program:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="090000000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=r0, @ANYRES32, @ANYBLOB="f1000000000000000000001e00"/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x0, 0x401, 0x0, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={<r3=>0x0, <r4=>0x0})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f00000002c0)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_subtree(r6, 0x0, 0x31)
close(r3)
setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f0000000180), 0x127)
close(r4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000050000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00'}, 0x10)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r7}, 0x10)
syz_clone(0x28055080, 0x0, 0x0, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000280), 0x2, 0x0)
syz_clone(0x2108000, &(0x7f0000000540)="03a179a24b19c1812a68c127ba20979d022216d5018d5bb01d50836e22f7edee636cf98562e5afc9fa049152978569756af3b7a01aca19e76f09ebafb4ab2867801e311c2f6b8ff3db74def31991e4fe96303e2394cfc5fbd4b8f8283ff5939315edcdd9ed501c1c3e08cb235e84caaf64170b2e981d0fd08d6d12fb38fe1b03b929034a02da79f9ebea78e99994cbf87ab1a484667e7751201e085f185563bcb40f08867fbc5ed82ef53e76c48ba73361d60dec36f60bdcb5664668aacc5c9d8e5b", 0xc2, 0x0, &(0x7f0000000380), 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="6112a8000000000061134c0000000000bf2000000000000015000500541b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

[   76.191508][ T5092] Bluetooth: hci0: command tx timeout
[   76.348825][    C0] hrtimer: interrupt took 40058 ns
[   76.467009][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[   76.469709][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[   77.263824][   T28] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x58 pfn:0xe560
[   77.267803][ T5108] list_add corruption. next->prev should be prev (ffffe8ffffc31ed0), but was ffff88803433a000. (next=ffff88801f919400).
[   77.274590][ T5108] ------------[ cut here ]------------
[   77.276903][ T5108] kernel BUG at lib/list_debug.c:31!
[   77.279043][ T5108] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   77.281929][ T5108] CPU: 0 UID: 0 PID: 5108 Comm: syz.0.0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[   77.286608][ T5108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.291177][ T5108] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0
[   77.293721][ T5108] Code: e8 af 23 00 07 90 0f 0b 48 c7 c7 80 fc 60 8c e8 a0 23 00 07 90 0f 0b 48 c7 c7 e0 fc 60 8c 4c 89 e6 4c 89 f1 e8 8b 23 00 07 90 <0f> 0b 48 c7 c7 60 fd 60 8c 4c 89 f6 4c 89 e1 e8 76 23 00 07 90 0f
[   77.302753][ T5108] RSP: 0018:ffffc90002eedf88 EFLAGS: 00010246
[   77.306460][ T5108] RAX: 0000000000000075 RBX: ffff88801f919408 RCX: 2c3d3265ad050a00
[   77.309627][ T5108] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   77.312788][ T5108] RBP: ffffe8ffffc31ed0 R08: ffffffff8174afec R09: 1ffff920005ddb8c
[   77.315937][ T5108] R10: dffffc0000000000 R11: fffff520005ddb8d R12: ffffe8ffffc31ed0
[   77.319050][ T5108] R13: dffffc0000000000 R14: ffff88801f919400 R15: ffff88800e560000
[   77.322309][ T5108] FS:  00007f77cf9896c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   77.326586][ T5108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.330102][ T5108] CR2: 0000000100000000 CR3: 000000000e52e000 CR4: 0000000000352ef0
[   77.333140][ T5108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   77.336262][ T5108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   77.339391][ T5108] Call Trace:
[   77.340739][ T5108]  <TASK>
[   77.341966][ T5108]  ? __die_body+0x5f/0xb0
[   77.344013][ T5108]  ? die+0x9e/0xc0
[   77.345969][ T5108]  ? do_trap+0x15a/0x3a0
[   77.348160][ T5108]  ? __list_add_valid_or_report+0xd6/0xf0
[   77.350734][ T5108]  ? do_error_trap+0x1dc/0x2c0
[   77.352865][ T5108]  ? __list_add_valid_or_report+0xd6/0xf0
[   77.355154][ T5108]  ? __list_add_valid_or_report+0xd6/0xf0
[   77.357417][ T5108]  ? seccomp_attach_filter+0xb29/0xb40
[   77.359608][ T5108]  ? __pfx_do_error_trap+0x10/0x10
[   77.361652][ T5108]  ? handle_invalid_op+0x34/0x40
[   77.363639][ T5108]  ? __list_add_valid_or_report+0xd6/0xf0
[   77.365912][ T5108]  ? exc_invalid_op+0x38/0x50
[   77.367850][ T5108]  ? asm_exc_invalid_op+0x1a/0x20
[   77.369859][ T5108]  ? __wake_up_klogd+0xcc/0x110
[   77.372380][ T5108]  ? __list_add_valid_or_report+0xd6/0xf0
[   77.375607][ T5108]  ? __list_add_valid_or_report+0xd5/0xf0
[   77.378463][ T5108]  add_to_unbuddied+0x2e4/0x4d0
[   77.380402][ T5108]  do_compact_page+0x924/0xc50
[   77.382321][ T5108]  zswap_entry_free+0x2f6/0x440
[   77.384301][ T5108]  zswap_load+0x386/0x8f0
[   77.386041][ T5108]  swap_read_folio+0x8c0/0x20b0
[   77.388090][ T5108]  ? __pfx_swap_read_folio+0x10/0x10
[   77.390283][ T5108]  ? __pfx___folio_batch_add_and_move+0x10/0x10
[   77.393284][ T5108]  ? __pfx_workingset_update_node+0x10/0x10
[   77.395800][ T5108]  ? put_swap_device+0x1f/0x250
[   77.397776][ T5108]  ? put_swap_device+0x18b/0x250
[   77.399723][ T5108]  ? __read_swap_cache_async+0x56f/0x8e0
[   77.402052][ T5108]  ? __pfx___read_swap_cache_async+0x10/0x10
[   77.405258][ T5108]  swap_cluster_readahead+0x707/0x7f0
[   77.407884][ T5108]  ? __pfx_swap_cluster_readahead+0x10/0x10
[   77.410248][ T5108]  ? xas_load+0x59b/0x5c0
[   77.412043][ T5108]  swapin_readahead+0x1bb/0xdf0
[   77.413932][ T5108]  ? filemap_get_entry+0x123/0x3b0
[   77.416009][ T5108]  ? __pfx_swapin_readahead+0x10/0x10
[   77.418409][ T5108]  ? __filemap_get_folio+0x949/0xbd0
[   77.421224][ T5108]  ? swap_cache_get_folio+0xa6/0x570
[   77.423915][ T5108]  do_swap_page+0x584/0x7b30
[   77.425773][ T5108]  ? __pfx_lock_release+0x10/0x10
[   77.427784][ T5108]  ? validate_chain+0x11e/0x5920
[   77.429739][ T5108]  ? do_swap_page+0x15e/0x7b30
[   77.431696][ T5108]  ? __pfx_do_swap_page+0x10/0x10
[   77.433891][ T5108]  ? __pfx___pte_offset_map+0x10/0x10
[   77.436411][ T5108]  ? __pfx_validate_chain+0x10/0x10
[   77.438931][ T5108]  ? pte_offset_map_nolock+0x137/0x1f0
[   77.441179][ T5108]  ? __pfx_pte_offset_map_nolock+0x10/0x10
[   77.443476][ T5108]  ? __lock_acquire+0x1384/0x2050
[   77.445517][ T5108]  handle_pte_fault+0x61d/0x6800
[   77.447632][ T5108]  ? mark_lock+0x9a/0x360
[   77.449756][ T5108]  ? __lock_acquire+0x1384/0x2050
[   77.452316][ T5108]  ? mark_lock+0x9a/0x360
[   77.454598][ T5108]  ? __pfx_handle_pte_fault+0x10/0x10
[   77.456712][ T5108]  ? __lock_acquire+0x1384/0x2050
[   77.458765][ T5108]  ? __pfx_lock_acquire+0x10/0x10
[   77.460780][ T5108]  ? do_raw_spin_lock+0x14f/0x370
[   77.462935][ T5108]  handle_mm_fault+0x1106/0x1bb0
[   77.464994][ T5108]  ? __pfx_handle_mm_fault+0x10/0x10
[   77.467439][ T5108]  ? follow_page_pte+0x9cc/0x2010
[   77.469927][ T5108]  ? __pfx_find_vma+0x10/0x10
[   77.472188][ T5108]  ? vma_is_secretmem+0xd/0x50
[   77.474195][ T5108]  ? check_vma_flags+0x4fa/0x5a0
[   77.476224][ T5108]  __get_user_pages+0x1b16/0x48d0
[   77.478249][ T5108]  ? shmem_file_write_iter+0x104/0x120
[   77.480457][ T5108]  ? __pfx_shmem_write_end+0x10/0x10
[   77.482887][ T5108]  ? __pfx___get_user_pages+0x10/0x10
[   77.485648][ T5108]  ? __pfx_down_read_killable+0x10/0x10
[   77.488259][ T5108]  ? __kernel_write_iter+0x725/0x940
[   77.490583][ T5108]  get_dump_page+0x155/0x2f0
[   77.492442][ T5108]  ? __pfx___kernel_write_iter+0x10/0x10
[   77.494723][ T5108]  ? __pfx_get_dump_page+0x10/0x10
[   77.496783][ T5108]  ? generic_file_llseek_size+0x322/0x390
[   77.499064][ T5108]  ? iov_iter_bvec+0x4e/0x180
[   77.500938][ T5108]  dump_user_range+0x14c/0x950
[   77.502858][ T5108]  ? __pfx_dump_user_range+0x10/0x10
[   77.505110][ T5108]  ? __pfx_elf_coredump_extra_notes_write+0x10/0x10
[   77.509441][ T5108]  ? elf_core_dump+0x2e9f/0x4770
[   77.512279][ T5108]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[   77.514731][ T5108]  ? dump_emit+0x99/0xd0
[   77.516422][ T5108]  elf_core_dump+0x3e85/0x4770
[   77.518373][ T5108]  ? __pfx_elf_core_dump+0x10/0x10
[   77.520447][ T5108]  ? mark_lock+0x9a/0x360
[   77.522236][ T5108]  ? __lock_acquire+0x1384/0x2050
[   77.524348][ T5108]  ? __pfx_cmp_vma_size+0x10/0x10
[   77.526392][ T5108]  ? rcu_read_lock_any_held+0xb7/0x160
[   77.528388][ T5108]  ? getname_kernel+0x140/0x2f0
[   77.530175][ T5108]  do_coredump+0x2162/0x2ec0
[   77.532036][ T5108]  ? __pfx_do_coredump+0x10/0x10
[   77.534125][ T5108]  ? proc_coredump_connector+0x1e8/0x750
[   77.536631][ T5108]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   77.539141][ T5108]  ? __pfx_proc_coredump_connector+0x10/0x10
[   77.541433][ T5108]  ? _raw_spin_unlock_irq+0x23/0x50
[   77.543532][ T5108]  ? lockdep_hardirqs_on+0x99/0x150
[   77.545620][ T5108]  get_signal+0x13fc/0x1740
[   77.547550][ T5108]  ? __pfx_get_signal+0x10/0x10
[   77.549563][ T5108]  ? __pfx_force_sig_fault+0x10/0x10
[   77.551618][ T5108]  arch_do_signal_or_restart+0x96/0x860
[   77.553925][ T5108]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   77.556941][ T5108]  ? irqentry_exit_to_user_mode+0x53/0x280
[   77.559734][ T5108]  irqentry_exit_to_user_mode+0x79/0x280
[   77.562179][ T5108]  exc_page_fault+0x590/0x8c0
[   77.564017][ T5108]  asm_exc_page_fault+0x26/0x30
[   77.565978][ T5108] RIP: 0033:0x5b8e
[   77.567498][ T5108] Code: Unable to access opcode bytes at 0x5b64.
[   77.569974][ T5108] RSP: 002b:0000000020000608 EFLAGS: 00010217
[   77.572663][ T5108] RAX: 0000000000000000 RBX: 00007f77ced36058 RCX: 00007f77ceb7dff9
[   77.576326][ T5108] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000002108000
[   77.579736][ T5108] RBP: 00007f77cebf0296 R08: 0000000000000000 R09: 0000000000000000
[   77.582904][ T5108] R10: 0000000020000380 R11: 0000000000000206 R12: 0000000000000000
[   77.585918][ T5108] R13: 0000000000000000 R14: 00007f77ced36058 R15: 00007fff69721ae8
[   77.589309][ T5108]  </TASK>
[   77.591263][ T5108] Modules linked in:
[   77.594296][ T5108] ---[ end trace 0000000000000000 ]---
[   77.596856][ T5108] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0
[   77.599533][ T5108] Code: e8 af 23 00 07 90 0f 0b 48 c7 c7 80 fc 60 8c e8 a0 23 00 07 90 0f 0b 48 c7 c7 e0 fc 60 8c 4c 89 e6 4c 89 f1 e8 8b 23 00 07 90 <0f> 0b 48 c7 c7 60 fd 60 8c 4c 89 f6 4c 89 e1 e8 76 23 00 07 90 0f
[   77.607014][ T5108] RSP: 0018:ffffc90002eedf88 EFLAGS: 00010246
[   77.609222][ T5108] RAX: 0000000000000075 RBX: ffff88801f919408 RCX: 2c3d3265ad050a00
[   77.612040][ T5108] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   77.615689][ T5108] RBP: ffffe8ffffc31ed0 R08: ffffffff8174afec R09: 1ffff920005ddb8c
[   77.619898][ T5108] R10: dffffc0000000000 R11: fffff520005ddb8d R12: ffffe8ffffc31ed0
[   77.623919][ T5108] R13: dffffc0000000000 R14: ffff88801f919400 R15: ffff88800e560000
[   77.627118][ T5108] FS:  00007f77cf9896c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   77.630615][ T5108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.633175][ T5108] CR2: 0000000000005b64 CR3: 000000000e52e000 CR4: 0000000000352ef0
[   77.636199][ T5108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   77.639171][ T5108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   77.642367][ T5108] Kernel panic - not syncing: Fatal exception
[   77.645195][ T5108] Kernel Offset: disabled
[   77.646894][ T5108] Rebooting in 86400 seconds..