BUG: corrupted list in dst_destroy
list_del corruption, ffff888078f6a490->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5833 Comm: udevd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888078f6a490 RCX: 1b17456620411a00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f1ed492
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007fc58f99b880(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f854b6ed286 CR3: 0000000043590000 CR4: 00000000003526f0
Call Trace:
__list_del_entry_valid include/linux/list.h:132 [inline]
__list_del_entry include/linux/list.h:223 [inline]
list_del_init include/linux/list.h:295 [inline]
dst_destroy+0x202/0x5a0 net/core/dst.c:163
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
__do_softirq kernel/softirq.c:660 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:debug_lockdep_rcu_enabled+0x29/0x40 kernel/rcu/update.c:321
Code: 90 f3 0f 1e fa 31 c0 83 3d b3 4d 63 04 00 74 1d 83 3d aa 7f 63 04 00 74 14 65 48 8b 0d e8 e7 6d 07 31 c0 83 b9 54 0b 00 00 00 <0f> 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
RSP: 0018:ffffc90003c977f0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff8176a337 RCX: ffff88807e368000
RDX: 000000005a44979c RSI: ffffffff8e16b4c2 RDI: ffffffff8c27cf80
RBP: dffffc0000000000 R08: ffffffff81767a45 R09: ffffffff8e760320
R10: ffffc90003c97928 R11: fffff52000792f31 R12: 1ffff92000792f25
R13: ffffc90003c97960 R14: ffffc90003c97928 R15: ffffffff81767a45
rcu_read_lock include/linux/rcupdate.h:851 [inline]
class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
unwind_next_frame+0xcb/0x23c0 arch/x86/kernel/unwind_orc.c:495
__unwind_start+0x5b8/0x760 arch/x86/kernel/unwind_orc.c:773
unwind_start arch/x86/include/asm/unwind.h:64 [inline]
arch_stack_walk+0xe3/0x150 arch/x86/kernel/stacktrace.c:24
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:57 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:253 [inline]
__kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:2688 [inline]
slab_free mm/slub.c:6130 [inline]
kfree+0x1c1/0x630 mm/slub.c:6448
seq_release+0x54/0x70 fs/seq_file.c:356
kernfs_fop_release+0x30f/0x460 fs/kernfs/file.c:784
__fput+0x44f/0xa70 fs/file_table.c:469
fput_close_sync+0x11f/0x240 fs/file_table.c:574
__do_sys_close fs/open.c:1509 [inline]
__se_sys_close fs/open.c:1494 [inline]
__x64_sys_close+0x7e/0x110 fs/open.c:1494
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc590035a67
Code: 44 00 00 48 83 ec 10 48 63 ff 45 31 c9 45 31 c0 6a 01 31 c9 e8 ca 19 f9 ff 48 83 c4 18 c3 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 61 b3 0d 00 f7 d8 64 89 02 b8
RSP: 002b:00007ffebdd4eb18 EFLAGS: 00000297 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 000055ec3ef4d7a0 RCX: 00007fc590035a67
RDX: 00007fc59010fea0 RSI: 000055ec3ef5ff10 RDI: 0000000000000008
RBP: 00007fc59010fff0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000000
R13: 3d45505954564544 R14: 3d5845444e494649 R15: 3d454d414e564544
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff888078f6a490 RCX: 1b17456620411a00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f1ed492
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007fc58f99b880(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f854b6ed286 CR3: 0000000043590000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: 90 nop
1: f3 0f 1e fa endbr64
5: 31 c0 xor %eax,%eax
7: 83 3d b3 4d 63 04 00 cmpl $0x0,0x4634db3(%rip) # 0x4634dc1
e: 74 1d je 0x2d
10: 83 3d aa 7f 63 04 00 cmpl $0x0,0x4637faa(%rip) # 0x4637fc1
17: 74 14 je 0x2d
19: 65 48 8b 0d e8 e7 6d mov %gs:0x76de7e8(%rip),%rcx # 0x76de809
20: 07
21: 31 c0 xor %eax,%eax
23: 83 b9 54 0b 00 00 00 cmpl $0x0,0xb54(%rcx)
* 2a: 0f 94 c0 sete %al <-- trapping instruction
2d: c3 ret
2e: cc int3
2f: cc int3
30: cc int3
31: cc int3
32: cc int3
33: cc int3
34: cc int3
35: cc int3
36: cc int3
37: cc int3
38: cc int3
39: cc int3
3a: cc int3
3b: cc int3
3c: cc int3
3d: cc int3
3e: cc int3
3f: cc int3
Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts.
2026/02/25 16:29:43 parsed 1 programs
[ 73.761522][ T5820] cgroup: Unknown subsys name 'net'
[ 73.896777][ T5820] cgroup: Unknown subsys name 'cpuset'
[ 73.905244][ T5820] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 75.251158][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 77.898135][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 79.651484][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 79.659533][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 79.667615][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 79.676141][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 79.686383][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 79.979529][ T967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.988518][ T967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.037722][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.052417][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.101156][ T5905] chnl_net:caif_netlink_parms(): no params data found
[ 81.205369][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.215171][ T5905] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.223353][ T5905] bridge_slave_0: entered allmulticast mode
[ 81.230800][ T5905] bridge_slave_0: entered promiscuous mode
[ 81.240409][ T5905] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.247929][ T5905] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.255274][ T5905] bridge_slave_1: entered allmulticast mode
[ 81.262683][ T5905] bridge_slave_1: entered promiscuous mode
[ 81.302590][ T5905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 81.317528][ T5905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 81.355094][ T5905] team0: Port device team_slave_0 added
[ 81.366389][ T5905] team0: Port device team_slave_1 added
[ 81.395624][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 81.402658][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 81.429712][ T5905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 81.443133][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 81.450270][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 81.477027][ T5905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 81.520610][ T5905] hsr_slave_0: entered promiscuous mode
[ 81.527340][ T5905] hsr_slave_1: entered promiscuous mode
[ 81.669367][ T5905] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 81.682148][ T5905] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 81.696970][ T5905] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 81.710560][ T5905] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 81.755132][ T5905] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.762483][ T5905] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 81.770603][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.777835][ T5905] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.870832][ T5905] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.903564][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.923460][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.943206][ T5905] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.959829][ T967] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.967272][ T967] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 81.986088][ T967] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.993280][ T967] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.170542][ T5905] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 82.218567][ T5905] veth0_vlan: entered promiscuous mode
[ 82.237332][ T5905] veth1_vlan: entered promiscuous mode
[ 82.274440][ T5905] veth0_macvtap: entered promiscuous mode
[ 82.284816][ T5905] veth1_macvtap: entered promiscuous mode
[ 82.306876][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 82.323063][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 82.340995][ T967] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.350757][ T967] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.368561][ T967] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.378559][ T967] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.522823][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.580829][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.654646][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.774229][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/25 16:29:55 executed programs: 0
[ 82.874166][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 82.882727][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 82.892264][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 82.900309][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 82.910704][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.064024][ T5930] chnl_net:caif_netlink_parms(): no params data found
[ 83.151894][ T5930] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.159529][ T5930] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.167117][ T5930] bridge_slave_0: entered allmulticast mode
[ 83.174421][ T5930] bridge_slave_0: entered promiscuous mode
[ 83.184066][ T5930] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.191391][ T5930] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.198981][ T5930] bridge_slave_1: entered allmulticast mode
[ 83.206537][ T5930] bridge_slave_1: entered promiscuous mode
[ 83.241268][ T5930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.254548][ T5930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.295353][ T5930] team0: Port device team_slave_0 added
[ 83.305428][ T5930] team0: Port device team_slave_1 added
[ 83.334473][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.342111][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.369109][ T5930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.384298][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.391261][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.417705][ T5930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.472509][ T5930] hsr_slave_0: entered promiscuous mode
[ 83.479197][ T5930] hsr_slave_1: entered promiscuous mode
[ 83.485867][ T5930] debugfs: 'hsr0' already exists in 'hsr'
[ 83.491799][ T5930] Cannot create hsr debugfs directory
[ 84.834649][ T35] bridge_slave_1: left allmulticast mode
[ 84.840480][ T35] bridge_slave_1: left promiscuous mode
[ 84.847612][ T35] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.861638][ T35] bridge_slave_0: left allmulticast mode
[ 84.868349][ T35] bridge_slave_0: left promiscuous mode
[ 84.874466][ T35] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.952362][ T5142] Bluetooth: hci0: command tx timeout
[ 85.026164][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 85.037416][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 85.047320][ T35] bond0 (unregistering): Released all slaves
[ 85.191323][ T35] hsr_slave_0: left promiscuous mode
[ 85.198245][ T35] hsr_slave_1: left promiscuous mode
[ 85.204803][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 85.216682][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 85.225182][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 85.232713][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 85.248062][ T35] veth1_macvtap: left promiscuous mode
[ 85.255248][ T35] veth0_macvtap: left promiscuous mode
[ 85.260911][ T35] veth1_vlan: left promiscuous mode
[ 85.266338][ T35] veth0_vlan: left promiscuous mode
[ 85.525737][ T35] team0 (unregistering): Port device team_slave_1 removed
[ 85.557058][ T35] team0 (unregistering): Port device team_slave_0 removed
[ 85.701762][ C0] list_del corruption, ffff888078f6a490->next is NULL
[ 85.709418][ C0] ------------[ cut here ]------------
[ 85.714896][ C0] kernel BUG at lib/list_debug.c:53!
[ 85.720228][ C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 85.726507][ C0] CPU: 0 UID: 0 PID: 5833 Comm: udevd Not tainted syzkaller #0 PREEMPT(full)
[ 85.735371][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 85.745442][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 85.752412][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
[ 85.772162][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[ 85.774835][ T5930] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 85.778241][ C0] RAX: 0000000000000033 RBX: ffff888078f6a490 RCX: 1b17456620411a00
[ 85.792862][ C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[ 85.800838][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[ 85.808795][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f1ed492
[ 85.816842][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 85.824892][ C0] FS: 00007fc58f99b880(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
[ 85.833795][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 85.840354][ C0] CR2: 00007f854b6ed286 CR3: 0000000043590000 CR4: 00000000003526f0
[ 85.848406][ C0] Call Trace:
[ 85.851670][ C0]
[ 85.854495][ C0] dst_destroy+0x202/0x5a0
[ 85.858899][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 85.864854][ C0] ? rcu_core+0x751/0x1070
[ 85.869257][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10
[ 85.874546][ C0] rcu_core+0x7cd/0x1070
[ 85.878871][ C0] ? __pfx_rcu_core+0x10/0x10
[ 85.883542][ C0] ? sched_clock_cpu+0x74/0x440
[ 85.888385][ C0] handle_softirqs+0x22a/0x870
[ 85.893133][ C0] ? __irq_exit_rcu+0x5f/0x150
[ 85.897904][ C0] __irq_exit_rcu+0x5f/0x150
[ 85.902504][ C0] irq_exit_rcu+0x9/0x30
[ 85.906733][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 85.912351][ C0]
[ 85.915281][ C0]
[ 85.918189][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 85.924150][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0x29/0x40
[ 85.930371][ C0] Code: 90 f3 0f 1e fa 31 c0 83 3d b3 4d 63 04 00 74 1d 83 3d aa 7f 63 04 00 74 14 65 48 8b 0d e8 e7 6d 07 31 c0 83 b9 54 0b 00 00 00 <0f> 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
[ 85.950044][ C0] RSP: 0018:ffffc90003c977f0 EFLAGS: 00000246
[ 85.956119][ C0] RAX: 0000000000000000 RBX: ffffffff8176a337 RCX: ffff88807e368000
[ 85.964075][ C0] RDX: 000000005a44979c RSI: ffffffff8e16b4c2 RDI: ffffffff8c27cf80
[ 85.972043][ C0] RBP: dffffc0000000000 R08: ffffffff81767a45 R09: ffffffff8e760320
[ 85.980092][ C0] R10: ffffc90003c97928 R11: fffff52000792f31 R12: 1ffff92000792f25
[ 85.988047][ C0] R13: ffffc90003c97960 R14: ffffc90003c97928 R15: ffffffff81767a45
[ 85.996000][ C0] ? unwind_next_frame+0xa5/0x23c0
[ 86.001099][ C0] ? __unwind_start+0xf7/0x760
[ 86.005855][ C0] ? unwind_next_frame+0xa5/0x23c0
[ 86.010950][ C0] unwind_next_frame+0xcb/0x23c0
[ 86.015876][ C0] ? kasan_save_track+0x4f/0x80
[ 86.020724][ C0] ? kasan_save_track+0x3e/0x80
[ 86.025575][ C0] ? __kasan_slab_free+0x5c/0x80
[ 86.030575][ C0] ? kfree+0x1c1/0x630
[ 86.034624][ C0] ? uevent_show+0x1d7/0x310
[ 86.039203][ C0] ? sysfs_kf_seq_show+0x310/0x490
[ 86.044381][ C0] ? seq_read_iter+0x4ef/0xe10
[ 86.049122][ C0] ? vfs_read+0x582/0xa70
[ 86.053431][ C0] ? ksys_read+0x150/0x270
[ 86.057835][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.063884][ C0] ? get_stack_info_noinstr+0x1b/0x130
[ 86.069362][ C0] __unwind_start+0x5b8/0x760
[ 86.074068][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 86.080391][ C0] arch_stack_walk+0xe3/0x150
[ 86.085146][ C0] ? __unwind_start+0xf7/0x760
[ 86.089912][ C0] stack_trace_save+0xa9/0x100
[ 86.094665][ C0] ? __pfx_stack_trace_save+0x10/0x10
[ 86.100019][ C0] kasan_save_track+0x3e/0x80
[ 86.104779][ C0] kasan_save_free_info+0x46/0x50
[ 86.109792][ C0] __kasan_slab_free+0x5c/0x80
[ 86.114559][ C0] kfree+0x1c1/0x630
[ 86.118444][ C0] ? seq_release+0x54/0x70
[ 86.122845][ C0] seq_release+0x54/0x70
[ 86.127176][ C0] kernfs_fop_release+0x30f/0x460
[ 86.132196][ C0] ? __pfx_kernfs_fop_release+0x10/0x10
[ 86.137732][ C0] __fput+0x44f/0xa70
[ 86.141785][ C0] fput_close_sync+0x11f/0x240
[ 86.146529][ C0] ? __pfx_fput_close_sync+0x10/0x10
[ 86.151795][ C0] __x64_sys_close+0x7e/0x110
[ 86.156458][ C0] do_syscall_64+0x14d/0xf80
[ 86.161025][ C0] ? trace_irq_disable+0x3b/0x150
[ 86.166188][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.172510][ C0] ? clear_bhb_loop+0x40/0x90
[ 86.177181][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.183233][ C0] RIP: 0033:0x7fc590035a67
[ 86.187649][ C0] Code: 44 00 00 48 83 ec 10 48 63 ff 45 31 c9 45 31 c0 6a 01 31 c9 e8 ca 19 f9 ff 48 83 c4 18 c3 0f 1f 44 00 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 61 b3 0d 00 f7 d8 64 89 02 b8
[ 86.207238][ C0] RSP: 002b:00007ffebdd4eb18 EFLAGS: 00000297 ORIG_RAX: 0000000000000003
[ 86.215654][ C0] RAX: ffffffffffffffda RBX: 000055ec3ef4d7a0 RCX: 00007fc590035a67
[ 86.223643][ C0] RDX: 00007fc59010fea0 RSI: 000055ec3ef5ff10 RDI: 0000000000000008
[ 86.231648][ C0] RBP: 00007fc59010fff0 R08: 0000000000000000 R09: 0000000000000000
[ 86.239718][ C0] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000000
[ 86.247996][ C0] R13: 3d45505954564544 R14: 3d5845444e494649 R15: 3d454d414e564544
[ 86.255994][ C0]
[ 86.259023][ C0] Modules linked in:
[ 86.262946][ C0] ---[ end trace 0000000000000000 ]---
[ 86.268426][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 86.275408][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
[ 86.295546][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[ 86.301717][ C0] RAX: 0000000000000033 RBX: ffff888078f6a490 RCX: 1b17456620411a00
[ 86.309703][ C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[ 86.318042][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[ 86.326201][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f1ed492
[ 86.334278][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 86.342323][ C0] FS: 00007fc58f99b880(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
[ 86.351355][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.357958][ C0] CR2: 00007f854b6ed286 CR3: 0000000043590000 CR4: 00000000003526f0
[ 86.365951][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 86.373872][ C0] Kernel Offset: disabled
[ 86.378378][ C0] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2222270758=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=)
HEAD detached at d6526ea3e6a
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/ccd0U3DU.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null