BUG: corrupted list in dst_destroy
list_del corruption, ffff88807c18cc90->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5936 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88807c18cc90 RCX: 40c37dfd39d2fb00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f831992
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000555586210500(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055852ae3f138 CR3: 000000007d676000 CR4: 00000000003526f0
Call Trace:
__list_del_entry_valid include/linux/list.h:132 [inline]
__list_del_entry include/linux/list.h:223 [inline]
list_del_init include/linux/list.h:295 [inline]
dst_destroy+0x202/0x5a0 net/core/dst.c:163
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
__do_softirq kernel/softirq.c:660 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x36/0x70 kernel/kcov.c:217
Code: 88 d1 56 11 65 8b 15 a9 d1 56 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 94 16 00 00 00 74 2c 8b 91 70 16 00 00 <83> fa 02 75 21 48 8b 91 78 16 00 00 48 8b 32 48 8d 7e 01 8b 89 74
RSP: 0018:ffffc900031c6ff8 EFLAGS: 00000246
RAX: ffffffff8133ac7e RBX: 00007fbd2c15b78e RCX: ffff8880329d0000
RDX: 0000000000000000 RSI: ffffffff8e16b4c2 RDI: 00007fbd2c15b78e
RBP: 0000000000000001 R08: 0000000000000022 R09: ffffffff8e760320
R10: ffffc900031c70b8 R11: ffffffff81b0c090 R12: ffff8880329d0000
R13: 00000000ffffffff R14: dffffc0000000000 R15: 1ffff92000638e16
in_gate_area_no_mm+0xe/0x60 arch/x86/entry/vsyscall/vsyscall_64.c:330
is_kernel_text include/linux/kallsyms.h:31 [inline]
core_kernel_text kernel/extable.c:68 [inline]
kernel_text_address+0x2d/0xe0 kernel/extable.c:99
__kernel_text_address+0xd/0x30 kernel/extable.c:79
unwind_get_return_address+0x4d/0x90 arch/x86/kernel/unwind_orc.c:385
arch_stack_walk+0xfb/0x150 arch/x86/kernel/stacktrace.c:26
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:57 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:415
kasan_kmalloc include/linux/kasan.h:263 [inline]
__do_kmalloc_node mm/slub.c:5225 [inline]
__kmalloc_node_track_caller_noprof+0x4db/0x7b0 mm/slub.c:5333
__kmemdup_nul mm/util.c:64 [inline]
kstrdup+0x42/0x100 mm/util.c:84
debugfs_create_symlink+0x29/0x1c0 fs/debugfs/inode.c:668
nsim_dev_port_debugfs_init drivers/net/netdevsim/dev.c:437 [inline]
__nsim_dev_port_add+0x6fd/0xb50 drivers/net/netdevsim/dev.c:1489
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1549
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1710
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbd2c15b78e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007fff20585b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000555586210500 RCX: 00007fbd2c15b78e
RDX: 0000000000000003 RSI: 00007fff20585bc0 RDI: 0000000000000005
RBP: 00007fbd2c208aac R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 00007fff20585bc0 R14: 00007fbd2cf44620 R15: 0000000000000003
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88807c18cc90 RCX: 40c37dfd39d2fb00
RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f831992
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000555586210500(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055852ae3f138 CR3: 000000007d676000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: 88 d1 mov %dl,%cl
2: 56 push %rsi
3: 11 65 8b adc %esp,-0x75(%rbp)
6: 15 a9 d1 56 11 adc $0x1156d1a9,%eax
b: 81 e2 00 01 ff 00 and $0xff0100,%edx
11: 74 11 je 0x24
13: 81 fa 00 01 00 00 cmp $0x100,%edx
19: 75 35 jne 0x50
1b: 83 b9 94 16 00 00 00 cmpl $0x0,0x1694(%rcx)
22: 74 2c je 0x50
24: 8b 91 70 16 00 00 mov 0x1670(%rcx),%edx
* 2a: 83 fa 02 cmp $0x2,%edx <-- trapping instruction
2d: 75 21 jne 0x50
2f: 48 8b 91 78 16 00 00 mov 0x1678(%rcx),%rdx
36: 48 8b 32 mov (%rdx),%rsi
39: 48 8d 7e 01 lea 0x1(%rsi),%rdi
3d: 8b .byte 0x8b
3e: 89 .byte 0x89
3f: 74 .byte 0x74
Warning: Permanently added '10.128.1.230' (ED25519) to the list of known hosts.
2026/02/24 21:52:31 parsed 1 programs
[ 74.897964][ T5823] cgroup: Unknown subsys name 'net'
[ 75.009488][ T5823] cgroup: Unknown subsys name 'cpuset'
[ 75.018112][ T5823] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 76.407714][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 79.047522][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 81.162198][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 81.176251][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 81.187911][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 81.196034][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 81.205789][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 81.564294][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.585117][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.619321][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.627386][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.162115][ T5905] chnl_net:caif_netlink_parms(): no params data found
[ 82.254488][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.262813][ T5905] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.270224][ T5905] bridge_slave_0: entered allmulticast mode
[ 82.277813][ T5905] bridge_slave_0: entered promiscuous mode
[ 82.287140][ T5905] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.294930][ T5905] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.302365][ T5905] bridge_slave_1: entered allmulticast mode
[ 82.310370][ T5905] bridge_slave_1: entered promiscuous mode
[ 82.366533][ T5905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 82.378913][ T5905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 82.416395][ T5905] team0: Port device team_slave_0 added
[ 82.428325][ T5905] team0: Port device team_slave_1 added
[ 82.454773][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 82.461829][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 82.488806][ T5905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 82.505685][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 82.513159][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 82.540077][ T5905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 82.582187][ T5905] hsr_slave_0: entered promiscuous mode
[ 82.589655][ T5905] hsr_slave_1: entered promiscuous mode
[ 82.757136][ T5905] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.769968][ T5905] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.780442][ T5905] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.790590][ T5905] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.879289][ T5905] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.903303][ T5905] 8021q: adding VLAN 0 to HW filter on device team0
[ 82.917525][ T79] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.925205][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.942317][ T79] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.949493][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.116572][ T5905] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.175302][ T5905] veth0_vlan: entered promiscuous mode
[ 83.189106][ T5905] veth1_vlan: entered promiscuous mode
[ 83.226396][ T5905] veth0_macvtap: entered promiscuous mode
[ 83.238294][ T5905] veth1_macvtap: entered promiscuous mode
[ 83.263634][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.279402][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.298036][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.307886][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.320106][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.329818][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.469279][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.548486][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.613772][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 83.672088][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/02/24 21:52:42 executed programs: 0
[ 84.041119][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 84.051500][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 84.059549][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 84.068674][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 84.077523][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 84.228490][ T5936] chnl_net:caif_netlink_parms(): no params data found
[ 84.311965][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.319395][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.330213][ T5936] bridge_slave_0: entered allmulticast mode
[ 84.337838][ T5936] bridge_slave_0: entered promiscuous mode
[ 84.346638][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.354457][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.362161][ T5936] bridge_slave_1: entered allmulticast mode
[ 84.370057][ T5936] bridge_slave_1: entered promiscuous mode
[ 84.404950][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.420101][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.456441][ T5936] team0: Port device team_slave_0 added
[ 84.466789][ T5936] team0: Port device team_slave_1 added
[ 84.506038][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.513037][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 84.540291][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.555021][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.562053][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 84.588477][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.640990][ T5936] hsr_slave_0: entered promiscuous mode
[ 84.648304][ T5936] hsr_slave_1: entered promiscuous mode
[ 84.655436][ T5936] debugfs: 'hsr0' already exists in 'hsr'
[ 84.661319][ T5936] Cannot create hsr debugfs directory
[ 86.163584][ T5142] Bluetooth: hci0: command tx timeout
[ 86.570647][ T13] bridge_slave_1: left allmulticast mode
[ 86.576651][ T13] bridge_slave_1: left promiscuous mode
[ 86.583137][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.595169][ T13] bridge_slave_0: left allmulticast mode
[ 86.600892][ T13] bridge_slave_0: left promiscuous mode
[ 86.607401][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.767597][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 86.778472][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 86.788363][ T13] bond0 (unregistering): Released all slaves
[ 86.804940][ T29] cfg80211: failed to load regulatory.db
[ 86.900680][ T13] hsr_slave_0: left promiscuous mode
[ 86.910270][ T13] hsr_slave_1: left promiscuous mode
[ 86.917662][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 86.932101][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 86.941116][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 86.948985][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 86.966451][ T13] veth1_macvtap: left promiscuous mode
[ 86.972218][ T13] veth0_macvtap: left promiscuous mode
[ 86.982644][ T13] veth1_vlan: left promiscuous mode
[ 86.988101][ T13] veth0_vlan: left promiscuous mode
[ 87.281667][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 87.315082][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 87.522485][ C0] list_del corruption, ffff88807c18cc90->next is NULL
[ 87.530147][ C0] ------------[ cut here ]------------
[ 87.535655][ C0] kernel BUG at lib/list_debug.c:53!
[ 87.540990][ C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 87.547257][ C0] CPU: 0 UID: 0 PID: 5936 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)
[ 87.556808][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 87.567028][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 87.573969][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
[ 87.594094][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[ 87.600257][ C0] RAX: 0000000000000033 RBX: ffff88807c18cc90 RCX: 40c37dfd39d2fb00
[ 87.608222][ C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[ 87.616182][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[ 87.624228][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f831992
[ 87.632273][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 87.640413][ C0] FS: 0000555586210500(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
[ 87.649418][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 87.655995][ C0] CR2: 000055852ae3f138 CR3: 000000007d676000 CR4: 00000000003526f0
[ 87.664128][ C0] Call Trace:
[ 87.667427][ C0]
[ 87.670266][ C0] dst_destroy+0x202/0x5a0
[ 87.674690][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 87.680487][ C0] ? rcu_core+0x751/0x1070
[ 87.684900][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10
[ 87.690178][ C0] rcu_core+0x7cd/0x1070
[ 87.694441][ C0] ? __pfx_rcu_core+0x10/0x10
[ 87.699113][ C0] ? sched_clock_cpu+0x74/0x440
[ 87.703983][ C0] handle_softirqs+0x22a/0x870
[ 87.708828][ C0] ? __irq_exit_rcu+0x5f/0x150
[ 87.713583][ C0] __irq_exit_rcu+0x5f/0x150
[ 87.718166][ C0] irq_exit_rcu+0x9/0x30
[ 87.722439][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 87.728070][ C0]
[ 87.730985][ C0]
[ 87.733897][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 87.740040][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x36/0x70
[ 87.746280][ C0] Code: 88 d1 56 11 65 8b 15 a9 d1 56 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 94 16 00 00 00 74 2c 8b 91 70 16 00 00 <83> fa 02 75 21 48 8b 91 78 16 00 00 48 8b 32 48 8d 7e 01 8b 89 74
[ 87.766175][ C0] RSP: 0018:ffffc900031c6ff8 EFLAGS: 00000246
[ 87.772247][ C0] RAX: ffffffff8133ac7e RBX: 00007fbd2c15b78e RCX: ffff8880329d0000
[ 87.780215][ C0] RDX: 0000000000000000 RSI: ffffffff8e16b4c2 RDI: 00007fbd2c15b78e
[ 87.788299][ C0] RBP: 0000000000000001 R08: 0000000000000022 R09: ffffffff8e760320
[ 87.796436][ C0] R10: ffffc900031c70b8 R11: ffffffff81b0c090 R12: ffff8880329d0000
[ 87.804555][ C0] R13: 00000000ffffffff R14: dffffc0000000000 R15: 1ffff92000638e16
[ 87.812519][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 87.818668][ C0] ? in_gate_area_no_mm+0xe/0x60
[ 87.823868][ C0] in_gate_area_no_mm+0xe/0x60
[ 87.828629][ C0] kernel_text_address+0x2d/0xe0
[ 87.833567][ C0] __kernel_text_address+0xd/0x30
[ 87.838586][ C0] unwind_get_return_address+0x4d/0x90
[ 87.844152][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 87.850299][ C0] arch_stack_walk+0xfb/0x150
[ 87.855069][ C0] stack_trace_save+0xa9/0x100
[ 87.859828][ C0] ? __pfx_stack_trace_save+0x10/0x10
[ 87.865517][ C0] ? really_probe+0x267/0xaf0
[ 87.870278][ C0] ? __lock_acquire+0x6b5/0x2cf0
[ 87.875207][ C0] kasan_save_track+0x3e/0x80
[ 87.879974][ C0] ? kasan_save_track+0x3e/0x80
[ 87.885002][ C0] ? __kasan_kmalloc+0x93/0xb0
[ 87.889854][ C0] ? __kmalloc_node_track_caller_noprof+0x4db/0x7b0
[ 87.896436][ C0] ? kstrdup+0x42/0x100
[ 87.900617][ C0] ? debugfs_create_symlink+0x29/0x1c0
[ 87.906071][ C0] ? __nsim_dev_port_add+0x6fd/0xb50
[ 87.911354][ C0] ? nsim_dev_port_add_all+0x37/0xf0
[ 87.916822][ C0] ? nsim_drv_probe+0x905/0xc20
[ 87.921681][ C0] ? really_probe+0x267/0xaf0
[ 87.926628][ C0] ? __driver_probe_device+0x18c/0x320
[ 87.932177][ C0] ? driver_probe_device+0x4f/0x240
[ 87.937370][ C0] ? __device_attach_driver+0x2d4/0x4c0
[ 87.942914][ C0] ? bus_for_each_drv+0x258/0x2f0
[ 87.948201][ C0] ? __device_attach+0x2c5/0x450
[ 87.953135][ C0] ? device_initial_probe+0xa1/0xd0
[ 87.958411][ C0] ? bus_probe_device+0x12a/0x220
[ 87.963433][ C0] ? device_add+0x7b6/0xb70
[ 87.967929][ C0] ? new_device_store+0x37b/0x710
[ 87.972943][ C0] ? kernfs_fop_write_iter+0x3af/0x540
[ 87.978395][ C0] ? vfs_write+0x61d/0xb90
[ 87.982811][ C0] ? ksys_write+0x150/0x270
[ 87.987305][ C0] ? do_syscall_64+0x14d/0xf80
[ 87.992062][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.998126][ C0] __kasan_kmalloc+0x93/0xb0
[ 88.002719][ C0] __kmalloc_node_track_caller_noprof+0x4db/0x7b0
[ 88.009126][ C0] ? debugfs_create_symlink+0x29/0x1c0
[ 88.014771][ C0] ? __kmalloc_node_track_caller_noprof+0x34a/0x7b0
[ 88.021351][ C0] kstrdup+0x42/0x100
[ 88.025325][ C0] debugfs_create_symlink+0x29/0x1c0
[ 88.030660][ C0] __nsim_dev_port_add+0x6fd/0xb50
[ 88.035788][ C0] ? __pfx___nsim_dev_port_add+0x10/0x10
[ 88.041431][ C0] ? queue_delayed_work_on+0x171/0x1e0
[ 88.046983][ C0] nsim_dev_port_add_all+0x37/0xf0
[ 88.052093][ C0] nsim_drv_probe+0x905/0xc20
[ 88.056774][ C0] ? up_write+0x1ab/0x410
[ 88.061156][ C0] ? __pfx_nsim_drv_probe+0x10/0x10
[ 88.066394][ C0] ? kernfs_put+0x4bf/0x520
[ 88.070926][ C0] ? kernfs_create_link+0x187/0x200
[ 88.076225][ C0] ? driver_sysfs_add+0x1fe/0x210
[ 88.081251][ C0] ? __pfx_nsim_bus_probe+0x10/0x10
[ 88.086439][ C0] really_probe+0x267/0xaf0
[ 88.090954][ C0] __driver_probe_device+0x18c/0x320
[ 88.096245][ C0] driver_probe_device+0x4f/0x240
[ 88.101279][ C0] __device_attach_driver+0x2d4/0x4c0
[ 88.106651][ C0] bus_for_each_drv+0x258/0x2f0
[ 88.111491][ C0] ? __pfx___device_attach_driver+0x10/0x10
[ 88.117379][ C0] ? __pfx_bus_for_each_drv+0x10/0x10
[ 88.122827][ C0] __device_attach+0x2c5/0x450
[ 88.127587][ C0] ? __pfx___device_attach+0x10/0x10
[ 88.132951][ C0] ? _raw_spin_unlock+0x28/0x50
[ 88.137802][ C0] device_initial_probe+0xa1/0xd0
[ 88.142853][ C0] bus_probe_device+0x12a/0x220
[ 88.147851][ C0] ? device_add+0x726/0xb70
[ 88.152790][ C0] device_add+0x7b6/0xb70
[ 88.157108][ C0] new_device_store+0x37b/0x710
[ 88.161955][ C0] ? __pfx_new_device_store+0x10/0x10
[ 88.167313][ C0] ? sysfs_file_kobj+0x1a/0x230
[ 88.172164][ C0] ? sysfs_file_kobj+0x1e4/0x230
[ 88.177092][ C0] ? sysfs_kf_write+0x166/0x260
[ 88.181950][ C0] ? __pfx_sysfs_kf_write+0x10/0x10
[ 88.187138][ C0] kernfs_fop_write_iter+0x3af/0x540
[ 88.192679][ C0] vfs_write+0x61d/0xb90
[ 88.197031][ C0] ? __pfx_vfs_write+0x10/0x10
[ 88.201874][ C0] ? kmem_cache_free+0x187/0x630
[ 88.206934][ C0] ? fd_install+0x94/0x3d0
[ 88.211408][ C0] ? do_sys_openat2+0x14c/0x200
[ 88.216262][ C0] ksys_write+0x150/0x270
[ 88.220583][ C0] ? __pfx_ksys_write+0x10/0x10
[ 88.225440][ C0] do_syscall_64+0x14d/0xf80
[ 88.230115][ C0] ? trace_irq_disable+0x3b/0x150
[ 88.235135][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.241368][ C0] ? clear_bhb_loop+0x40/0x90
[ 88.246121][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.252010][ C0] RIP: 0033:0x7fbd2c15b78e
[ 88.256524][ C0] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 88.276214][ C0] RSP: 002b:00007fff20585b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 88.284725][ C0] RAX: ffffffffffffffda RBX: 0000555586210500 RCX: 00007fbd2c15b78e
[ 88.292697][ C0] RDX: 0000000000000003 RSI: 00007fff20585bc0 RDI: 0000000000000005
[ 88.300663][ C0] RBP: 00007fbd2c208aac R08: 0000000000000000 R09: 0000000000000000
[ 88.308713][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[ 88.316783][ C0] R13: 00007fff20585bc0 R14: 00007fbd2cf44620 R15: 0000000000000003
[ 88.324948][ C0]
[ 88.327961][ C0] Modules linked in:
[ 88.331856][ C0] ---[ end trace 0000000000000000 ]---
[ 88.337435][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[ 88.344494][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 48 c7 c7 c0 d2 27 8c 48 89 de e8 e2 e0 6e fc 90 <0f> 0b 48 c7 c7 20 d3 27 8c 48 89 de e8 d0 e0 6e fc 90 0f 0b 4c 89
[ 88.364451][ C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[ 88.370572][ C0] RAX: 0000000000000033 RBX: ffff88807c18cc90 RCX: 40c37dfd39d2fb00
[ 88.378644][ C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000
[ 88.386712][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[ 88.394697][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f831992
[ 88.402666][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 88.410888][ C0] FS: 0000555586210500(0000) GS:ffff888125459000(0000) knlGS:0000000000000000
[ 88.419916][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 88.426498][ C0] CR2: 000055852ae3f138 CR3: 000000007d676000 CR4: 00000000003526f0
[ 88.434452][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 89.524711][ C0] Shutting down cpus with NMI
[ 89.529831][ C0] Kernel Offset: disabled
[ 89.534138][ C0] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build213181760=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=)
HEAD detached at f20fc9f9ea
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=f20fc9f9ea40dfcbfcd6ff958185dd898dc5b53b -X github.com/google/syzkaller/prog.gitRevisionDate=20260206-143212" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=f20fc9f9ea40dfcbfcd6ff958185dd898dc5b53b -X github.com/google/syzkaller/prog.gitRevisionDate=20260206-143212" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=f20fc9f9ea40dfcbfcd6ff958185dd898dc5b53b -X github.com/google/syzkaller/prog.gitRevisionDate=20260206-143212" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"f20fc9f9ea40dfcbfcd6ff958185dd898dc5b53b\"
/usr/bin/ld: /tmp/ccansKBK.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null