program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) setregid(0xee00, 0x0) setresgid(0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0x8}]}, 0x24}}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r4, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r4, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, &(0x7f00000008c0)=""/54, 0x36) getdents(r5, &(0x7f0000001fc0)=""/184, 0xb8) readv(r5, &(0x7f0000000480)=[{&(0x7f0000001080)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/161, 0xa1}, {&(0x7f0000000700)=""/173, 0xad}, {&(0x7f0000000b80)=""/239, 0xef}, {&(0x7f0000002080)=""/4096, 0x1000}, {&(0x7f0000000000)=""/5, 0x5}, {&(0x7f0000000a40)=""/182, 0xb6}, {&(0x7f0000000240)=""/80, 0x50}], 0x8) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r6, &(0x7f00000003c0)="0659", 0x2, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}}, 0x28}}, 0x0) [ 70.620678][ T4533] Bluetooth: hci0: command tx timeout [ 70.756260][ T5108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 71.140274][ T29] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x55a51d60c pfn:0x11a19 [ 71.150050][ T2905] list_add corruption. next->prev should be prev (ffffe8ffffc31ed0), but was ffff8880354f5000. (next=ffff88801aa39400). [ 71.155851][ T2905] ------------[ cut here ]------------ [ 71.158434][ T2905] kernel BUG at lib/list_debug.c:31! [ 71.160996][ T2905] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 71.164287][ T2905] CPU: 0 UID: 0 PID: 2905 Comm: kworker/u4:10 Not tainted 6.12.0-rc1-syzkaller #0 [ 71.168013][ T2905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.172361][ T2905] Workqueue: zswap1 compact_page_work [ 71.175095][ T2905] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 71.177988][ T2905] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f [ 71.185562][ T2905] RSP: 0018:ffffc9000c497ad0 EFLAGS: 00010246 [ 71.188079][ T2905] RAX: 0000000000000075 RBX: ffff88801aa39408 RCX: da664adfef8a5100 [ 71.191477][ T2905] RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000 [ 71.195294][ T2905] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: 1ffff92001892ef4 [ 71.199082][ T2905] R10: dffffc0000000000 R11: fffff52001892ef5 R12: ffffe8ffffc31ed0 [ 71.202686][ T2905] R13: dffffc0000000000 R14: ffff88801aa39400 R15: ffff888011a19000 [ 71.206776][ T2905] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.211080][ T2905] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.214904][ T2905] CR2: 00007f01a6b44348 CR3: 000000003f8a4000 CR4: 0000000000352ef0 [ 71.219103][ T2905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.222100][ T2905] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.225099][ T2905] Call Trace: [ 71.226357][ T2905] [ 71.227465][ T2905] ? __die_body+0x5f/0xb0 [ 71.228795][ T2905] ? die+0x9e/0xc0 [ 71.229985][ T2905] ? do_trap+0x15a/0x3a0 [ 71.231415][ T2905] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.233494][ T2905] ? do_error_trap+0x1dc/0x2c0 [ 71.235724][ T2905] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.238432][ T2905] ? __pfx_do_error_trap+0x10/0x10 [ 71.240374][ T2905] ? handle_invalid_op+0x34/0x40 [ 71.242302][ T2905] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.244496][ T2905] ? exc_invalid_op+0x38/0x50 [ 71.246338][ T2905] ? asm_exc_invalid_op+0x1a/0x20 [ 71.248312][ T2905] ? __wake_up_klogd+0xcc/0x110 [ 71.250413][ T2905] ? __list_add_valid_or_report+0xd6/0xf0 [ 71.253304][ T2905] add_to_unbuddied+0x2e4/0x4d0 [ 71.255493][ T2905] do_compact_page+0x924/0xc50 [ 71.257238][ T2905] ? process_scheduled_works+0x976/0x1850 [ 71.259293][ T2905] process_scheduled_works+0xa63/0x1850 [ 71.261294][ T2905] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.263498][ T2905] ? assign_work+0x364/0x3d0 [ 71.265166][ T2905] worker_thread+0x870/0xd30 [ 71.266858][ T2905] ? __kthread_parkme+0x169/0x1d0 [ 71.268892][ T2905] ? __pfx_worker_thread+0x10/0x10 [ 71.270788][ T2905] kthread+0x2f0/0x390 [ 71.272516][ T2905] ? __pfx_worker_thread+0x10/0x10 [ 71.274471][ T2905] ? __pfx_kthread+0x10/0x10 [ 71.276255][ T2905] ret_from_fork+0x4b/0x80 [ 71.277936][ T2905] ? __pfx_kthread+0x10/0x10 [ 71.279546][ T2905] ret_from_fork_asm+0x1a/0x30 [ 71.281311][ T2905] [ 71.282519][ T2905] Modules linked in: [ 71.284416][ T2905] ---[ end trace 0000000000000000 ]--- [ 71.286404][ T2905] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 71.288770][ T2905] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f [ 71.296415][ T2905] RSP: 0018:ffffc9000c497ad0 EFLAGS: 00010246 [ 71.299079][ T2905] RAX: 0000000000000075 RBX: ffff88801aa39408 RCX: da664adfef8a5100 [ 71.302019][ T2905] RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000 [ 71.304839][ T2905] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: 1ffff92001892ef4 [ 71.307309][ T2905] R10: dffffc0000000000 R11: fffff52001892ef5 R12: ffffe8ffffc31ed0 [ 71.309989][ T2905] R13: dffffc0000000000 R14: ffff88801aa39400 R15: ffff888011a19000 [ 71.312660][ T2905] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.316116][ T2905] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.318930][ T2905] CR2: 00007f01a6b44348 CR3: 000000003f8a4000 CR4: 0000000000352ef0 [ 71.322616][ T2905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.326254][ T2905] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.329764][ T2905] Kernel panic - not syncing: Fatal exception [ 71.332505][ T2905] Kernel Offset: disabled [ 71.334002][ T2905] Rebooting in 86400 seconds..