program: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r0, 0x20000005) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x4800) syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r2) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}, 0x1, 0x0, 0x0, 0x20000}, 0x0) [ 70.621688][ T4533] Bluetooth: hci0: command tx timeout [ 71.143519][ T29] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x55a51d60d pfn:0x11a1a [ 71.151010][ T12] list_add corruption. next->prev should be prev (ffffe8ffffc31ed0), but was ffff8880354f5000. (next=ffff88801aa39400). [ 71.156279][ T12] ------------[ cut here ]------------ [ 71.159077][ T12] kernel BUG at lib/list_debug.c:31! [ 71.161959][ T12] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 71.164877][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.12.0-rc1-syzkaller #0 [ 71.168383][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.172862][ T12] Workqueue: zswap1 compact_page_work [ 71.175680][ T12] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 71.178487][ T12] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f [ 71.185606][ T12] RSP: 0000:ffffc900003e7ad0 EFLAGS: 00010246 [ 71.187970][ T12] RAX: 0000000000000075 RBX: ffff88801aa39408 RCX: 8c29ddb83b774f00 [ 71.191165][ T12] RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000 [ 71.194633][ T12] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: 1ffff9200007cef4 [ 71.198277][ T12] R10: dffffc0000000000 R11: fffff5200007cef5 R12: ffffe8ffffc31ed0 [ 71.201279][ T12] R13: dffffc0000000000 R14: ffff88801aa39400 R15: ffff888011a1a000 [ 71.204432][ T12] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.207756][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.210323][ T12] CR2: 00007f01a6997768 CR3: 000000003f8a4000 CR4: 0000000000352ef0 [ 71.214184][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.217864][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.220843][ T12] Call Trace: [ 71.222242][ T12] [ 71.223430][ T12] ? __die_body+0x5f/0xb0 [ 71.225200][ T12] ? die+0x9e/0xc0 [ 71.226811][ T12] ? do_trap+0x15a/0x3a0 [ 71.228772][ T12] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.231734][ T12] ? do_error_trap+0x1dc/0x2c0 [ 71.233973][ T12] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.236316][ T12] ? __pfx_do_error_trap+0x10/0x10 [ 71.238311][ T12] ? handle_invalid_op+0x34/0x40 [ 71.240174][ T12] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.242665][ T12] ? exc_invalid_op+0x38/0x50 [ 71.244702][ T12] ? asm_exc_invalid_op+0x1a/0x20 [ 71.246882][ T12] ? __wake_up_klogd+0xcc/0x110 [ 71.249398][ T12] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.252047][ T12] add_to_unbuddied+0x2e4/0x4d0 [ 71.254130][ T12] do_compact_page+0x924/0xc50 [ 71.255987][ T12] ? process_scheduled_works+0x976/0x1850 [ 71.258297][ T12] process_scheduled_works+0xa63/0x1850 [ 71.260691][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.263480][ T12] ? assign_work+0x364/0x3d0 [ 71.265754][ T12] worker_thread+0x870/0xd30 [ 71.267828][ T12] ? __kthread_parkme+0x169/0x1d0 [ 71.270010][ T12] ? __pfx_worker_thread+0x10/0x10 [ 71.271885][ T12] kthread+0x2f0/0x390 [ 71.273462][ T12] ? __pfx_worker_thread+0x10/0x10 [ 71.275584][ T12] ? __pfx_kthread+0x10/0x10 [ 71.277547][ T12] ret_from_fork+0x4b/0x80 [ 71.279428][ T12] ? __pfx_kthread+0x10/0x10 [ 71.281356][ T12] ret_from_fork_asm+0x1a/0x30 [ 71.283417][ T12] [ 71.284704][ T12] Modules linked in: [ 71.286844][ T12] ---[ end trace 0000000000000000 ]--- [ 71.289078][ T12] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 71.291627][ T12] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f [ 71.300513][ T12] RSP: 0000:ffffc900003e7ad0 EFLAGS: 00010246 [ 71.302810][ T12] RAX: 0000000000000075 RBX: ffff88801aa39408 RCX: 8c29ddb83b774f00 [ 71.305711][ T12] RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000 [ 71.308828][ T12] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: 1ffff9200007cef4 [ 71.311823][ T12] R10: dffffc0000000000 R11: fffff5200007cef5 R12: ffffe8ffffc31ed0 [ 71.314923][ T12] R13: dffffc0000000000 R14: ffff88801aa39400 R15: ffff888011a1a000 [ 71.318274][ T12] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.321691][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.324153][ T12] CR2: 00007f01a6997768 CR3: 000000003f8a4000 CR4: 0000000000352ef0 [ 71.327737][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.331705][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.334765][ T12] Kernel panic - not syncing: Fatal exception [ 71.337344][ T12] Kernel Offset: disabled [ 71.339089][ T12] Rebooting in 86400 seconds..