BUG: corrupted list in dst_destroy

list_del corruption, ffff88802d361c90->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5957 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 20 fc 29 8c 48 89 de e8 42 ee 63 fc 90 <0f> 0b 48 c7 c7 80 fc 29 8c 48 89 de e8 30 ee 63 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88802d361c90 RCX: ca59894cba406800
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11005a6c392
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125002000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe4ebb8eeb8 CR3: 0000000078a92000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 dst_destroy+0x202/0x5a0 net/core/dst.c:163
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x870 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:mt_external_lock include/linux/maple_tree.h:831 [inline]
RIP: 0010:mt_locked lib/maple_tree.c:708 [inline]
RIP: 0010:mt_slot lib/maple_tree.c:715 [inline]
RIP: 0010:mas_slot lib/maple_tree.c:748 [inline]
RIP: 0010:mas_validate_parent_slot lib/maple_tree.c:6756 [inline]
RIP: 0010:mt_validate+0x723/0x41f0 lib/maple_tree.c:6946
Code: ef e8 11 dc 7c f6 48 8b 44 24 10 4c 8b 24 d8 e8 33 b7 06 00 41 89 c7 31 ff 89 c6 e8 b7 b9 12 f6 45 85 ff 74 7d 48 8b 54 24 18 <48> 89 d0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84
RSP: 0018:ffffc90003cc72c0 EFLAGS: 00000202
RAX: ffffffff8bb340d9 RBX: 0000000000000002 RCX: 0000000000000000
RDX: ffff88802847d640 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90003cc74b0 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff3611aac R12: ffff888078a7700c
R13: ffff888078a15e60 R14: 0000000000000001 R15: 0000000000000001
 validate_mm+0xd4/0x4c0 mm/vma.c:649
 mmap_region+0x1513/0x2240 mm/vma.c:2843
 do_mmap+0xc39/0x10c0 mm/mmap.c:559
 vm_mmap_pgoff+0x2c9/0x4f0 mm/util.c:581
 ksys_mmap_pgoff+0x51e/0x760 mm/mmap.c:605
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe4ebe79242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007ffd02e78f88 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fe4ebb76000 RCX: 00007fe4ebe79242
RDX: 0000000000000001 RSI: 0000000000008000 RDI: 00007fe4ebb76000
RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000024000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffd02e79010
R13: 00007fe4ebe4eab0 R14: 00007ffd02e79400 R15: 00000fffa05cf1f4
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 20 fc 29 8c 48 89 de e8 42 ee 63 fc 90 <0f> 0b 48 c7 c7 80 fc 29 8c 48 89 de e8 30 ee 63 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88802d361c90 RCX: ca59894cba406800
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11005a6c392
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125002000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe4ebb8eeb8 CR3: 0000000078a92000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	ef                   	out    %eax,(%dx)
   1:	e8 11 dc 7c f6       	call   0xf67cdc17
   6:	48 8b 44 24 10       	mov    0x10(%rsp),%rax
   b:	4c 8b 24 d8          	mov    (%rax,%rbx,8),%r12
   f:	e8 33 b7 06 00       	call   0x6b747
  14:	41 89 c7             	mov    %eax,%r15d
  17:	31 ff                	xor    %edi,%edi
  19:	89 c6                	mov    %eax,%esi
  1b:	e8 b7 b9 12 f6       	call   0xf612b9d7
  20:	45 85 ff             	test   %r15d,%r15d
  23:	74 7d                	je     0xa2
  25:	48 8b 54 24 18       	mov    0x18(%rsp),%rdx
* 2a:	48 89 d0             	mov    %rdx,%rax <-- trapping instruction
  2d:	48 c1 e8 03          	shr    $0x3,%rax
  31:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  38:	fc ff df
  3b:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
  3f:	84                   	.byte 0x84


Warning: Permanently added '10.128.1.161' (ED25519) to the list of known hosts.
2026/02/28 09:09:29 parsed 1 programs
[   73.514083][ T5821] cgroup: Unknown subsys name 'net'
[   73.619816][ T5821] cgroup: Unknown subsys name 'cpuset'
[   73.628439][ T5821] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   74.986060][ T5821] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   77.632500][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.856339][  T663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.865582][  T663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.907787][  T663] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.915664][  T663] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.037720][ T5874] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.046530][ T5874] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.054462][ T5874] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.063440][ T5874] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.074600][ T5874] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   80.223672][ T5895] chnl_net:caif_netlink_parms(): no params data found
[   80.313471][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.321307][ T5895] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.328612][ T5895] bridge_slave_0: entered allmulticast mode
[   80.335900][ T5895] bridge_slave_0: entered promiscuous mode
[   80.345496][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.352897][ T5895] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.360334][ T5895] bridge_slave_1: entered allmulticast mode
[   80.368509][ T5895] bridge_slave_1: entered promiscuous mode
[   80.404730][ T5895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.418840][ T5895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.450328][ T5895] team0: Port device team_slave_0 added
[   80.459806][ T5895] team0: Port device team_slave_1 added
[   80.484549][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.491548][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   80.517494][ T5895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.530707][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.537939][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   80.563841][ T5895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.605992][ T5895] hsr_slave_0: entered promiscuous mode
[   80.612792][ T5895] hsr_slave_1: entered promiscuous mode
[   80.762092][ T5895] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.774434][ T5895] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.784763][ T5895] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.796663][ T5895] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.832560][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.839814][ T5895] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.848215][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.855435][ T5895] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.915305][ T5895] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.935057][ T3496] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.944304][ T3496] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.961167][ T5895] 8021q: adding VLAN 0 to HW filter on device team0
[   80.974230][ T3496] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.981433][ T3496] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.995385][  T663] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.002563][  T663] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.164476][ T5895] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.223383][ T5895] veth0_vlan: entered promiscuous mode
[   81.235481][ T5895] veth1_vlan: entered promiscuous mode
[   81.268347][ T5895] veth0_macvtap: entered promiscuous mode
[   81.281350][ T5895] veth1_macvtap: entered promiscuous mode
[   81.302619][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.322822][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.339589][  T663] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.349169][  T663] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.359641][  T663] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.373080][  T663] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.508427][ T3496] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.603013][ T3496] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.682805][ T3496] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.765985][ T3496] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/28 09:09:40 executed programs: 0
[   82.486918][ T5141] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.494674][ T5141] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.503091][ T5141] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.515070][ T5141] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.522817][ T5141] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   82.659275][ T5933] chnl_net:caif_netlink_parms(): no params data found
[   82.728644][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.735853][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.743143][ T5933] bridge_slave_0: entered allmulticast mode
[   82.751125][ T5933] bridge_slave_0: entered promiscuous mode
[   82.760110][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.767646][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.774918][ T5933] bridge_slave_1: entered allmulticast mode
[   82.782462][ T5933] bridge_slave_1: entered promiscuous mode
[   82.817539][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.830611][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.867593][ T5933] team0: Port device team_slave_0 added
[   82.875857][ T5933] team0: Port device team_slave_1 added
[   82.902510][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.909630][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.936048][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.949980][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.956972][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   82.983150][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.029877][ T5933] hsr_slave_0: entered promiscuous mode
[   83.036550][ T5933] hsr_slave_1: entered promiscuous mode
[   83.043008][ T5933] debugfs: 'hsr0' already exists in 'hsr'
[   83.048887][ T5933] Cannot create hsr debugfs directory
[   84.268188][ T3496] bridge_slave_1: left allmulticast mode
[   84.274161][ T3496] bridge_slave_1: left promiscuous mode
[   84.280573][ T3496] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.291820][ T3496] bridge_slave_0: left allmulticast mode
[   84.298737][ T3496] bridge_slave_0: left promiscuous mode
[   84.304439][ T3496] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.433372][ T3496] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.444279][ T3496] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.454121][ T3496] bond0 (unregistering): Released all slaves
[   84.580717][ T3496] hsr_slave_0: left promiscuous mode
[   84.587196][ T5874] Bluetooth: hci0: command tx timeout
[   84.593462][ T3496] hsr_slave_1: left promiscuous mode
[   84.600560][ T3496] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.608190][ T3496] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.616844][ T3496] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.624250][ T3496] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.642126][ T3496] veth1_macvtap: left promiscuous mode
[   84.648348][ T3496] veth0_macvtap: left promiscuous mode
[   84.653963][ T3496] veth1_vlan: left promiscuous mode
[   84.659337][ T3496] veth0_vlan: left promiscuous mode
[   84.938889][ T3496] team0 (unregistering): Port device team_slave_1 removed
[   84.952309][ T3496] team0 (unregistering): Port device team_slave_0 removed
[   85.126277][    C0] list_del corruption, ffff88802d361c90->next is NULL
[   85.134134][    C0] ------------[ cut here ]------------
[   85.139614][    C0] kernel BUG at lib/list_debug.c:53!
[   85.144910][    C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[   85.151145][    C0] CPU: 0 UID: 0 PID: 5957 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) 
[   85.160848][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   85.170893][    C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[   85.177897][    C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 20 fc 29 8c 48 89 de e8 42 ee 63 fc 90 <0f> 0b 48 c7 c7 80 fc 29 8c 48 89 de e8 30 ee 63 fc 90 0f 0b 4c 89
[   85.197512][    C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[   85.203575][    C0] RAX: 0000000000000033 RBX: ffff88802d361c90 RCX: ca59894cba406800
[   85.211530][    C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[   85.219516][    C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[   85.227511][    C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11005a6c392
[   85.235510][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.243474][    C0] FS:  0000000000000000(0000) GS:ffff888125002000(0000) knlGS:0000000000000000
[   85.252396][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.258971][    C0] CR2: 00007fe4ebb8eeb8 CR3: 0000000078a92000 CR4: 00000000003526f0
[   85.266946][    C0] Call Trace:
[   85.270246][    C0]  <IRQ>
[   85.273075][    C0]  dst_destroy+0x202/0x5a0
[   85.277485][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   85.283286][    C0]  ? rcu_core+0x751/0x1070
[   85.287693][    C0]  ? __pfx_dst_destroy_rcu+0x10/0x10
[   85.292975][    C0]  rcu_core+0x7cd/0x1070
[   85.297214][    C0]  ? __pfx_rcu_core+0x10/0x10
[   85.301876][    C0]  ? kvm_sched_clock_read+0x11/0x20
[   85.307062][    C0]  ? sched_clock_cpu+0x74/0x440
[   85.311902][    C0]  handle_softirqs+0x22a/0x870
[   85.316657][    C0]  ? __irq_exit_rcu+0x5f/0x150
[   85.321414][    C0]  __irq_exit_rcu+0x5f/0x150
[   85.325995][    C0]  irq_exit_rcu+0x9/0x30
[   85.330227][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   85.336023][    C0]  </IRQ>
[   85.339109][    C0]  <TASK>
[   85.342020][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   85.348074][    C0] RIP: 0010:mt_validate+0x723/0x41f0
[   85.353359][    C0] Code: ef e8 11 dc 7c f6 48 8b 44 24 10 4c 8b 24 d8 e8 33 b7 06 00 41 89 c7 31 ff 89 c6 e8 b7 b9 12 f6 45 85 ff 74 7d 48 8b 54 24 18 <48> 89 d0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84
[   85.372946][    C0] RSP: 0018:ffffc90003cc72c0 EFLAGS: 00000202
[   85.379011][    C0] RAX: ffffffff8bb340d9 RBX: 0000000000000002 RCX: 0000000000000000
[   85.386981][    C0] RDX: ffff88802847d640 RSI: 0000000000000001 RDI: 0000000000000000
[   85.394954][    C0] RBP: ffffc90003cc74b0 R08: 0000000000000003 R09: 0000000000000004
[   85.402926][    C0] R10: dffffc0000000000 R11: fffffbfff3611aac R12: ffff888078a7700c
[   85.410918][    C0] R13: ffff888078a15e60 R14: 0000000000000001 R15: 0000000000000001
[   85.418884][    C0]  ? mt_validate+0x719/0x41f0
[   85.423564][    C0]  ? __pfx_mt_validate+0x10/0x10
[   85.428499][    C0]  ? mas_find+0xb40/0xd30
[   85.432818][    C0]  ? uprobe_mmap+0x1ab/0x12b0
[   85.437481][    C0]  validate_mm+0xd4/0x4c0
[   85.441805][    C0]  ? __pfx_vms_complete_munmap_vmas+0x10/0x10
[   85.447862][    C0]  ? __pfx_validate_mm+0x10/0x10
[   85.452790][    C0]  ? vma_wants_writenotify+0xb3/0x2a0
[   85.458158][    C0]  ? vma_set_page_prot+0xc3/0x100
[   85.463172][    C0]  mmap_region+0x1513/0x2240
[   85.467771][    C0]  ? __pfx_mmap_region+0x10/0x10
[   85.472698][    C0]  ? __mutex_trylock_common+0x158/0x260
[   85.478246][    C0]  ? __pfx___mutex_trylock_common+0x10/0x10
[   85.484193][    C0]  ? bpf_lsm_mmap_addr+0x9/0x50
[   85.489038][    C0]  ? security_mmap_addr+0x71/0x240
[   85.494164][    C0]  ? shmem_mapping+0xd/0x50
[   85.498684][    C0]  ? memfd_check_seals_mmap+0xc5/0x200
[   85.504496][    C0]  do_mmap+0xc39/0x10c0
[   85.508655][    C0]  ? __pfx_do_mmap+0x10/0x10
[   85.513244][    C0]  ? down_write_killable+0x180/0x240
[   85.518523][    C0]  ? __pfx_down_write_killable+0x10/0x10
[   85.524146][    C0]  ? apparmor_mmap_file+0x2da/0x3e0
[   85.529348][    C0]  vm_mmap_pgoff+0x2c9/0x4f0
[   85.533964][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   85.539162][    C0]  ? __fget_files+0x2a/0x420
[   85.543765][    C0]  ? __fget_files+0x3a0/0x420
[   85.548434][    C0]  ? __fget_files+0x2a/0x420
[   85.553015][    C0]  ksys_mmap_pgoff+0x51e/0x760
[   85.557774][    C0]  do_syscall_64+0x14d/0xf80
[   85.562355][    C0]  ? trace_irq_disable+0x3b/0x150
[   85.567376][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.573427][    C0]  ? clear_bhb_loop+0x40/0x90
[   85.578093][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.583970][    C0] RIP: 0033:0x7fe4ebe79242
[   85.588381][    C0] Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
[   85.608063][    C0] RSP: 002b:00007ffd02e78f88 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[   85.616552][    C0] RAX: ffffffffffffffda RBX: 00007fe4ebb76000 RCX: 00007fe4ebe79242
[   85.625393][    C0] RDX: 0000000000000001 RSI: 0000000000008000 RDI: 00007fe4ebb76000
[   85.633374][    C0] RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000024000
[   85.641333][    C0] R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffd02e79010
[   85.649381][    C0] R13: 00007fe4ebe4eab0 R14: 00007ffd02e79400 R15: 00000fffa05cf1f4
[   85.657374][    C0]  </TASK>
[   85.660380][    C0] Modules linked in:
[   85.664267][    C0] ---[ end trace 0000000000000000 ]---
[   85.669706][    C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[   85.676632][    C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 20 fc 29 8c 48 89 de e8 42 ee 63 fc 90 <0f> 0b 48 c7 c7 80 fc 29 8c 48 89 de e8 30 ee 63 fc 90 0f 0b 4c 89
[   85.696330][    C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[   85.702408][    C0] RAX: 0000000000000033 RBX: ffff88802d361c90 RCX: ca59894cba406800
[   85.710376][    C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[   85.718427][    C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[   85.726440][    C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff11005a6c392
[   85.734403][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[   85.742367][    C0] FS:  0000000000000000(0000) GS:ffff888125002000(0000) knlGS:0000000000000000
[   85.751292][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.757877][    C0] CR2: 00007fe4ebb8eeb8 CR3: 0000000078a92000 CR4: 00000000003526f0
[   85.765942][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   85.773506][    C0] Kernel Offset: disabled
[   85.777863][    C0] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build735362943=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 6a673c5037d
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6a673c5037dce5b85634cac4fabcc3fa5d33bb43 -X github.com/google/syzkaller/prog.gitRevisionDate=20260212-180912"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6a673c5037dce5b85634cac4fabcc3fa5d33bb43 -X github.com/google/syzkaller/prog.gitRevisionDate=20260212-180912"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=6a673c5037dce5b85634cac4fabcc3fa5d33bb43 -X github.com/google/syzkaller/prog.gitRevisionDate=20260212-180912"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"6a673c5037dce5b85634cac4fabcc3fa5d33bb43\"
/usr/bin/ld: /tmp/ccY9hjRO.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null