program: syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=") r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) chown(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000580), 0x5020, &(0x7f00000005c0)={[{@uuid_auto}], [{@uid_eq}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000004c0)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500)={0x0}}, 0x0) pipe(&(0x7f00000001c0)) capget(0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents64(r6, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x48, 0x31, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x34, 0x1, [@m_mirred={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4, 0xa}, {0xc, 0x7, {0x0, 0x700}}, {0xc}}}]}]}, 0x48}}, 0x0) [ 89.741891][ T5098] Bluetooth: hci0: command tx timeout [ 90.858339][ T5113] loop0: detected capacity change from 0 to 512 [ 90.896524][ T5113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.917726][ T5113] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.630227][ T9] cfg80211: failed to load regulatory.db [ 91.651314][ T28] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e2d4 [ 91.660735][ T4584] list_add corruption. next->prev should be prev (ffffe8ffffc31ed0), but was ffff88803c76e000. (next=ffff88801ab63400). [ 91.666065][ T4584] ------------[ cut here ]------------ [ 91.668052][ T4584] kernel BUG at lib/list_debug.c:31! [ 91.670286][ T4584] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 91.672841][ T4584] CPU: 0 UID: 0 PID: 4584 Comm: klogd Not tainted 6.12.0-rc1-syzkaller #0 [ 91.675846][ T4584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 91.679742][ T4584] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 91.682178][ T4584] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f [ 91.689381][ T4584] RSP: 0018:ffffc90001eb6fe8 EFLAGS: 00010246 [ 91.691758][ T4584] RAX: 0000000000000075 RBX: ffff88801ab63408 RCX: 9a06a3deb1d04200 [ 91.694784][ T4584] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 91.697907][ T4584] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: fffffbfff1cf9fd8 [ 91.701041][ T4584] R10: dffffc0000000000 R11: fffffbfff1cf9fd8 R12: ffffe8ffffc31ed0 [ 91.704181][ T4584] R13: dffffc0000000000 R14: ffff88801ab63400 R15: ffff88801e2d4000 [ 91.707230][ T4584] FS: 00007fcec36a9500(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 91.710486][ T4584] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.712839][ T4584] CR2: 0000000020119000 CR3: 0000000011fa8000 CR4: 0000000000352ef0 [ 91.715954][ T4584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 91.718942][ T4584] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 91.721843][ T4584] Call Trace: [ 91.723087][ T4584] [ 91.724212][ T4584] ? __die_body+0x5f/0xb0 [ 91.725888][ T4584] ? die+0x9e/0xc0 [ 91.727330][ T4584] ? do_trap+0x15a/0x3a0 [ 91.728936][ T4584] ? __list_add_valid_or_report+0xd6/0xf0 [ 91.731090][ T4584] ? do_error_trap+0x1dc/0x2c0 [ 91.732928][ T4584] ? __list_add_valid_or_report+0xd6/0xf0 [ 91.735046][ T4584] ? __pfx_do_error_trap+0x10/0x10 [ 91.737086][ T4584] ? handle_invalid_op+0x34/0x40 [ 91.738812][ T4584] ? __list_add_valid_or_report+0xd6/0xf0 [ 91.740943][ T4584] ? exc_invalid_op+0x38/0x50 [ 91.742717][ T4584] ? asm_exc_invalid_op+0x1a/0x20 [ 91.744623][ T4584] ? __wake_up_klogd+0xcc/0x110 [ 91.746494][ T4584] ? __list_add_valid_or_report+0xd6/0xf0 [ 91.748720][ T4584] ? __list_add_valid_or_report+0xd5/0xf0 [ 91.750887][ T4584] add_to_unbuddied+0x2e4/0x4d0 [ 91.752858][ T4584] do_compact_page+0x924/0xc50 [ 91.754737][ T4584] zswap_entry_free+0x2f6/0x440 [ 91.756592][ T4584] zswap_load+0x386/0x8f0 [ 91.758139][ T4584] swap_read_folio+0x8c0/0x20b0 [ 91.759958][ T4584] ? __pfx_swap_read_folio+0x10/0x10 [ 91.761865][ T4584] ? __pfx___folio_batch_add_and_move+0x10/0x10 [ 91.764009][ T4584] ? __pfx_workingset_update_node+0x10/0x10 [ 91.766209][ T4584] ? put_swap_device+0x1f/0x250 [ 91.767996][ T4584] ? put_swap_device+0x18b/0x250 [ 91.769852][ T4584] ? __read_swap_cache_async+0x56f/0x8e0 [ 91.771907][ T4584] ? __pfx___read_swap_cache_async+0x10/0x10 [ 91.774218][ T4584] swap_cluster_readahead+0x707/0x7f0 [ 91.776229][ T4584] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 91.778579][ T4584] ? xas_load+0x59b/0x5c0 [ 91.780278][ T4584] swapin_readahead+0x1bb/0xdf0 [ 91.782086][ T4584] ? filemap_get_entry+0x123/0x3b0 [ 91.784115][ T4584] ? __pfx_swapin_readahead+0x10/0x10 [ 91.786142][ T4584] ? __filemap_get_folio+0x949/0xbd0 [ 91.788046][ T4584] ? swap_cache_get_folio+0xa6/0x570 [ 91.790028][ T4584] do_swap_page+0x584/0x7b30 [ 91.791820][ T4584] ? __pfx_validate_chain+0x10/0x10 [ 91.793876][ T4584] ? filemap_map_pages+0x19d0/0x20d0 [ 91.795821][ T4584] ? filemap_map_pages+0x243/0x20d0 [ 91.797753][ T4584] ? do_swap_page+0x15e/0x7b30 [ 91.799539][ T4584] ? __pfx_do_swap_page+0x10/0x10 [ 91.801424][ T4584] ? __pfx___pte_offset_map+0x10/0x10 [ 91.803338][ T4584] ? __pfx_validate_chain+0x10/0x10 [ 91.805378][ T4584] ? pte_offset_map_nolock+0x137/0x1f0 [ 91.807626][ T4584] ? __pfx_pte_offset_map_nolock+0x10/0x10 [ 91.809902][ T4584] handle_pte_fault+0x61d/0x6800 [ 91.811776][ T4584] ? mark_lock+0x9a/0x360 [ 91.813314][ T4584] ? __pfx_handle_pte_fault+0x10/0x10 [ 91.815012][ T4584] ? __lock_acquire+0x1384/0x2050 [ 91.816719][ T4584] ? reacquire_held_locks+0x3eb/0x690 [ 91.818750][ T4584] ? lock_vma_under_rcu+0x34b/0x790 [ 91.820611][ T4584] ? __pfx_reacquire_held_locks+0x10/0x10 [ 91.822662][ T4584] handle_mm_fault+0x1106/0x1bb0 [ 91.824512][ T4584] ? __pfx_handle_mm_fault+0x10/0x10 [ 91.826556][ T4584] ? lock_vma_under_rcu+0x602/0x790 [ 91.828500][ T4584] ? lock_vma_under_rcu+0x1dd/0x790 [ 91.830375][ T4584] ? exc_page_fault+0x113/0x8c0 [ 91.832190][ T4584] exc_page_fault+0x459/0x8c0 [ 91.833995][ T4584] asm_exc_page_fault+0x26/0x30 [ 91.835842][ T4584] RIP: 0033:0x7fcec37dff2a [ 91.837554][ T4584] Code: 83 f8 da 8b 7c 24 04 48 8b 74 24 08 74 cb 48 8b 15 f3 7e 0f 00 f7 d8 64 89 02 48 83 c8 ff 48 83 c4 18 c3 48 8b 05 96 7f 0f 00 <48> 8b 80 f8 02 00 00 48 85 c0 74 1c 51 ff d0 85 c0 75 04 31 c0 eb [ 91.844652][ T4584] RSP: 002b:00007ffc1a2df388 EFLAGS: 00010206 [ 91.846870][ T4584] RAX: 00007fcec39e0a80 RBX: 0000000000000002 RCX: 0000000000000001 [ 91.849822][ T4584] RDX: 0000000000000000 RSI: 00007ffc1a2df3e0 RDI: 0000000000000005 [ 91.852691][ T4584] RBP: 000055d1f8913910 R08: 0000000000000001 R09: 00007ffc1a2dee88 [ 91.855689][ T4584] R10: 000000000000020f R11: 0000000000000000 R12: 0000000000000006 [ 91.858508][ T4584] R13: 00007fcec3999212 R14: 00007ffc1a2df488 R15: 0000000000000000 [ 91.861199][ T4584] [ 91.862360][ T4584] Modules linked in: [ 91.864229][ T4584] ---[ end trace 0000000000000000 ]--- [ 91.866158][ T4584] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0 [ 91.867979][ T4584] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f [ 91.874040][ T4584] RSP: 0018:ffffc90001eb6fe8 EFLAGS: 00010246 [ 91.876303][ T4584] RAX: 0000000000000075 RBX: ffff88801ab63408 RCX: 9a06a3deb1d04200 [ 91.879482][ T4584] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 91.882605][ T4584] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: fffffbfff1cf9fd8 [ 91.885434][ T4584] R10: dffffc0000000000 R11: fffffbfff1cf9fd8 R12: ffffe8ffffc31ed0 [ 91.888163][ T4584] R13: dffffc0000000000 R14: ffff88801ab63400 R15: ffff88801e2d4000 [ 91.891099][ T4584] FS: 00007fcec36a9500(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 91.894311][ T4584] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.896757][ T4584] CR2: 0000000020119000 CR3: 0000000011fa8000 CR4: 0000000000352ef0 [ 91.900047][ T4584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 91.902950][ T4584] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 91.905978][ T4584] Kernel panic - not syncing: Fatal exception [ 91.908562][ T4584] Kernel Offset: disabled [ 91.910211][ T4584] Rebooting in 86400 seconds..