BUG: corrupted list in dst_destroy
list_del corruption, ffff88802656ec90->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 5487 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 72 f8 06 cc 48 c7 c7 c0 b2 27 8c 48 89 de e8 d2 a5 72 fc 90 <0f> 0b 48 c7 c7 20 b3 27 8c 48 89 de e8 c0 a5 72 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88802656ec90 RCX: c02af78b61b61600
RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004cadd92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007fe2dadfa780(0000) GS:ffff888125570000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2409e8e2fe CR3: 000000007e416000 CR4: 00000000003526f0
Call Trace:
__list_del_entry_valid include/linux/list.h:132 [inline]
__list_del_entry include/linux/list.h:223 [inline]
list_del_init include/linux/list.h:295 [inline]
dst_destroy+0x202/0x5a0 net/core/dst.c:163
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
__do_softirq kernel/softirq.c:660 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__fput_deferred+0x2a3/0x380 fs/file_table.c:525
Code: d8 10 48 3b 44 24 40 75 55 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f5 07 83 ff 48 89 df e8 cd 11 00 00 bd e8 e6 07 83 ff e9 b8 fe ff ff e8 dc 07 83 ff e9 ae fe ff ff
RSP: 0018:ffffc900033e7820 EFLAGS: 00000286
RAX: c02af78b61b61600 RBX: ffff888029639dc0 RCX: 0000000000000046
RDX: 0000000000000000 RSI: ffffffff8def82b7 RDI: ffffffff8c27af80
RBP: ffffc900033e78b0 R08: ffffffff9011cab7 R09: 1ffffffff2023956
R10: dffffc0000000000 R11: fffffbfff2023957 R12: dffffc0000000000
R13: 1ffff9200067cf04 R14: ffff8880373a1e80 R15: 0000000000000000
fput_close+0x11f/0x240 fs/file_table.c:586
path_openat+0x311d/0x3860 fs/namei.c:4839
do_file_open+0x23e/0x4a0 fs/namei.c:4859
do_sys_openat2+0x113/0x200 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe2dae84407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffece1711c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fe2dadfa780 RCX: 00007fe2dae84407
RDX: 0000000000000000 RSI: 00007ffece181470 RDI: ffffffffffffff9c
RBP: 00000000000100a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffece1712f0
R13: 00007fe2dadfa708 R14: 0000000000000022 R15: 00007ffece1813e0
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 72 f8 06 cc 48 c7 c7 c0 b2 27 8c 48 89 de e8 d2 a5 72 fc 90 <0f> 0b 48 c7 c7 20 b3 27 8c 48 89 de e8 c0 a5 72 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88802656ec90 RCX: c02af78b61b61600
RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004cadd92
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007fe2dadfa780(0000) GS:ffff888125570000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2409e8e2fe CR3: 000000007e416000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: d8 10 fcoms (%rax)
2: 48 3b 44 24 40 cmp 0x40(%rsp),%rax
7: 75 55 jne 0x5e
9: 48 8d 65 d8 lea -0x28(%rbp),%rsp
d: 5b pop %rbx
e: 41 5c pop %r12
10: 41 5d pop %r13
12: 41 5e pop %r14
14: 41 5f pop %r15
16: 5d pop %rbp
17: c3 ret
18: cc int3
19: cc int3
1a: cc int3
1b: cc int3
1c: cc int3
1d: e8 f5 07 83 ff call 0xff830817
22: 48 89 df mov %rbx,%rdi
25: e8 cd 11 00 00 call 0x11f7
* 2a: eb bd jmp 0xffffffe9 <-- trapping instruction
2c: e8 e6 07 83 ff call 0xff830817
31: e9 b8 fe ff ff jmp 0xfffffeee
36: e8 dc 07 83 ff call 0xff830817
3b: e9 ae fe ff ff jmp 0xfffffeee
Warning: Permanently added '10.128.1.174' (ED25519) to the list of known hosts.
2026/02/26 22:04:35 parsed 1 programs
[ 74.235905][ T5822] cgroup: Unknown subsys name 'net'
[ 74.386638][ T5822] cgroup: Unknown subsys name 'cpuset'
[ 74.394961][ T5822] cgroup: Unknown subsys name 'rlimit'
[ 75.777648][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 78.320770][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 79.102137][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.110166][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 79.143294][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 79.154466][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.343253][ T5879] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 80.355870][ T5879] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 80.364618][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 80.373418][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 80.381635][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 81.520599][ T5906] chnl_net:caif_netlink_parms(): no params data found
[ 81.628344][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.636551][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.644051][ T5906] bridge_slave_0: entered allmulticast mode
[ 81.651523][ T5906] bridge_slave_0: entered promiscuous mode
[ 81.680572][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.687863][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.695388][ T5906] bridge_slave_1: entered allmulticast mode
[ 81.703533][ T5906] bridge_slave_1: entered promiscuous mode
[ 81.779440][ T5906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 81.795241][ T5906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 81.865515][ T5906] team0: Port device team_slave_0 added
[ 81.879259][ T5906] team0: Port device team_slave_1 added
[ 81.926310][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 81.933414][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 81.960604][ T5906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 81.976539][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 81.983574][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 82.009642][ T5906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 82.055812][ T5906] hsr_slave_0: entered promiscuous mode
[ 82.062924][ T5906] hsr_slave_1: entered promiscuous mode
[ 82.208274][ T5906] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.220667][ T5906] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.232687][ T5906] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.243831][ T5906] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.277862][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.285336][ T5906] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.293197][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.300422][ T5906] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.314160][ T1095] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.322990][ T1095] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.381617][ T5906] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.408216][ T5906] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.421731][ T1005] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.429118][ T1005] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.447493][ T1005] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.454763][ T1005] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.626473][ T5906] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 82.681010][ T5906] veth0_vlan: entered promiscuous mode
[ 82.694838][ T5906] veth1_vlan: entered promiscuous mode
[ 82.730227][ T5906] veth0_macvtap: entered promiscuous mode
[ 82.740970][ T5906] veth1_macvtap: entered promiscuous mode
[ 82.763740][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 82.779906][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 82.797335][ T1005] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.807369][ T1005] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.820074][ T1005] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 82.829890][ T1005] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2026/02/26 22:04:46 executed programs: 0
[ 82.954251][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 82.966729][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 82.976921][ T1095] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 82.988187][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 82.998327][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 83.008481][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.069459][ T1095] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.136961][ T1095] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.228127][ T1095] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.250353][ T5927] chnl_net:caif_netlink_parms(): no params data found
[ 83.338412][ T5927] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.346160][ T5927] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.353827][ T5927] bridge_slave_0: entered allmulticast mode
[ 83.361293][ T5927] bridge_slave_0: entered promiscuous mode
[ 83.371109][ T5927] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.378803][ T5927] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.386749][ T5927] bridge_slave_1: entered allmulticast mode
[ 83.394767][ T5927] bridge_slave_1: entered promiscuous mode
[ 83.437414][ T5927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.451652][ T5927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.491573][ T5927] team0: Port device team_slave_0 added
[ 83.500487][ T5927] team0: Port device team_slave_1 added
[ 83.530072][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 83.537535][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.564751][ T5927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 83.578307][ T5927] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 83.585530][ T5927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 83.611649][ T5927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 83.665833][ T5927] hsr_slave_0: entered promiscuous mode
[ 83.672718][ T5927] hsr_slave_1: entered promiscuous mode
[ 83.679235][ T5927] debugfs: 'hsr0' already exists in 'hsr'
[ 83.685314][ T5927] Cannot create hsr debugfs directory
[ 85.083370][ T51] Bluetooth: hci0: command tx timeout
[ 85.824436][ T1095] bridge_slave_1: left allmulticast mode
[ 85.830406][ T1095] bridge_slave_1: left promiscuous mode
[ 85.837919][ T1095] bridge0: port 2(bridge_slave_1) entered disabled state
[ 85.851212][ T1095] bridge_slave_0: left allmulticast mode
[ 85.859878][ T1095] bridge_slave_0: left promiscuous mode
[ 85.866534][ T1095] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.096960][ T1095] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 86.115272][ T1095] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 86.126862][ T1095] bond0 (unregistering): Released all slaves
[ 86.241441][ T1095] hsr_slave_0: left promiscuous mode
[ 86.248210][ T1095] hsr_slave_1: left promiscuous mode
[ 86.258131][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 86.271937][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 86.280576][ T1095] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 86.289244][ T1095] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 86.305038][ T1095] veth1_macvtap: left promiscuous mode
[ 86.310608][ T1095] veth0_macvtap: left promiscuous mode
[ 86.316247][ T1095] veth1_vlan: left promiscuous mode
[ 86.321636][ T1095] veth0_vlan: left promiscuous mode
[ 86.486464][ T1095] team0 (unregistering): Port device team_slave_1 removed
[ 86.499338][ T1095] team0 (unregistering): Port device team_slave_0 removed
[ 86.651925][ C1] list_del corruption, ffff88802656ec90->next is NULL
[ 86.659229][ C1] ------------[ cut here ]------------
[ 86.664677][ C1] kernel BUG at lib/list_debug.c:53!
[ 86.669976][ C1] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 86.676304][ C1] CPU: 1 UID: 0 PID: 5487 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT(full)
[ 86.685216][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 86.695262][ C1] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 86.702196][ C1] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 72 f8 06 cc 48 c7 c7 c0 b2 27 8c 48 89 de e8 d2 a5 72 fc 90 <0f> 0b 48 c7 c7 20 b3 27 8c 48 89 de e8 c0 a5 72 fc 90 0f 0b 4c 89
[ 86.722250][ C1] RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
[ 86.728412][ C1] RAX: 0000000000000033 RBX: ffff88802656ec90 RCX: c02af78b61b61600
[ 86.736465][ C1] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
[ 86.744519][ C1] RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
[ 86.752575][ C1] R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004cadd92
[ 86.760728][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 86.770877][ C1] FS: 00007fe2dadfa780(0000) GS:ffff888125570000(0000) knlGS:0000000000000000
[ 86.780185][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.786856][ C1] CR2: 00007f2409e8e2fe CR3: 000000007e416000 CR4: 00000000003526f0
[ 86.794907][ C1] Call Trace:
[ 86.798186][ C1]
[ 86.801033][ C1] dst_destroy+0x202/0x5a0
[ 86.805537][ C1] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 86.811343][ C1] ? rcu_core+0x751/0x1070
[ 86.815749][ C1] ? __pfx_dst_destroy_rcu+0x10/0x10
[ 86.821021][ C1] rcu_core+0x7cd/0x1070
[ 86.825265][ C1] ? __pfx_rcu_core+0x10/0x10
[ 86.830023][ C1] ? sched_balance_domains+0xf9/0x900
[ 86.835391][ C1] handle_softirqs+0x22a/0x870
[ 86.840159][ C1] ? __irq_exit_rcu+0x5f/0x150
[ 86.845003][ C1] __irq_exit_rcu+0x5f/0x150
[ 86.849586][ C1] irq_exit_rcu+0x9/0x30
[ 86.853821][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 86.859449][ C1]
[ 86.862369][ C1]
[ 86.865290][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 86.871262][ C1] RIP: 0010:__fput_deferred+0x2a3/0x380
[ 86.876939][ C1] Code: d8 10 48 3b 44 24 40 75 55 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f5 07 83 ff 48 89 df e8 cd 11 00 00 bd e8 e6 07 83 ff e9 b8 fe ff ff e8 dc 07 83 ff e9 ae fe ff ff
[ 86.896636][ C1] RSP: 0018:ffffc900033e7820 EFLAGS: 00000286
[ 86.902696][ C1] RAX: c02af78b61b61600 RBX: ffff888029639dc0 RCX: 0000000000000046
[ 86.910748][ C1] RDX: 0000000000000000 RSI: ffffffff8def82b7 RDI: ffffffff8c27af80
[ 86.918705][ C1] RBP: ffffc900033e78b0 R08: ffffffff9011cab7 R09: 1ffffffff2023956
[ 86.926850][ C1] R10: dffffc0000000000 R11: fffffbfff2023957 R12: dffffc0000000000
[ 86.934812][ C1] R13: 1ffff9200067cf04 R14: ffff8880373a1e80 R15: 0000000000000000
[ 86.942788][ C1] ? __pfx___fput_deferred+0x10/0x10
[ 86.948159][ C1] ? mntput_no_expire+0x1c/0x1c0
[ 86.953140][ C1] fput_close+0x11f/0x240
[ 86.957465][ C1] ? __pfx_fput_close+0x10/0x10
[ 86.962309][ C1] ? __asan_memset+0x22/0x50
[ 86.966885][ C1] ? terminate_walk+0x3d7/0x510
[ 86.971823][ C1] path_openat+0x311d/0x3860
[ 86.976424][ C1] ? __pfx_path_openat+0x10/0x10
[ 86.981521][ C1] ? __x64_sys_openat+0x138/0x170
[ 86.986627][ C1] ? __lock_acquire+0x6b5/0x2cf0
[ 86.991563][ C1] do_file_open+0x23e/0x4a0
[ 86.996072][ C1] ? __pfx_do_file_open+0x10/0x10
[ 87.001092][ C1] ? __pfx_kfree_link+0x10/0x10
[ 87.005982][ C1] ? _raw_spin_unlock+0x28/0x50
[ 87.010923][ C1] ? alloc_fd+0x64b/0x6c0
[ 87.015684][ C1] do_sys_openat2+0x113/0x200
[ 87.020368][ C1] ? __pfx_do_sys_openat2+0x10/0x10
[ 87.025562][ C1] ? ksys_read+0x1fc/0x270
[ 87.030057][ C1] ? __pfx_ksys_read+0x10/0x10
[ 87.034815][ C1] __x64_sys_openat+0x138/0x170
[ 87.039665][ C1] do_syscall_64+0x14d/0xf80
[ 87.044255][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.050307][ C1] ? clear_bhb_loop+0x40/0x90
[ 87.055062][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.060945][ C1] RIP: 0033:0x7fe2dae84407
[ 87.065382][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 87.084997][ C1] RSP: 002b:00007ffece1711c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 87.093585][ C1] RAX: ffffffffffffffda RBX: 00007fe2dadfa780 RCX: 00007fe2dae84407
[ 87.101552][ C1] RDX: 0000000000000000 RSI: 00007ffece181470 RDI: ffffffffffffff9c
[ 87.109775][ C1] RBP: 00000000000100a0 R08: 0000000000000000 R09: 0000000000000000
[ 87.117731][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffece1712f0
[ 87.125699][ C1] R13: 00007fe2dadfa708 R14: 0000000000000022 R15: 00007ffece1813e0
[ 87.133665][ C1]
[ 87.136671][ C1] Modules linked in:
[ 87.140570][ C1] ---[ end trace 0000000000000000 ]---
[ 87.146025][ C1] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 87.154364][ C1] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 72 f8 06 cc 48 c7 c7 c0 b2 27 8c 48 89 de e8 d2 a5 72 fc 90 <0f> 0b 48 c7 c7 20 b3 27 8c 48 89 de e8 c0 a5 72 fc 90 0f 0b 4c 89
[ 87.174081][ C1] RSP: 0018:ffffc90000a08d58 EFLAGS: 00010046
[ 87.180146][ C1] RAX: 0000000000000033 RBX: ffff88802656ec90 RCX: c02af78b61b61600
[ 87.188104][ C1] RDX: 0000000000000100 RSI: 0000000080000101 RDI: 0000000000000000
[ 87.196063][ C1] RBP: 0000000000000203 R08: ffffc90000a08ae7 R09: 1ffff9200014115c
[ 87.204107][ C1] R10: dffffc0000000000 R11: fffff5200014115d R12: 1ffff11004cadd92
[ 87.212078][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 87.220319][ C1] FS: 00007fe2dadfa780(0000) GS:ffff888125570000(0000) knlGS:0000000000000000
[ 87.229386][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 87.235967][ C1] CR2: 00007f2409e8e2fe CR3: 000000007e416000 CR4: 00000000003526f0
[ 87.244026][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 87.251617][ C1] Kernel Offset: disabled
[ 87.255978][ C1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3822109607=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=)
HEAD detached at 4fca165089
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=4fca1650892b7aba6ac219ce521543d411cf96ac -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241120-113358'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"4fca1650892b7aba6ac219ce521543d411cf96ac\"
/usr/bin/ld: /tmp/ccWg8RdD.o: in function `test_cover_filter()':
executor.cc:(.text+0x169db): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccWg8RdD.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking