
[ 84.323602][ T3443] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.335181][ T3443] bridge_slave_0: left allmulticast mode
[ 84.345020][ T3443] bridge_slave_0: left promiscuous mode
[ 84.351595][ T3443] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.470915][ T3443] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 84.482014][ T3443] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 84.491889][ T3443] bond0 (unregistering): Released all slaves
[ 84.616077][ T3443] hsr_slave_0: left promiscuous mode
[ 84.622381][ T3443] hsr_slave_1: left promiscuous mode
[ 84.634726][ T3443] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 84.649846][ T3443] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 84.658625][ T3443] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 84.666292][ T3443] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 84.681296][ T3443] veth1_macvtap: left promiscuous mode
[ 84.690985][ T3443] veth0_macvtap: left promiscuous mode
[ 84.697010][ T3443] veth1_vlan: left promiscuous mode
[ 84.702334][ T3443] veth0_vlan: left promiscuous mode
[ 84.979221][ T3443] team0 (unregistering): Port device team_slave_1 removed
[ 84.992978][ T3443] team0 (unregistering): Port device team_slave_0 removed
[ 85.097413][ T5143] Bluetooth: hci0: command tx timeout
[ 85.156025][ C1] list_del corruption, ffff888025f25090->next is NULL
[ 85.163580][ C1] ------------[ cut here ]------------
[ 85.169028][ C1] kernel BUG at lib/list_debug.c:53!
[ 85.174323][ C1] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 85.180571][ C1] CPU: 1 UID: 0 PID: 5959 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full)
[ 85.190389][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 85.200516][ C1] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 85.207450][ C1] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
[ 85.227482][ C1] RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
[ 85.233542][ C1] RAX: 0000000000000033 RBX: ffff888025f25090 RCX: 4b95326452f83600
[ 85.241534][ C1] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
[ 85.249514][ C1] RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
[ 85.257649][ C1] R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004be4a12
[ 85.265867][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 85.274043][ C1] FS: 0000000000000000(0000) GS:ffff888125559000(0000) knlGS:0000000000000000
[ 85.283223][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.289815][ C1] CR2: 00007ffb14bb3068 CR3: 0000000078d80000 CR4: 00000000003526f0
[ 85.297806][ C1] Call Trace:
[ 85.301085][ C1]
[ 85.303923][ C1] dst_destroy+0x202/0x5a0
[ 85.308343][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 85.314142][ C1] ? rcu_core+0x751/0x1070
[ 85.318637][ C1] ? __pfx_dst_destroy_rcu+0x10/0x10
[ 85.323933][ C1] rcu_core+0x7cd/0x1070
[ 85.328289][ C1] ? __pfx_rcu_core+0x10/0x10
[ 85.332967][ C1] ? sched_balance_domains+0x13a/0x950
[ 85.338515][ C1] handle_softirqs+0x22a/0x870
[ 85.343370][ C1] ? __irq_exit_rcu+0x5f/0x150
[ 85.348219][ C1] __irq_exit_rcu+0x5f/0x150
[ 85.352891][ C1] irq_exit_rcu+0x9/0x30
[ 85.357181][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 85.363345][ C1]
[ 85.366439][ C1]
[ 85.369381][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 85.375436][ C1] RIP: 0010:lock_acquire+0x20b/0x2e0
[ 85.380826][ C1] Code: e9 30 ff ff ff e8 d5 f8 0c 0a f7 c3 00 02 00 00 0f 84 38 ff ff ff 65 48 8b 05 51 e6 7a 11 48 3b 44 24 30 75 33 fb 48 83 c4 38 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 8d 3d 6e 9e 73
[ 85.400606][ C1] RSP: 0018:ffffc90003467320 EFLAGS: 00000292
[ 85.406678][ C1] RAX: 4b95326452f83600 RBX: 0000000000000246 RCX: 0000000000000046
[ 85.414737][ C1] RDX: 000000003f34dd00 RSI: ffffffff8e16b4c2 RDI: ffffffff8c27cf80
[ 85.422873][ C1] RBP: 0000000000000000 R08: ffffffff821448e4 R09: ffffffff8e8996e0
[ 85.431005][ C1] R10: 0000000000000000 R11: 0000000300000001 R12: 0000000000000000
[ 85.439219][ C1] R13: ffffffff8e8996e0 R14: 0000000000000000 R15: 0000000000000001
[ 85.447269][ C1] ? unmap_vmas+0x1c4/0x6a0
[ 85.451772][ C1] ? unmap_vmas+0x1c4/0x6a0
[ 85.456436][ C1] unmap_vmas+0x1e1/0x6a0
[ 85.460800][ C1] ? unmap_vmas+0x1c4/0x6a0
[ 85.465388][ C1] ? __pfx_unmap_vmas+0x10/0x10
[ 85.470493][ C1] ? vms_gather_munmap_vmas+0x11dd/0x1370
[ 85.476385][ C1] ? tlb_gather_mmu+0x233/0x300
[ 85.481492][ C1] unmap_region+0x3bd/0x4e0
[ 85.485987][ C1] ? __pfx_unmap_region+0x10/0x10
[ 85.491117][ C1] ? __mas_set_range+0x12f/0x3c0
[ 85.496135][ C1] mmap_region+0xbac/0x2240
[ 85.500807][ C1] ? __pfx_mmap_region+0x10/0x10
[ 85.505995][ C1] ? __lock_acquire+0x6b5/0x2cf0
[ 85.510931][ C1] ? __lock_acquire+0x6b5/0x2cf0
[ 85.516053][ C1] ? __lock_acquire+0x6b5/0x2cf0
[ 85.521289][ C1] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[ 85.528232][ C1] ? __lock_acquire+0x6b5/0x2cf0
[ 85.533244][ C1] ? count_memcg_event_mm+0x21/0x260
[ 85.538875][ C1] ? cap_mmap_addr+0xaf/0x100
[ 85.543888][ C1] ? bpf_lsm_mmap_addr+0x9/0x50
[ 85.548908][ C1] ? security_mmap_addr+0x71/0x240
[ 85.554100][ C1] do_mmap+0xc39/0x10c0
[ 85.558266][ C1] ? __pfx_do_mmap+0x10/0x10
[ 85.563022][ C1] ? down_write_killable+0x180/0x240
[ 85.568303][ C1] ? __pfx_down_write_killable+0x10/0x10
[ 85.573935][ C1] ? lock_vma_under_rcu+0x45a/0x500
[ 85.579128][ C1] ? apparmor_mmap_file+0x197/0x3e0
[ 85.584429][ C1] ? security_mmap_file+0xf9/0xa20
[ 85.589621][ C1] vm_mmap_pgoff+0x2c9/0x4f0
[ 85.594298][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 85.599494][ C1] ? exc_page_fault+0x6a/0xc0
[ 85.604515][ C1] ? ksys_mmap_pgoff+0xf3/0x760
[ 85.609537][ C1] ? __x64_sys_mmap+0x7f/0x140
[ 85.614556][ C1] do_syscall_64+0x14d/0xf80
[ 85.619137][ C1] ? trace_irq_disable+0x3b/0x150
[ 85.624194][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.630256][ C1] ? clear_bhb_loop+0x40/0x90
[ 85.635035][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.640930][ C1] RIP: 0033:0x7ffb14ead242
[ 85.645533][ C1] Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
[ 85.665477][ C1] RSP: 002b:00007ffec49f4b78 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[ 85.673973][ C1] RAX: ffffffffffffffda RBX: 00007ffb14bb4000 RCX: 00007ffb14ead242
[ 85.682282][ C1] RDX: 0000000000000003 RSI: 00000000000016d0 RDI: 00007ffb14bb4000
[ 85.690330][ C1] RBP: 0000000000000032 R08: 00000000ffffffff R09: 0000000000000000
[ 85.698897][ C1] R10: 0000000000000032 R11: 0000000000000206 R12: 00007ffec49f4c38
[ 85.707301][ C1] R13: 00007ffb14e82ab0 R14: 00007ffec49f4ff0 R15: 00007ffb14bb4000
[ 85.715288][ C1]
[ 85.718564][ C1] Modules linked in:
[ 85.722723][ C1] ---[ end trace 0000000000000000 ]---
[ 85.728170][ C1] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 85.735316][ C1] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
[ 85.755268][ C1] RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
[ 85.761328][ C1] RAX: 0000000000000033 RBX: ffff888025f25090 RCX: 4b95326452f83600
[ 85.769291][ C1] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
[ 85.777433][ C1] RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
[ 85.785479][ C1] R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004be4a12
[ 85.793541][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 85.802380][ C1] FS: 0000000000000000(0000) GS:ffff888125559000(0000) knlGS:0000000000000000
[ 85.811297][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.817977][ C1] CR2: 00007ffb14bb3068 CR3: 0000000078d80000 CR4: 00000000003526f0
[ 85.825944][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 85.835672][ C1] Kernel Offset: disabled
[ 85.840504][ C1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2238071430=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=)
HEAD detached at d78927dd8d0
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d78927dd8d06cbe4d0dadb84bb5f977462dde1fd -X github.com/google/syzkaller/prog.gitRevisionDate=20260202-183658" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d78927dd8d06cbe4d0dadb84bb5f977462dde1fd -X github.com/google/syzkaller/prog.gitRevisionDate=20260202-183658" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d78927dd8d06cbe4d0dadb84bb5f977462dde1fd -X github.com/google/syzkaller/prog.gitRevisionDate=20260202-183658" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d78927dd8d06cbe4d0dadb84bb5f977462dde1fd\"
/usr/bin/ld: /tmp/ccZkVLIf.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null