BUG: corrupted list in dst_destroy

list_del corruption, ffff88802725d490->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 1c f9 06 cc 48 c7 c7 c0 c6 29 8c 48 89 de e8 62 43 68 fc 90 <0f> 0b 48 c7 c7 20 c7 29 8c 48 89 de e8 50 43 68 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88802725d490 RCX: f1ca7917e2d8e900
RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004e4ba92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88812501b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055590bbb3000 CR3: 000000007bb94000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 dst_destroy+0x202/0x5a0 net/core/dst.c:163
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x870 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:preempt_schedule_irq+0x48/0xa0 kernel/sched/core.c:7235
Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 53 bf 01 00 00 00 e8 f3 3b dd f5 e8 2e e0 16 f6 fb bf 01 00 00 00 <e8> 93 a6 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 04 e2 16 f6 bf 01
RSP: 0018:ffffc90000087b70 EFLAGS: 00000202
RAX: 0000000000000461 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8e015bf1 RDI: 0000000000000001
RBP: 0000000000000000 R08: ffffffff9033cfb7 R09: 1ffffffff20679f6
R10: dffffc0000000000 R11: fffffbfff20679f7 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
 irqentry_exit+0x599/0x620 kernel/entry/common.c:239
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lockdep_unregister_key+0x2d5/0x350 kernel/locking/lockdep.c:6616
Code: 41 0c 09 00 89 c6 48 c7 c7 50 a7 48 96 e8 63 5c 16 0a 90 e9 65 fe ff ff e8 78 a9 13 0a 41 f7 c7 00 02 00 00 74 b3 fb 40 84 ed <75> b2 eb c3 90 0f 0b 90 e9 26 ff ff ff 90 0f 0b 90 e9 2e ff ff ff
RSP: 0018:ffffc90000087c90 EFLAGS: 00000202
RAX: 0000000000000046 RBX: 0000000000000001 RCX: 0000000000000046
RDX: ffffffff940422b8 RSI: ffffffff8e02f4ae RDI: ffffffff8c29c380
RBP: ffff88801d6a9e01 R08: ffffffff81af3f28 R09: ffffffff8e960620
R10: dffffc0000000000 R11: fffff52000010f8d R12: 0000000000000000
R13: ffff88807d110139 R14: 0000000000001000 R15: 0000000000000a83
 wq_unregister_lockdep kernel/workqueue.c:4906 [inline]
 pwq_release_workfn+0x6ea/0x880 kernel/workqueue.c:5202
 kthread_worker_fn+0x509/0xb70 kernel/kthread.c:1056
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 1c f9 06 cc 48 c7 c7 c0 c6 29 8c 48 89 de e8 62 43 68 fc 90 <0f> 0b 48 c7 c7 20 c7 29 8c 48 89 de e8 50 43 68 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88802725d490 RCX: f1ca7917e2d8e900
RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004e4ba92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88812501b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055590bbb3000 CR3: 000000007bb94000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	49 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%r14
   7:	fc ff df
   a:	eb 09                	jmp    0x15
   c:	48 f7 03 10 00 00 00 	testq  $0x10,(%rbx)
  13:	74 53                	je     0x68
  15:	bf 01 00 00 00       	mov    $0x1,%edi
  1a:	e8 f3 3b dd f5       	call   0xf5dd3c12
  1f:	e8 2e e0 16 f6       	call   0xf616e052
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 93 a6 ff ff       	call   0xffffa6c2 <-- trapping instruction
  2f:	9c                   	pushf
  30:	58                   	pop    %rax
  31:	fa                   	cli
  32:	a9 00 02 00 00       	test   $0x200,%eax
  37:	74 05                	je     0x3e
  39:	e8 04 e2 16 f6       	call   0xf616e242
  3e:	bf                   	.byte 0xbf
  3f:	01                   	.byte 0x1


Warning: Permanently added '10.128.1.20' (ED25519) to the list of known hosts.
2026/02/26 21:39:43 parsed 1 programs
[   75.358503][ T5820] cgroup: Unknown subsys name 'net'
[   75.485641][ T5820] cgroup: Unknown subsys name 'cpuset'
[   75.494198][ T5820] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   76.870292][ T5820] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   79.545977][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   80.650563][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   80.743623][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.751636][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.759385][ T5859] bridge_slave_0: entered allmulticast mode
[   80.767035][ T5859] bridge_slave_0: entered promiscuous mode
[   80.780969][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.788562][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.796100][ T5859] bridge_slave_1: entered allmulticast mode
[   80.803915][ T5859] bridge_slave_1: entered promiscuous mode
[   80.842631][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.857715][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.895744][ T5859] team0: Port device team_slave_0 added
[   80.904186][ T5859] team0: Port device team_slave_1 added
[   80.933676][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.940712][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   80.967241][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.980282][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.987276][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   81.013237][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.057769][ T5859] hsr_slave_0: entered promiscuous mode
[   81.064707][ T5859] hsr_slave_1: entered promiscuous mode
[   81.215008][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.227238][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.237683][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.248375][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.279739][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.286954][ T5859] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.294904][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.302130][ T5859] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.369492][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.393514][  T539] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.401702][  T539] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.418209][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   81.433008][  T539] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.440455][  T539] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.455728][  T539] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.463618][  T539] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.632144][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.684735][ T5859] veth0_vlan: entered promiscuous mode
[   81.698907][ T5859] veth1_vlan: entered promiscuous mode
[   81.734742][ T5859] veth0_macvtap: entered promiscuous mode
[   81.747043][ T5859] veth1_macvtap: entered promiscuous mode
[   81.773459][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.793963][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.816112][  T539] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.832686][  T539] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.850834][  T539] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.861269][  T539] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.049900][  T539] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.150004][  T539] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.223138][  T539] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.297227][  T539] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.388478][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.401966][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.429585][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.437798][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.991650][ T5903] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.999781][ T5903] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   83.007936][ T5903] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   83.019834][ T5903] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   83.027585][ T5903] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/02/26 21:39:54 executed programs: 0
[   84.296819][ T5141] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.305237][ T5141] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.313555][ T5141] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.321388][ T5141] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.330040][ T5141] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.481627][ T5931] chnl_net:caif_netlink_parms(): no params data found
[   84.555626][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.563094][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.570562][ T5931] bridge_slave_0: entered allmulticast mode
[   84.578954][ T5931] bridge_slave_0: entered promiscuous mode
[   84.587406][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.594737][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.602121][ T5931] bridge_slave_1: entered allmulticast mode
[   84.610024][ T5931] bridge_slave_1: entered promiscuous mode
[   84.643749][ T5931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.656827][ T5931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.691585][ T5931] team0: Port device team_slave_0 added
[   84.700650][ T5931] team0: Port device team_slave_1 added
[   84.730923][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.738388][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   84.764658][ T5931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.778033][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.785048][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   84.812240][ T5931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.857553][ T5931] hsr_slave_0: entered promiscuous mode
[   84.864515][ T5931] hsr_slave_1: entered promiscuous mode
[   84.870963][ T5931] debugfs: 'hsr0' already exists in 'hsr'
[   84.876962][ T5931] Cannot create hsr debugfs directory
[   85.047748][  T539] bridge_slave_1: left allmulticast mode
[   85.054839][  T539] bridge_slave_1: left promiscuous mode
[   85.061715][  T539] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.073636][  T539] bridge_slave_0: left allmulticast mode
[   85.079461][  T539] bridge_slave_0: left promiscuous mode
[   85.085886][  T539] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.244483][  T539] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   85.255657][  T539] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   85.265749][  T539] bond0 (unregistering): Released all slaves
[   85.361571][  T539] hsr_slave_0: left promiscuous mode
[   85.369671][  T539] hsr_slave_1: left promiscuous mode
[   85.379381][  T539] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.390186][  T539] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.399759][  T539] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.407536][  T539] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.424866][  T539] veth1_macvtap: left promiscuous mode
[   85.430528][  T539] veth0_macvtap: left promiscuous mode
[   85.436949][  T539] veth1_vlan: left promiscuous mode
[   85.443191][  T539] veth0_vlan: left promiscuous mode
[   85.717297][  T539] team0 (unregistering): Port device team_slave_1 removed
[   85.742098][  T539] team0 (unregistering): Port device team_slave_0 removed
[   85.932368][    C0] list_del corruption, ffff88802725d490->next is NULL
[   85.939671][    C0] ------------[ cut here ]------------
[   85.945135][    C0] kernel BUG at lib/list_debug.c:53!
[   85.950520][    C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[   85.956854][    C0] CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted syzkaller #0 PREEMPT(full) 
[   85.966290][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   85.976347][    C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[   85.983455][    C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 1c f9 06 cc 48 c7 c7 c0 c6 29 8c 48 89 de e8 62 43 68 fc 90 <0f> 0b 48 c7 c7 20 c7 29 8c 48 89 de e8 50 43 68 fc 90 0f 0b 4c 89
[   86.003145][    C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[   86.009298][    C0] RAX: 0000000000000033 RBX: ffff88802725d490 RCX: f1ca7917e2d8e900
[   86.017261][    C0] RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
[   86.025216][    C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[   86.033173][    C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004e4ba92
[   86.041217][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[   86.049429][    C0] FS:  0000000000000000(0000) GS:ffff88812501b000(0000) knlGS:0000000000000000
[   86.058775][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.065447][    C0] CR2: 000055590bbb3000 CR3: 000000007bb94000 CR4: 00000000003526f0
[   86.073505][    C0] Call Trace:
[   86.076793][    C0]  <IRQ>
[   86.079623][    C0]  dst_destroy+0x202/0x5a0
[   86.084114][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   86.089939][    C0]  ? rcu_core+0x751/0x1070
[   86.094343][    C0]  ? __pfx_dst_destroy_rcu+0x10/0x10
[   86.099638][    C0]  rcu_core+0x7cd/0x1070
[   86.103892][    C0]  ? __pfx_rcu_core+0x10/0x10
[   86.108637][    C0]  ? sched_balance_domains+0xf9/0x900
[   86.114081][    C0]  handle_softirqs+0x22a/0x870
[   86.118834][    C0]  ? __irq_exit_rcu+0x5f/0x150
[   86.123764][    C0]  __irq_exit_rcu+0x5f/0x150
[   86.128427][    C0]  irq_exit_rcu+0x9/0x30
[   86.132743][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   86.138365][    C0]  </IRQ>
[   86.141274][    C0]  <TASK>
[   86.144184][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   86.150139][    C0] RIP: 0010:preempt_schedule_irq+0x48/0xa0
[   86.155972][    C0] Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 53 bf 01 00 00 00 e8 f3 3b dd f5 e8 2e e0 16 f6 fb bf 01 00 00 00 <e8> 93 a6 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 04 e2 16 f6 bf 01
[   86.175565][    C0] RSP: 0018:ffffc90000087b70 EFLAGS: 00000202
[   86.181627][    C0] RAX: 0000000000000461 RBX: 0000000000000000 RCX: 0000000000000001
[   86.189764][    C0] RDX: 0000000000000000 RSI: ffffffff8e015bf1 RDI: 0000000000000001
[   86.197836][    C0] RBP: 0000000000000000 R08: ffffffff9033cfb7 R09: 1ffffffff20679f6
[   86.205841][    C0] R10: dffffc0000000000 R11: fffffbfff20679f7 R12: 0000000000000000
[   86.213878][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
[   86.221920][    C0]  irqentry_exit+0x599/0x620
[   86.226493][    C0]  ? rcu_is_watching+0x15/0xb0
[   86.231262][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[   86.236805][    C0] RIP: 0010:lockdep_unregister_key+0x2d5/0x350
[   86.243044][    C0] Code: 41 0c 09 00 89 c6 48 c7 c7 50 a7 48 96 e8 63 5c 16 0a 90 e9 65 fe ff ff e8 78 a9 13 0a 41 f7 c7 00 02 00 00 74 b3 fb 40 84 ed <75> b2 eb c3 90 0f 0b 90 e9 26 ff ff ff 90 0f 0b 90 e9 2e ff ff ff
[   86.263246][    C0] RSP: 0018:ffffc90000087c90 EFLAGS: 00000202
[   86.269301][    C0] RAX: 0000000000000046 RBX: 0000000000000001 RCX: 0000000000000046
[   86.277251][    C0] RDX: ffffffff940422b8 RSI: ffffffff8e02f4ae RDI: ffffffff8c29c380
[   86.285208][    C0] RBP: ffff88801d6a9e01 R08: ffffffff81af3f28 R09: ffffffff8e960620
[   86.293244][    C0] R10: dffffc0000000000 R11: fffff52000010f8d R12: 0000000000000000
[   86.301373][    C0] R13: ffff88807d110139 R14: 0000000000001000 R15: 0000000000000a83
[   86.309332][    C0]  ? __is_module_percpu_address+0x28/0x3f0
[   86.315121][    C0]  pwq_release_workfn+0x6ea/0x880
[   86.320129][    C0]  kthread_worker_fn+0x509/0xb70
[   86.325052][    C0]  ? kthread_worker_fn+0xe2/0xb70
[   86.330150][    C0]  ? __pfx_pwq_release_workfn+0x10/0x10
[   86.335767][    C0]  kthread+0x388/0x470
[   86.339819][    C0]  ? __pfx_kthread_worker_fn+0x10/0x10
[   86.345260][    C0]  ? __pfx_kthread+0x10/0x10
[   86.349825][    C0]  ret_from_fork+0x51e/0xb90
[   86.354397][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[   86.359487][    C0]  ? __switch_to+0xc7d/0x1450
[   86.364143][    C0]  ? __pfx_kthread+0x10/0x10
[   86.368709][    C0]  ret_from_fork_asm+0x1a/0x30
[   86.373468][    C0]  </TASK>
[   86.376474][    C0] Modules linked in:
[   86.380445][    C0] ---[ end trace 0000000000000000 ]---
[   86.385886][    C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[   86.392822][    C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 52 1c f9 06 cc 48 c7 c7 c0 c6 29 8c 48 89 de e8 62 43 68 fc 90 <0f> 0b 48 c7 c7 20 c7 29 8c 48 89 de e8 50 43 68 fc 90 0f 0b 4c 89
[   86.412428][    C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[   86.418568][    C0] RAX: 0000000000000033 RBX: ffff88802725d490 RCX: f1ca7917e2d8e900
[   86.427050][    C0] RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
[   86.435270][    C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[   86.443311][    C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11004e4ba92
[   86.451367][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[   86.459407][    C0] FS:  0000000000000000(0000) GS:ffff88812501b000(0000) knlGS:0000000000000000
[   86.468347][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.474908][    C0] CR2: 000055590bbb3000 CR3: 000000007bb94000 CR4: 00000000003526f0
[   86.482951][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   87.573779][    C0] Shutting down cpus with NMI
[   87.579181][    C0] Kernel Offset: disabled
[   87.583507][    C0] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3452468318=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at d6526ea3e6a
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/cc4mL3IS.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null