BUG: corrupted list in dst_destroy list_del corruption, ffff88806fcd3c90->next is NULL ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:53! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 5952 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52 Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 54 f9 06 cc 48 c7 c7 40 c1 29 8c 48 89 de e8 a2 29 65 fc 90 <0f> 0b 48 c7 c7 a0 c1 29 8c 48 89 de e8 90 29 65 fc 90 0f 0b 4c 89 RSP: 0000:ffffc90000007d58 EFLAGS: 00010046 RAX: 0000000000000033 RBX: ffff88806fcd3c90 RCX: 659782a44617dc00 RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000 RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100df9a792 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f4111e26c80(0000) GS:ffff888125009000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4111f90370 CR3: 0000000037a94000 CR4: 00000000003526f0 Call Trace: __list_del_entry_valid include/linux/list.h:132 [inline] __list_del_entry include/linux/list.h:223 [inline] list_del_init include/linux/list.h:295 [inline] dst_destroy+0x202/0x5a0 net/core/dst.c:163 rcu_do_batch kernel/rcu/tree.c:2617 [inline] rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869 handle_softirqs+0x22a/0x870 kernel/softirq.c:626 __do_softirq kernel/softirq.c:660 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:rcu_rdp_cpu_online kernel/rcu/tree.c:4007 [inline] RIP: 0010:rcu_lockdep_current_cpu_online+0x87/0x120 kernel/rcu/tree.c:4048 Code: 3c 30 00 74 08 48 89 df e8 76 cb 84 00 48 8b 03 48 8d 98 40 2d 43 93 48 8d b8 68 2d 43 93 48 89 f8 48 c1 e8 03 42 80 3c 30 00 <74> 05 e8 52 cb 84 00 4c 8b 7b 28 48 83 c3 20 48 89 d8 48 c1 e8 03 RSP: 0000:ffffc900039b7770 EFLAGS: 00000246 RAX: 1ffff110170877ad RBX: ffff8880b843bd40 RCX: 0000000080000001 RDX: ffff888028580000 RSI: ffffffff8c29bde0 RDI: ffff8880b843bd68 RBP: 0000000000000000 R08: ffff888028580000 R09: 0000000000000002 R10: 0000000000000003 R11: 0000000000000000 R12: ffff8880246764c8 R13: ffffc900039b7a98 R14: dffffc0000000000 R15: 1ffff92000736f53 rcu_read_lock_held_common kernel/rcu/update.c:113 [inline] rcu_read_lock_held+0x1e/0x50 kernel/rcu/update.c:349 xa_head include/linux/xarray.h:1211 [inline] xas_start+0x295/0x770 lib/xarray.c:191 xas_load+0x2c/0x5b0 lib/xarray.c:239 xas_find+0x157/0x990 lib/xarray.c:1406 next_uptodate_folio+0x32/0x5d0 mm/filemap.c:3704 filemap_map_pages+0x247/0x2050 mm/filemap.c:3887 do_fault_around mm/memory.c:5757 [inline] do_read_fault mm/memory.c:5790 [inline] do_fault mm/memory.c:5933 [inline] do_pte_missing+0x211a/0x3750 mm/memory.c:4477 handle_pte_fault mm/memory.c:6317 [inline] __handle_mm_fault mm/memory.c:6455 [inline] handle_mm_fault+0x1bec/0x3310 mm/memory.c:6624 do_user_addr_fault+0xa73/0x1340 arch/x86/mm/fault.c:1334 handle_page_fault arch/x86/mm/fault.c:1474 [inline] exc_page_fault+0x6a/0xc0 arch/x86/mm/fault.c:1527 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 RIP: 0033:0x7f4111f90370 Code: Unable to access opcode bytes at 0x7f4111f90346. RSP: 002b:00007fffc3d089a8 EFLAGS: 00010202 RAX: 0000000000000029 RBX: 00007f4111e9d398 RCX: 000000000000000d RDX: 00007f4111effe01 RSI: 0000000000000000 RDI: 0000000000000009 RBP: 00007fffc3d08ad0 R08: 0000000000000000 R09: 00007f4111f90370 R10: 00007f4111e958c0 R11: 00007f41121915f0 R12: 00007f4111e981e8 R13: 00007f4112192ab0 R14: 0000008b00000007 R15: 0000000000000007 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52 Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 54 f9 06 cc 48 c7 c7 40 c1 29 8c 48 89 de e8 a2 29 65 fc 90 <0f> 0b 48 c7 c7 a0 c1 29 8c 48 89 de e8 90 29 65 fc 90 0f 0b 4c 89 RSP: 0000:ffffc90000007d58 EFLAGS: 00010046 RAX: 0000000000000033 RBX: ffff88806fcd3c90 RCX: 659782a44617dc00 RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000 RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100df9a792 R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f4111e26c80(0000) GS:ffff888125009000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4111f90346 CR3: 0000000037a94000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 3c 30 cmp $0x30,%al 2: 00 74 08 48 add %dh,0x48(%rax,%rcx,1) 6: 89 df mov %ebx,%edi 8: e8 76 cb 84 00 call 0x84cb83 d: 48 8b 03 mov (%rbx),%rax 10: 48 8d 98 40 2d 43 93 lea -0x6cbcd2c0(%rax),%rbx 17: 48 8d b8 68 2d 43 93 lea -0x6cbcd298(%rax),%rdi 1e: 48 89 f8 mov %rdi,%rax 21: 48 c1 e8 03 shr $0x3,%rax 25: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) * 2a: 74 05 je 0x31 <-- trapping instruction 2c: e8 52 cb 84 00 call 0x84cb83 31: 4c 8b 7b 28 mov 0x28(%rbx),%r15 35: 48 83 c3 20 add $0x20,%rbx 39: 48 89 d8 mov %rbx,%rax 3c: 48 c1 e8 03 shr $0x3,%rax Warning: Permanently added '10.128.1.115' (ED25519) to the list of known hosts. 2026/02/24 13:40:28 parsed 1 programs [ 68.410229][ T5818] cgroup: Unknown subsys name 'net' [ 68.543978][ T5818] cgroup: Unknown subsys name 'cpuset' [ 68.552838][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 69.886500][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.396854][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.403323][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.509938][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 73.025023][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 73.114529][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.122413][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.130167][ T5840] bridge_slave_0: entered allmulticast mode [ 73.137894][ T5840] bridge_slave_0: entered promiscuous mode [ 73.146946][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.154917][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.162422][ T5840] bridge_slave_1: entered allmulticast mode [ 73.170037][ T5840] bridge_slave_1: entered promiscuous mode [ 73.198811][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.211357][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.240863][ T5840] team0: Port device team_slave_0 added [ 73.248973][ T5840] team0: Port device team_slave_1 added [ 73.273766][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.280829][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.306740][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.319621][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.326641][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.352674][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.394537][ T5840] hsr_slave_0: entered promiscuous mode [ 73.401353][ T5840] hsr_slave_1: entered promiscuous mode [ 73.550103][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.562541][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.573633][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.590782][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.622431][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.629777][ T5840] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.637821][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.645044][ T5840] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.705908][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.724973][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.733402][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.749913][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.765980][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.773117][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.787320][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.794740][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.957048][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.010298][ T5840] veth0_vlan: entered promiscuous mode [ 74.025358][ T5840] veth1_vlan: entered promiscuous mode [ 74.057542][ T5840] veth0_macvtap: entered promiscuous mode [ 74.068389][ T5840] veth1_macvtap: entered promiscuous mode [ 74.092881][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.109197][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.128722][ T1161] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.138363][ T1161] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.151749][ T1161] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.161478][ T1161] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.298911][ T1161] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.372343][ T1161] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.468591][ T1161] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.587009][ T1161] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.808484][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.818894][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.827295][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.837880][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.846578][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.893489][ T170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.911570][ T170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.949076][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.964020][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/02/24 13:40:39 executed programs: 0 [ 76.928991][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.938843][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.946916][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.955156][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.964912][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.095875][ T5930] chnl_net:caif_netlink_parms(): no params data found [ 77.164774][ T5930] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.172224][ T5930] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.179411][ T5930] bridge_slave_0: entered allmulticast mode [ 77.186740][ T5930] bridge_slave_0: entered promiscuous mode [ 77.195876][ T5930] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.203289][ T5930] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.210928][ T5930] bridge_slave_1: entered allmulticast mode [ 77.218181][ T5930] bridge_slave_1: entered promiscuous mode [ 77.249858][ T5930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.262415][ T5930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.292522][ T5930] team0: Port device team_slave_0 added [ 77.301552][ T5930] team0: Port device team_slave_1 added [ 77.336829][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.343859][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.369964][ T5930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.383268][ T5930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.390220][ T5930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.416834][ T5930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.517685][ T5930] hsr_slave_0: entered promiscuous mode [ 77.524885][ T5930] hsr_slave_1: entered promiscuous mode [ 77.532304][ T5930] debugfs: 'hsr0' already exists in 'hsr' [ 77.538112][ T5930] Cannot create hsr debugfs directory [ 77.547921][ T1161] bridge_slave_1: left allmulticast mode [ 77.553965][ T1161] bridge_slave_1: left promiscuous mode [ 77.560374][ T1161] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.571263][ T1161] bridge_slave_0: left allmulticast mode [ 77.576900][ T1161] bridge_slave_0: left promiscuous mode [ 77.582831][ T1161] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.694367][ T1161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.705996][ T1161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.716059][ T1161] bond0 (unregistering): Released all slaves [ 77.843739][ T1161] hsr_slave_0: left promiscuous mode [ 77.849860][ T1161] hsr_slave_1: left promiscuous mode [ 77.857314][ T1161] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.865007][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.874891][ T1161] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.883472][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.898482][ T1161] veth1_macvtap: left promiscuous mode [ 77.904377][ T1161] veth0_macvtap: left promiscuous mode [ 77.910053][ T1161] veth1_vlan: left promiscuous mode [ 77.915858][ T1161] veth0_vlan: left promiscuous mode [ 78.202760][ T1161] team0 (unregistering): Port device team_slave_1 removed [ 78.225265][ T1161] team0 (unregistering): Port device team_slave_0 removed [ 78.440531][ C0] list_del corruption, ffff88806fcd3c90->next is NULL [ 78.447793][ C0] ------------[ cut here ]------------ [ 78.453237][ C0] kernel BUG at lib/list_debug.c:53! [ 78.458540][ C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 78.464774][ C0] CPU: 0 UID: 0 PID: 5952 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) [ 78.474465][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 78.484525][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 [ 78.491457][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 54 f9 06 cc 48 c7 c7 40 c1 29 8c 48 89 de e8 a2 29 65 fc 90 <0f> 0b 48 c7 c7 a0 c1 29 8c 48 89 de e8 90 29 65 fc 90 0f 0b 4c 89 [ 78.511069][ C0] RSP: 0000:ffffc90000007d58 EFLAGS: 00010046 [ 78.517119][ C0] RAX: 0000000000000033 RBX: ffff88806fcd3c90 RCX: 659782a44617dc00 [ 78.525189][ C0] RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000 [ 78.533236][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c [ 78.541202][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100df9a792 [ 78.549185][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 78.557162][ C0] FS: 00007f4111e26c80(0000) GS:ffff888125009000(0000) knlGS:0000000000000000 [ 78.566082][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.572661][ C0] CR2: 00007f4111f90370 CR3: 0000000037a94000 CR4: 00000000003526f0 [ 78.580711][ C0] Call Trace: [ 78.583987][ C0] [ 78.586825][ C0] dst_destroy+0x202/0x5a0 [ 78.591235][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 78.597038][ C0] ? rcu_core+0x751/0x1070 [ 78.601439][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 78.606732][ C0] rcu_core+0x7cd/0x1070 [ 78.610970][ C0] ? __pfx_rcu_core+0x10/0x10 [ 78.615630][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 78.620813][ C0] ? sched_clock_cpu+0x74/0x440 [ 78.625771][ C0] handle_softirqs+0x22a/0x870 [ 78.630523][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 78.635273][ C0] __irq_exit_rcu+0x5f/0x150 [ 78.639942][ C0] irq_exit_rcu+0x9/0x30 [ 78.644181][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 78.649800][ C0] [ 78.652714][ C0] [ 78.655643][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 78.661781][ C0] RIP: 0010:rcu_lockdep_current_cpu_online+0x87/0x120 [ 78.668537][ C0] Code: 3c 30 00 74 08 48 89 df e8 76 cb 84 00 48 8b 03 48 8d 98 40 2d 43 93 48 8d b8 68 2d 43 93 48 89 f8 48 c1 e8 03 42 80 3c 30 00 <74> 05 e8 52 cb 84 00 4c 8b 7b 28 48 83 c3 20 48 89 d8 48 c1 e8 03 [ 78.688212][ C0] RSP: 0000:ffffc900039b7770 EFLAGS: 00000246 [ 78.694263][ C0] RAX: 1ffff110170877ad RBX: ffff8880b843bd40 RCX: 0000000080000001 [ 78.702303][ C0] RDX: ffff888028580000 RSI: ffffffff8c29bde0 RDI: ffff8880b843bd68 [ 78.710257][ C0] RBP: 0000000000000000 R08: ffff888028580000 R09: 0000000000000002 [ 78.718296][ C0] R10: 0000000000000003 R11: 0000000000000000 R12: ffff8880246764c8 [ 78.726253][ C0] R13: ffffc900039b7a98 R14: dffffc0000000000 R15: 1ffff92000736f53 [ 78.734573][ C0] rcu_read_lock_held+0x1e/0x50 [ 78.739443][ C0] xas_start+0x295/0x770 [ 78.743691][ C0] xas_load+0x2c/0x5b0 [ 78.747749][ C0] xas_find+0x157/0x990 [ 78.751905][ C0] ? xas_next_entry+0x381/0x3d0 [ 78.756762][ C0] next_uptodate_folio+0x32/0x5d0 [ 78.761858][ C0] filemap_map_pages+0x247/0x2050 [ 78.766912][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 78.771838][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 78.776865][ C0] ? filemap_map_pages+0x185/0x2050 [ 78.782046][ C0] ? __pfx_native_flush_tlb_one_user+0x10/0x10 [ 78.788184][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 78.793638][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 78.799524][ C0] do_pte_missing+0x211a/0x3750 [ 78.804360][ C0] ? do_pte_missing+0x130a/0x3750 [ 78.809368][ C0] ? handle_mm_fault+0xee/0x3310 [ 78.814301][ C0] handle_mm_fault+0x1bec/0x3310 [ 78.819228][ C0] ? handle_mm_fault+0xee/0x3310 [ 78.824195][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 78.829505][ C0] ? lock_vma_under_rcu+0x45a/0x500 [ 78.834820][ C0] do_user_addr_fault+0xa73/0x1340 [ 78.839949][ C0] ? rcu_is_watching+0x15/0xb0 [ 78.844715][ C0] ? trace_page_fault_user+0x84/0x210 [ 78.850082][ C0] exc_page_fault+0x6a/0xc0 [ 78.854585][ C0] asm_exc_page_fault+0x26/0x30 [ 78.859438][ C0] RIP: 0033:0x7f4111f90370 [ 78.863856][ C0] Code: Unable to access opcode bytes at 0x7f4111f90346. [ 78.870858][ C0] RSP: 002b:00007fffc3d089a8 EFLAGS: 00010202 [ 78.877082][ C0] RAX: 0000000000000029 RBX: 00007f4111e9d398 RCX: 000000000000000d [ 78.885121][ C0] RDX: 00007f4111effe01 RSI: 0000000000000000 RDI: 0000000000000009 [ 78.893096][ C0] RBP: 00007fffc3d08ad0 R08: 0000000000000000 R09: 00007f4111f90370 [ 78.901068][ C0] R10: 00007f4111e958c0 R11: 00007f41121915f0 R12: 00007f4111e981e8 [ 78.909132][ C0] R13: 00007f4112192ab0 R14: 0000008b00000007 R15: 0000000000000007 [ 78.917212][ C0] [ 78.920312][ C0] Modules linked in: [ 78.924210][ C0] ---[ end trace 0000000000000000 ]--- [ 78.929665][ C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 [ 78.936623][ C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 d2 54 f9 06 cc 48 c7 c7 40 c1 29 8c 48 89 de e8 a2 29 65 fc 90 <0f> 0b 48 c7 c7 a0 c1 29 8c 48 89 de e8 90 29 65 fc 90 0f 0b 4c 89 [ 78.956320][ C0] RSP: 0000:ffffc90000007d58 EFLAGS: 00010046 [ 78.962392][ C0] RAX: 0000000000000033 RBX: ffff88806fcd3c90 RCX: 659782a44617dc00 [ 78.970367][ C0] RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000 [ 78.978414][ C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c [ 78.986387][ C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100df9a792 [ 78.994365][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 79.002596][ C0] FS: 00007f4111e26c80(0000) GS:ffff888125009000(0000) knlGS:0000000000000000 [ 79.011535][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.018122][ C0] CR2: 00007f4111f90346 CR3: 0000000037a94000 CR4: 00000000003526f0 [ 79.026105][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 79.033759][ C0] Kernel Offset: disabled [ 79.038104][ C0] Rebooting in 86400 seconds.. syzkaller build log: go env (err=) AR='ar' CC='gcc' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_ENABLED='1' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' CXX='g++' GCCGO='gccgo' GO111MODULE='auto' GOAMD64='v1' GOARCH='amd64' GOAUTH='netrc' GOBIN='' GOCACHE='/syzkaller/.cache/go-build' GOCACHEPROG='' GODEBUG='' GOENV='/syzkaller/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFIPS140='off' GOFLAGS='' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3773265788=/tmp/go-build -gno-record-gcc-switches' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod' GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/syzkaller/jobs/linux/gopath' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTELEMETRY='local' GOTELEMETRYDIR='/syzkaller/.config/go/telemetry' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.24.4' GOWORK='' PKG_CONFIG='pkg-config' git status (err=) HEAD detached at 4c131dc4b96 nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4c131dc4b96f069f4177bf6cdd08431aaf9add88 -X github.com/google/syzkaller/prog.gitRevisionDate=20260207-170408" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4c131dc4b96f069f4177bf6cdd08431aaf9add88 -X github.com/google/syzkaller/prog.gitRevisionDate=20260207-170408" ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env bin/syz-sysgen touch .descriptions GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4c131dc4b96f069f4177bf6cdd08431aaf9add88 -X github.com/google/syzkaller/prog.gitRevisionDate=20260207-170408" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog mkdir -p ./bin/linux_amd64 g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \ -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \ -DHOSTGOOS_linux=1 -DGIT_REVISION=\"4c131dc4b96f069f4177bf6cdd08431aaf9add88\" /usr/bin/ld: /tmp/cc66sqC3.o: in function `Connection::Connect(char const*, char const*)': executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking ./tools/check-syzos.sh 2>/dev/null