BUG: corrupted list in dst_destroy list_del corruption, ffff888075928890->next is NULL ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:53! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 5489 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52 Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89 RSP: 0018:ffffc90000007d58 EFLAGS: 00010046 RAX: 0000000000000033 RBX: ffff888075928890 RCX: 6b384fea4e67dd00 RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000 RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100eb25112 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f1aae576780(0000) GS:ffff888125459000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055ab1dbf2000 CR3: 0000000033bae000 CR4: 00000000003526f0 Call Trace: __list_del_entry_valid include/linux/list.h:132 [inline] __list_del_entry include/linux/list.h:223 [inline] list_del_init include/linux/list.h:295 [inline] dst_destroy+0x202/0x5a0 net/core/dst.c:163 rcu_do_batch kernel/rcu/tree.c:2617 [inline] rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 __do_softirq kernel/softirq.c:660 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:lock_is_held_type+0x106/0x150 kernel/locking/lockdep.c:5945 Code: 18 00 00 b8 ff ff ff ff 65 0f c1 05 04 30 6e 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 8b df 02 00 cc 90 0f 0b 90 48 c7 RSP: 0018:ffffc90002ec74a0 EFLAGS: 00000206 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000046 RDX: 0000000000000000 RSI: ffffffff8e16b4c2 RDI: ffffffff8c27cf80 RBP: 00000000ffffffff R08: ffffffff82214d7c R09: ffffffff8e8996e0 R10: ffffc90002ec76a0 R11: fffff520005d8ede R12: 0000000000000246 R13: ffff888033975b80 R14: ffffffff8e7603e0 R15: 0000000000000001 lock_is_held include/linux/lockdep.h:249 [inline] __might_resched+0x86/0x4d0 kernel/sched/core.c:8847 might_alloc include/linux/sched/mm.h:323 [inline] slab_pre_alloc_hook mm/slub.c:4453 [inline] slab_alloc_node mm/slub.c:4808 [inline] __do_kmalloc_node mm/slub.c:5224 [inline] __kmalloc_noprof+0xd9/0x760 mm/slub.c:5237 kmalloc_noprof include/linux/slab.h:966 [inline] tomoyo_realpath_from_path+0xe3/0x5d0 security/tomoyo/realpath.c:251 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_check_open_permission+0x229/0x470 security/tomoyo/file.c:776 security_file_open+0xa9/0x240 security/security.c:2636 do_dentry_open+0x384/0x14e0 fs/open.c:926 vfs_open+0x3b/0x340 fs/open.c:1081 do_open fs/namei.c:4671 [inline] path_openat+0x2e08/0x3860 fs/namei.c:4830 do_file_open+0x23e/0x4a0 fs/namei.c:4859 do_sys_openat2+0x113/0x200 fs/open.c:1366 do_sys_open fs/open.c:1372 [inline] __do_sys_openat fs/open.c:1388 [inline] __se_sys_openat fs/open.c:1383 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1383 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1aae600407 Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff RSP: 002b:00007fff6f1a8a60 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f1aae576780 RCX: 00007f1aae600407 RDX: 0000000000000000 RSI: 00007fff6f1b8d10 RDI: ffffffffffffff9c RBP: 00000000000100a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff6f1a8b90 R13: 00007f1aae576708 R14: 0000000000000031 R15: 00007fff6f1b8c80 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52 Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89 RSP: 0018:ffffc90000007d58 EFLAGS: 00010046 RAX: 0000000000000033 RBX: ffff888075928890 RCX: 6b384fea4e67dd00 RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000 RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100eb25112 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f1aae576780(0000) GS:ffff888125459000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055ab1dbf2000 CR3: 0000000033bae000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 18 00 sbb %al,(%rax) 2: 00 b8 ff ff ff ff add %bh,-0x1(%rax) 8: 65 0f c1 05 04 30 6e xadd %eax,%gs:0x76e3004(%rip) # 0x76e3014 f: 07 10: 83 f8 01 cmp $0x1,%eax 13: 75 25 jne 0x3a 15: 9c pushf 16: 58 pop %rax 17: a9 00 02 00 00 test $0x200,%eax 1c: 75 39 jne 0x57 1e: 41 f7 c4 00 02 00 00 test $0x200,%r12d 25: 74 01 je 0x28 27: fb sti 28: 89 d8 mov %ebx,%eax * 2a: 5b pop %rbx <-- trapping instruction 2b: 41 5c pop %r12 2d: 41 5d pop %r13 2f: 41 5e pop %r14 31: 41 5f pop %r15 33: 5d pop %rbp 34: e9 8b df 02 00 jmp 0x2dfc4 39: cc int3 3a: 90 nop 3b: 0f 0b ud2 3d: 90 nop 3e: 48 rex.W 3f: c7 .byte 0xc7 Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. 2026/02/24 22:06:26 parsed 1 programs [ 90.667726][ T5827] cgroup: Unknown subsys name 'net' [ 90.785327][ T5827] cgroup: Unknown subsys name 'cpuset' [ 90.795233][ T5827] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.152595][ T9] cfg80211: failed to load regulatory.db [ 92.543305][ T5827] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.499673][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.746853][ T1011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.760655][ T1011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.799939][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.809667][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.573846][ T5878] chnl_net:caif_netlink_parms(): no params data found [ 97.714990][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.726605][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.737329][ T5878] bridge_slave_0: entered allmulticast mode [ 97.748454][ T5878] bridge_slave_0: entered promiscuous mode [ 97.758870][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.766834][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.774738][ T5878] bridge_slave_1: entered allmulticast mode [ 97.783361][ T5878] bridge_slave_1: entered promiscuous mode [ 97.826706][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.840427][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.882172][ T5878] team0: Port device team_slave_0 added [ 97.892994][ T5878] team0: Port device team_slave_1 added [ 97.932895][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.940183][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.966892][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.981434][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.988627][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.015074][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.068801][ T5878] hsr_slave_0: entered promiscuous mode [ 98.076094][ T5878] hsr_slave_1: entered promiscuous mode [ 98.272427][ T5878] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.286015][ T5878] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.298390][ T5878] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.310876][ T5878] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.354722][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.362245][ T5878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.370174][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.377596][ T5878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.457144][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.477559][ T1011] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.486764][ T1011] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.506854][ T5878] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.524216][ T106] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.531610][ T106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.549313][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.556621][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.785612][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.852297][ T5878] veth0_vlan: entered promiscuous mode [ 98.868978][ T5878] veth1_vlan: entered promiscuous mode [ 98.912859][ T5878] veth0_macvtap: entered promiscuous mode [ 98.926813][ T5878] veth1_macvtap: entered promiscuous mode [ 98.956473][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.975417][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.994127][ T106] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.005120][ T106] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.015767][ T106] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.037301][ T106] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.176551][ T106] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.247151][ T106] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.353350][ T106] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.427807][ T106] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.699666][ T5907] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 99.708859][ T5907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 99.717108][ T5907] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 99.725797][ T5907] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.734163][ T5907] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2026/02/24 22:06:40 executed programs: 0 [ 101.194266][ T5907] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.204107][ T5907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.214260][ T5907] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.222918][ T5907] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.231094][ T5907] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 101.398821][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 101.495596][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.503053][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.510652][ T5937] bridge_slave_0: entered allmulticast mode [ 101.518791][ T5937] bridge_slave_0: entered promiscuous mode [ 101.527597][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.535173][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.542606][ T5937] bridge_slave_1: entered allmulticast mode [ 101.550423][ T5937] bridge_slave_1: entered promiscuous mode [ 101.589524][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.603892][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.643166][ T5937] team0: Port device team_slave_0 added [ 101.653055][ T5937] team0: Port device team_slave_1 added [ 101.695482][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.703311][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.729508][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.769701][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.781401][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.811410][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.864706][ T106] bridge_slave_1: left allmulticast mode [ 101.870508][ T106] bridge_slave_1: left promiscuous mode [ 101.877516][ T106] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.888840][ T106] bridge_slave_0: left allmulticast mode [ 101.895634][ T106] bridge_slave_0: left promiscuous mode [ 101.901597][ T106] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.086229][ T106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.097775][ T106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 102.108095][ T106] bond0 (unregistering): Released all slaves [ 102.165103][ T5937] hsr_slave_0: entered promiscuous mode [ 102.173560][ T5937] hsr_slave_1: entered promiscuous mode [ 102.182110][ T5937] debugfs: 'hsr0' already exists in 'hsr' [ 102.188498][ T5937] Cannot create hsr debugfs directory [ 102.229286][ T106] hsr_slave_0: left promiscuous mode [ 102.235845][ T106] hsr_slave_1: left promiscuous mode [ 102.242671][ T106] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 102.250302][ T106] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.259286][ T106] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.266978][ T106] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 102.282046][ T106] veth1_macvtap: left promiscuous mode [ 102.288079][ T106] veth0_macvtap: left promiscuous mode [ 102.294143][ T106] veth1_vlan: left promiscuous mode [ 102.299767][ T106] veth0_vlan: left promiscuous mode [ 102.501675][ T106] team0 (unregistering): Port device team_slave_1 removed [ 102.517052][ T106] team0 (unregistering): Port device team_slave_0 removed [ 102.730972][ C0] list_del corruption, ffff888075928890->next is NULL [ 102.738759][ C0] ------------[ cut here ]------------ [ 102.744273][ C0] kernel BUG at lib/list_debug.c:53! [ 102.749908][ C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 102.756310][ C0] CPU: 0 UID: 0 PID: 5489 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full) [ 102.765483][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 102.775593][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 [ 102.782672][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89 [ 102.802933][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046 [ 102.809056][ C0] RAX: 0000000000000033 RBX: ffff888075928890 RCX: 6b384fea4e67dd00 [ 102.817062][ C0] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000 [ 102.825080][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c [ 102.833095][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100eb25112 [ 102.841110][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 102.849207][ C0] FS: 00007f1aae576780(0000) GS:ffff888125459000(0000) knlGS:0000000000000000 [ 102.858276][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.864902][ C0] CR2: 000055ab1dbf2000 CR3: 0000000033bae000 CR4: 00000000003526f0 [ 102.872922][ C0] Call Trace: [ 102.876241][ C0] [ 102.879218][ C0] dst_destroy+0x202/0x5a0 [ 102.883693][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 102.889544][ C0] ? rcu_core+0x751/0x1070 [ 102.894011][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 102.899387][ C0] rcu_core+0x7cd/0x1070 [ 102.903953][ C0] ? __pfx_rcu_core+0x10/0x10 [ 102.908773][ C0] ? sched_balance_domains+0x13a/0x950 [ 102.914374][ C0] handle_softirqs+0x22a/0x870 [ 102.919218][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 102.924330][ C0] __irq_exit_rcu+0x5f/0x150 [ 102.928975][ C0] irq_exit_rcu+0x9/0x30 [ 102.933292][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 102.939269][ C0] [ 102.942253][ C0] [ 102.945222][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 102.951347][ C0] RIP: 0010:lock_is_held_type+0x106/0x150 [ 102.957334][ C0] Code: 18 00 00 b8 ff ff ff ff 65 0f c1 05 04 30 6e 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 8b df 02 00 cc 90 0f 0b 90 48 c7 [ 102.977333][ C0] RSP: 0018:ffffc90002ec74a0 EFLAGS: 00000206 [ 102.983429][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000046 [ 102.991578][ C0] RDX: 0000000000000000 RSI: ffffffff8e16b4c2 RDI: ffffffff8c27cf80 [ 102.999642][ C0] RBP: 00000000ffffffff R08: ffffffff82214d7c R09: ffffffff8e8996e0 [ 103.007812][ C0] R10: ffffc90002ec76a0 R11: fffff520005d8ede R12: 0000000000000246 [ 103.015794][ C0] R13: ffff888033975b80 R14: ffffffff8e7603e0 R15: 0000000000000001 [ 103.023879][ C0] ? fs_reclaim_acquire+0x7c/0x100 [ 103.029048][ C0] __might_resched+0x86/0x4d0 [ 103.033755][ C0] __kmalloc_noprof+0xd9/0x760 [ 103.038551][ C0] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 103.044293][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 103.049339][ C0] tomoyo_realpath_from_path+0xe3/0x5d0 [ 103.054902][ C0] tomoyo_check_open_permission+0x229/0x470 [ 103.060990][ C0] ? tomoyo_check_open_permission+0x1d3/0x470 [ 103.067151][ C0] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 103.073771][ C0] security_file_open+0xa9/0x240 [ 103.078802][ C0] do_dentry_open+0x384/0x14e0 [ 103.083588][ C0] ? vfs_open+0x31/0x340 [ 103.087849][ C0] vfs_open+0x3b/0x340 [ 103.091942][ C0] ? path_openat+0x2df0/0x3860 [ 103.096708][ C0] path_openat+0x2e08/0x3860 [ 103.101318][ C0] ? __pfx_path_openat+0x10/0x10 [ 103.106258][ C0] ? __x64_sys_openat+0x138/0x170 [ 103.111295][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 103.116420][ C0] do_file_open+0x23e/0x4a0 [ 103.121012][ C0] ? __pfx_do_file_open+0x10/0x10 [ 103.126218][ C0] ? _raw_spin_unlock+0x28/0x50 [ 103.131083][ C0] ? alloc_fd+0x64b/0x6c0 [ 103.135431][ C0] do_sys_openat2+0x113/0x200 [ 103.140205][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 103.145434][ C0] ? ksys_read+0x1fc/0x270 [ 103.150027][ C0] ? __pfx_ksys_read+0x10/0x10 [ 103.154876][ C0] __x64_sys_openat+0x138/0x170 [ 103.159747][ C0] do_syscall_64+0x14d/0xf80 [ 103.164348][ C0] ? trace_irq_disable+0x3b/0x150 [ 103.169502][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.175746][ C0] ? clear_bhb_loop+0x40/0x90 [ 103.180443][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.186447][ C0] RIP: 0033:0x7f1aae600407 [ 103.190898][ C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 103.210510][ C0] RSP: 002b:00007fff6f1a8a60 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 103.219062][ C0] RAX: ffffffffffffffda RBX: 00007f1aae576780 RCX: 00007f1aae600407 [ 103.227040][ C0] RDX: 0000000000000000 RSI: 00007fff6f1b8d10 RDI: ffffffffffffff9c [ 103.235377][ C0] RBP: 00000000000100a0 R08: 0000000000000000 R09: 0000000000000000 [ 103.243524][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff6f1a8b90 [ 103.251591][ C0] R13: 00007f1aae576708 R14: 0000000000000031 R15: 00007fff6f1b8c80 [ 103.259580][ C0] [ 103.262614][ C0] Modules linked in: [ 103.266541][ C0] ---[ end trace 0000000000000000 ]--- [ 103.272083][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 [ 103.279161][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89 [ 103.299292][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046 [ 103.305399][ C0] RAX: 0000000000000033 RBX: ffff888075928890 RCX: 6b384fea4e67dd00 [ 103.313398][ C0] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000 [ 103.321492][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c [ 103.329500][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100eb25112 [ 103.337474][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.345534][ C0] FS: 00007f1aae576780(0000) GS:ffff888125459000(0000) knlGS:0000000000000000 [ 103.354644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.361245][ C0] CR2: 000055ab1dbf2000 CR3: 0000000033bae000 CR4: 00000000003526f0 [ 103.369229][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 104.492756][ C0] Shutting down cpus with NMI [ 104.498045][ C0] Kernel Offset: disabled [ 104.502727][ C0] Rebooting in 86400 seconds.. syzkaller build log: go env (err=) AR='ar' CC='gcc' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_ENABLED='1' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' CXX='g++' GCCGO='gccgo' GO111MODULE='auto' GOAMD64='v1' GOARCH='amd64' GOAUTH='netrc' GOBIN='' GOCACHE='/syzkaller/.cache/go-build' GOCACHEPROG='' GODEBUG='' GOENV='/syzkaller/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFIPS140='off' GOFLAGS='' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2061382708=/tmp/go-build -gno-record-gcc-switches' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod' GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/syzkaller/jobs/linux/gopath' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTELEMETRY='local' GOTELEMETRYDIR='/syzkaller/.config/go/telemetry' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.24.4' GOWORK='' PKG_CONFIG='pkg-config' git status (err=) HEAD detached at f03c419189e nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=f03c419189ef8ed823e306a342ee4d330fb2c394 -X github.com/google/syzkaller/prog.gitRevisionDate=20260205-153455" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=f03c419189ef8ed823e306a342ee4d330fb2c394 -X github.com/google/syzkaller/prog.gitRevisionDate=20260205-153455" ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env bin/syz-sysgen touch .descriptions GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=f03c419189ef8ed823e306a342ee4d330fb2c394 -X github.com/google/syzkaller/prog.gitRevisionDate=20260205-153455" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog mkdir -p ./bin/linux_amd64 g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \ -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \ -DHOSTGOOS_linux=1 -DGIT_REVISION=\"f03c419189ef8ed823e306a342ee4d330fb2c394\" /usr/bin/ld: /tmp/ccPwQtIl.o: in function `Connection::Connect(char const*, char const*)': executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking ./tools/check-syzos.sh 2>/dev/null