syzbot

 non-slab/vmalloc memory
list_del corruption. prev->next should be ffff88801ee97e00, but was ffffffff8f6566a0. (prev=ffffffff8f6566a0)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:64!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 6107 Comm: syz.1.103 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:__list_del_entry_valid_or_report+0x15a/0x190 lib/list_debug.c:62
Code: e8 6b e7 52 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 3c 8a 74 fd 49 8b 17 48 c7 c7 a0 be 28 8c 48 89 de 4c 89 f9 e8 e7 26 6b fc 90 <0f> 0b 4c 89 f7 e8 3c e7 52 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 0d
RSP: 0018:ffffc90004136760 EFLAGS: 00010246
RAX: 000000000000006d RBX: ffff88801ee97e00 RCX: 529adca996f3e900
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 1ffff92000826d3e R08: ffffc900041364e7 R09: 1ffff92000826c9c
R10: dffffc0000000000 R11: fffff52000826c9d R12: 1ffffffff1ecacd4
R13: dffffc0000000000 R14: ffffffff8f6566a0 R15: ffffffff8f6566a0
FS:  000055558f799500(0000) GS:ffff8881253a0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000380 CR3: 000000005ec5c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:246 [inline]
 list_del include/linux/list.h:260 [inline]
 flow_block_cb_setup_simple+0x62d/0x740 net/core/flow_offload.c:367
 nft_block_offload_cmd net/netfilter/nf_tables_offload.c:397 [inline]
 nft_chain_offload_cmd+0x2d8/0x6e0 net/netfilter/nf_tables_offload.c:451
 nft_flow_block_chain net/netfilter/nf_tables_offload.c:471 [inline]
 nft_flow_offload_chain net/netfilter/nf_tables_offload.c:513 [inline]
 nft_flow_rule_offload_commit+0x485/0x1ce0 net/netfilter/nf_tables_offload.c:592
 nf_tables_commit+0x80d/0xa7c0 net/netfilter/nf_tables_api.c:10912
 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:574 [inline]
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:647 [inline]
 nfnetlink_rcv+0x1c19/0x27b0 net/netfilter/nfnetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x75c/0x8e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1899
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0x972/0x9f0 net/socket.c:2698
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
 __sys_sendmsg net/socket.c:2784 [inline]
 __do_sys_sendmsg net/socket.c:2789 [inline]
 __se_sys_sendmsg net/socket.c:2787 [inline]
 __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2787
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb07159ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff8b32ebf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fb071815fa0 RCX: 00007fb07159ce59
RDX: 000000000000c050 RSI: 0000200000000cc0 RDI: 0000000000000003
RBP: 00007fb071632d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb071815fac R14: 00007fb071815fa0 R15: 00007fb071815fa0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0x15a/0x190 lib/list_debug.c:62
Code: e8 6b e7 52 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 3c 8a 74 fd 49 8b 17 48 c7 c7 a0 be 28 8c 48 89 de 4c 89 f9 e8 e7 26 6b fc 90 <0f> 0b 4c 89 f7 e8 3c e7 52 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 0d
RSP: 0018:ffffc90004136760 EFLAGS: 00010246
RAX: 000000000000006d RBX: ffff88801ee97e00 RCX: 529adca996f3e900
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 1ffff92000826d3e R08: ffffc900041364e7 R09: 1ffff92000826c9c
R10: dffffc0000000000 R11: fffff52000826c9d R12: 1ffffffff1ecacd4
R13: dffffc0000000000 R14: ffffffff8f6566a0 R15: ffffffff8f6566a0
FS:  000055558f799500(0000) GS:ffff8881252a0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcdb21456b8 CR3: 000000005ec5c000 CR4: 00000000003526f0