program: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x6) r1 = socket$inet6(0xa, 0x800, 0xfffffff9) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000080)=""/118, 0x76}, {&(0x7f0000000100)=""/97, 0x61}, {&(0x7f0000000180)=""/37, 0x25}, {&(0x7f00000001c0)=""/79, 0x4f}], 0x4, 0x2, 0x2a) ftruncate(r0, 0x9) r2 = syz_open_dev$dri(&(0x7f0000000280), 0x6, 0x101000) ioctl$DRM_IOCTL_AGP_INFO(r2, 0x80386433, &(0x7f00000002c0)=""/4096) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000012c0), 0x383000, 0x0) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r3, 0x3b71, &(0x7f0000001380)={0x20, 0x5, &(0x7f0000001300)="2dcc237c8f6a025885c44a1abef86896c0111d9bf9b242d6c78f611bddc756c48e393bb806526f8ca34335258b44c2d2186099778435ededb19ffc63bdd70edfa48f728503", 0x404, 0x9}) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000013c0), 0x400041, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000001400)=0xffffffffffffffff) ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205649, &(0x7f0000001480)={0xa30000, 0x10000, 0xf, r5, 0x0, &(0x7f0000001440)={0x990a5f, 0xff, '\x00', @ptr=0x5}}) fsetxattr$security_ima(r4, &(0x7f00000014c0), &(0x7f0000001500)=@md5={0x1, "e872f89e55a5812bd69227a5f88e0e69"}, 0x11, 0x1) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000001540)={0x0, 0xfffffff7, 0x3, 0xbc61, 0x1, [0x0, 0x0, 0x0, 0x0], [0x1, 0x7f, 0x9, 0x6], [0x80, 0x4, 0x6, 0x3], [0x1, 0x4, 0x7, 0x9]}) ioctl$DRM_IOCTL_GEM_CLOSE(r4, 0x40086409, &(0x7f00000015c0)={r6}) ioctl$IOMMU_VFIO_IOAS$GET(r4, 0x3b88, &(0x7f0000001600)={0xc, 0x0}) ioctl$IOMMU_VFIO_IOAS$GET(r3, 0x3b88, &(0x7f0000001640)={0xc, 0x0}) ioctl$IOMMU_IOAS_COPY(r3, 0x3b83, &(0x7f0000001680)={0x28, 0x0, r7, r8, 0x9, 0x2, 0x48e}) fcntl$getown(r4, 0x9) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r2, 0xc00464be, &(0x7f00000016c0)) r9 = openat$bsg(0xffffffffffffff9c, &(0x7f0000001700), 0x80800, 0x0) fallocate(r9, 0x6, 0x8, 0x1) getsockname$packet(r9, &(0x7f0000001740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000001780)=0x14) ioctl$sock_inet6_SIOCDELRT(r9, 0x890c, &(0x7f00000017c0)={@private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, @local, 0x6, 0x1, 0x8, 0x400, 0x1, 0x4040000, r10}) r11 = socket$inet_mptcp(0x2, 0x1, 0x106) bind(r11, &(0x7f0000001840)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4}, 0x80) socket$inet6(0xa, 0x2, 0xb) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r4, 0x4018f50b, &(0x7f00000018c0)={0x1, 0x8000, 0x3}) ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f0000001900)) openat$ptp1(0xffffffffffffff9c, &(0x7f0000001940), 0x204040, 0x0) [ 78.473535][ T4536] Bluetooth: hci0: command tx timeout [ 79.577348][ T29] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x64 pfn:0xe5ba [ 79.580984][ T29] flags: 0xfff00000010001(locked|reclaim|node=0|zone=1|lastcpupid=0x7ff) [ 79.587291][ T5097] list_add corruption. next->prev should be prev (ffffe8ffffc31ed0), but was ffff88803db23800. (next=ffff88801eb57400). [ 79.593705][ T5097] ------------[ cut here ]------------ [ 79.595916][ T5097] kernel BUG at lib/list_debug.c:31! [ 79.598311][ T5097] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 79.601155][ T5097] CPU: 0 UID: 0 PID: 5097 Comm: udevd Not tainted 6.12.0-rc2-syzkaller-00305-g7234e2ea0edd #0 [ 79.605333][ T5097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 79.610868][ T5097] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 79.613336][ T5097] Code: e8 1f 29 00 07 90 0f 0b 48 c7 c7 80 fc 60 8c e8 10 29 00 07 90 0f 0b 48 c7 c7 e0 fc 60 8c 4c 89 e6 4c 89 f1 e8 fb 28 00 07 90 <0f> 0b 48 c7 c7 60 fd 60 8c 4c 89 f6 4c 89 e1 e8 e6 28 00 07 90 0f [ 79.621102][ T5097] RSP: 0018:ffffc9000302efe8 EFLAGS: 00010246 [ 79.623471][ T5097] RAX: 0000000000000075 RBX: ffff88801eb57408 RCX: 1bc126187b53e500 [ 79.627399][ T5097] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 79.631337][ T5097] RBP: ffffe8ffffc31ed0 R08: ffffffff8174afec R09: fffffbfff1cf9fd8 [ 79.634154][ T5097] R10: dffffc0000000000 R11: fffffbfff1cf9fd8 R12: ffffe8ffffc31ed0 [ 79.636595][ T5097] R13: dffffc0000000000 R14: ffff88801eb57400 R15: ffff88800e5ba000 [ 79.639202][ T5097] FS: 00007f38b4f21280(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 79.642239][ T5097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.644331][ T5097] CR2: 00007fcfea10d0d8 CR3: 000000003c11e000 CR4: 0000000000352ef0 [ 79.646977][ T5097] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.650382][ T5097] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.653605][ T5097] Call Trace: [ 79.654914][ T5097] [ 79.655982][ T5097] ? __die_body+0x5f/0xb0 [ 79.657684][ T5097] ? die+0x9e/0xc0 [ 79.659121][ T5097] ? do_trap+0x15a/0x3a0 [ 79.660851][ T5097] ? __list_add_valid_or_report+0xd6/0xf0 [ 79.663669][ T5097] ? do_error_trap+0x1dc/0x2c0 [ 79.666171][ T5097] ? __list_add_valid_or_report+0xd6/0xf0 [ 79.668430][ T5097] ? __pfx_do_error_trap+0x10/0x10 [ 79.670644][ T5097] ? handle_invalid_op+0x34/0x40 [ 79.672605][ T5097] ? __list_add_valid_or_report+0xd6/0xf0 [ 79.674814][ T5097] ? exc_invalid_op+0x38/0x50 [ 79.677034][ T5097] ? asm_exc_invalid_op+0x1a/0x20 [ 79.679048][ T5097] ? __wake_up_klogd+0xcc/0x110 [ 79.680928][ T5097] ? __list_add_valid_or_report+0xd6/0xf0 [ 79.684049][ T5097] ? __list_add_valid_or_report+0xd5/0xf0 [ 79.687630][ T5097] add_to_unbuddied+0x2e4/0x4d0 [ 79.690040][ T5097] do_compact_page+0x924/0xc50 [ 79.691993][ T5097] zswap_entry_free+0x2f6/0x440 [ 79.693907][ T5097] zswap_load+0x386/0x8f0 [ 79.695637][ T5097] swap_read_folio+0x8c0/0x20b0 [ 79.697597][ T5097] ? __pfx_swap_read_folio+0x10/0x10 [ 79.699636][ T5097] ? __pfx___folio_batch_add_and_move+0x10/0x10 [ 79.702144][ T5097] ? __pfx_workingset_update_node+0x10/0x10 [ 79.704728][ T5097] ? put_swap_device+0x1f/0x250 [ 79.707312][ T5097] ? put_swap_device+0x18b/0x250 [ 79.710329][ T5097] ? __read_swap_cache_async+0x56f/0x8e0 [ 79.713216][ T5097] ? __pfx___read_swap_cache_async+0x10/0x10 [ 79.715975][ T5097] swap_cluster_readahead+0x707/0x7f0 [ 79.717858][ T5097] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 79.719910][ T5097] ? xas_load+0x59b/0x5c0 [ 79.721665][ T5097] swapin_readahead+0x1bb/0xdf0 [ 79.723646][ T5097] ? filemap_get_entry+0x123/0x3b0 [ 79.726171][ T5097] ? __pfx_swapin_readahead+0x10/0x10 [ 79.728406][ T5097] ? __filemap_get_folio+0x949/0xbd0 [ 79.730514][ T5097] ? swap_cache_get_folio+0xa6/0x570 [ 79.732611][ T5097] do_swap_page+0x584/0x7b30 [ 79.734385][ T5097] ? __pfx_validate_chain+0x10/0x10 [ 79.736334][ T5097] ? do_swap_page+0x15e/0x7b30 [ 79.738166][ T5097] ? __pfx_do_swap_page+0x10/0x10 [ 79.740241][ T5097] ? __pfx___pte_offset_map+0x10/0x10 [ 79.742834][ T5097] ? __pfx_validate_chain+0x10/0x10 [ 79.745570][ T5097] ? pte_offset_map_nolock+0x137/0x1f0 [ 79.748010][ T5097] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 79.750193][ T5097] handle_pte_fault+0x61d/0x6800 [ 79.752085][ T5097] ? mark_lock+0x9a/0x360 [ 79.753725][ T5097] ? __pfx_handle_pte_fault+0x10/0x10 [ 79.755802][ T5097] ? __lock_acquire+0x1384/0x2050 [ 79.757635][ T5097] ? reacquire_held_locks+0x3eb/0x690 [ 79.759668][ T5097] ? lock_vma_under_rcu+0x34b/0x790 [ 79.763109][ T5097] ? __pfx_reacquire_held_locks+0x10/0x10 [ 79.766290][ T5097] handle_mm_fault+0x1106/0x1bb0 [ 79.768451][ T5097] ? __pfx_handle_mm_fault+0x10/0x10 [ 79.770569][ T5097] ? lock_vma_under_rcu+0x602/0x790 [ 79.772569][ T5097] ? lock_vma_under_rcu+0x1dd/0x790 [ 79.774582][ T5097] ? exc_page_fault+0x113/0x8c0 [ 79.776535][ T5097] exc_page_fault+0x459/0x8c0 [ 79.778397][ T5097] asm_exc_page_fault+0x26/0x30 [ 79.780522][ T5097] RIP: 0033:0x56080549b9a8 [ 79.782829][ T5097] Code: 05 e8 2c 10 fe ff 48 81 c4 28 08 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 89 f8 48 85 ff 74 03 ff 47 08 c3 48 85 ff 74 4b 55 <8b> 47 08 48 89 fd ff c8 89 47 08 85 c0 7f 37 48 8b bf a8 00 00 00 [ 79.791159][ T5097] RSP: 002b:00007ffcc986a450 EFLAGS: 00010206 [ 79.793696][ T5097] RAX: 000056080548876f RBX: 00005608054bb5b0 RCX: 0000000000000000 [ 79.797564][ T5097] RDX: 00000005608399bd RSI: 0000000000000000 RDI: 00005608399be030 [ 79.800853][ T5097] RBP: 00005608399a6910 R08: 0000000000000007 R09: 374bd6bb537f90d7 [ 79.803714][ T5097] R10: 00000000ffffffff R11: 0000000000000007 R12: 00005608054bb5e8 [ 79.806755][ T5097] R13: 00007ffcc986a4c8 R14: 0000000000000001 R15: 00005608399a6910 [ 79.810645][ T5097] [ 79.812085][ T5097] Modules linked in: [ 79.814651][ T5097] ---[ end trace 0000000000000000 ]--- [ 79.816771][ T5097] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 79.819186][ T5097] Code: e8 1f 29 00 07 90 0f 0b 48 c7 c7 80 fc 60 8c e8 10 29 00 07 90 0f 0b 48 c7 c7 e0 fc 60 8c 4c 89 e6 4c 89 f1 e8 fb 28 00 07 90 <0f> 0b 48 c7 c7 60 fd 60 8c 4c 89 f6 4c 89 e1 e8 e6 28 00 07 90 0f [ 79.826772][ T5097] RSP: 0018:ffffc9000302efe8 EFLAGS: 00010246 [ 79.831883][ T5097] RAX: 0000000000000075 RBX: ffff88801eb57408 RCX: 1bc126187b53e500 [ 79.835913][ T5097] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 79.839577][ T5097] RBP: ffffe8ffffc31ed0 R08: ffffffff8174afec R09: fffffbfff1cf9fd8 [ 79.842654][ T5097] R10: dffffc0000000000 R11: fffffbfff1cf9fd8 R12: ffffe8ffffc31ed0 [ 79.846105][ T5097] R13: dffffc0000000000 R14: ffff88801eb57400 R15: ffff88800e5ba000 [ 79.849463][ T5097] FS: 00007f38b4f21280(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 79.853472][ T5097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.856361][ T5097] CR2: 00007fcfea10d0d8 CR3: 000000003c11e000 CR4: 0000000000352ef0 [ 79.859735][ T5097] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.863193][ T5097] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.866327][ T5097] Kernel panic - not syncing: Fatal exception [ 79.869087][ T5097] Kernel Offset: disabled [ 79.871356][ T5097] Rebooting in 86400 seconds..