program:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x800, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x802, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000540)={0x2020}, 0x2020)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000005c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @private1={0xfc, 0x1, '\x00', 0x1}}})
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
recvfrom(r0, &(0x7f0000000240)=""/176, 0xb0, 0x10000, &(0x7f0000000380)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x80)
r3 = socket$inet6(0xa, 0x80002, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000280), &(0x7f0000001840)=@udp6=r3}, 0x20)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f00000004c0)={'ip6_vti0\x00', r5, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @loopback}})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000180)={0x9, 0x0, [{0x2a3, 0x0, 0x1000}, {0xb35, 0x0, 0x8}, {0xb31, 0x0, 0x704}, {0x38c, 0x0, 0x200}, {0xb82, 0x0, 0x4}, {0xbac, 0x0, 0x3}, {0xb5a, 0x0, 0x4}, {0x2f5, 0x0, 0x7f}, {0x400000b5, 0x0, 0x8}]})
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000080), 0x4)

[   70.620696][ T4533] Bluetooth: hci0: command tx timeout
[   70.687002][ T5107] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   71.142686][   T29] page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x55a51d60c pfn:0x11a19
[   71.149750][ T2905] list_add corruption. next->prev should be prev (ffffe8ffffc31ed0), but was ffff8880354f5000. (next=ffff88801aa39400).
[   71.157482][ T2905] ------------[ cut here ]------------
[   71.159576][ T2905] kernel BUG at lib/list_debug.c:31!
[   71.161762][ T2905] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   71.164419][ T2905] CPU: 0 UID: 0 PID: 2905 Comm: kworker/u4:10 Not tainted 6.12.0-rc1-syzkaller #0
[   71.168198][ T2905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.172883][ T2905] Workqueue: zswap1 compact_page_work
[   71.175404][ T2905] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0
[   71.178052][ T2905] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f
[   71.186406][ T2905] RSP: 0018:ffffc9000c497ad0 EFLAGS: 00010246
[   71.189885][ T2905] RAX: 0000000000000075 RBX: ffff88801aa39408 RCX: da664adfef8a5100
[   71.193996][ T2905] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   71.196901][ T2905] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: 1ffff92001892ef4
[   71.199855][ T2905] R10: dffffc0000000000 R11: fffff52001892ef5 R12: ffffe8ffffc31ed0
[   71.203194][ T2905] R13: dffffc0000000000 R14: ffff88801aa39400 R15: ffff888011a19000
[   71.206633][ T2905] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   71.210863][ T2905] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.213413][ T2905] CR2: 00007f01a69980e8 CR3: 000000004c12e000 CR4: 0000000000352ef0
[   71.216545][ T2905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   71.219114][ T2905] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   71.222126][ T2905] Call Trace:
[   71.223643][ T2905]  <TASK>
[   71.225005][ T2905]  ? __die_body+0x5f/0xb0
[   71.226847][ T2905]  ? die+0x9e/0xc0
[   71.228400][ T2905]  ? do_trap+0x15a/0x3a0
[   71.230037][ T2905]  ? __list_add_valid_or_report+0xd6/0xf0
[   71.232225][ T2905]  ? do_error_trap+0x1dc/0x2c0
[   71.234017][ T2905]  ? __list_add_valid_or_report+0xd6/0xf0
[   71.236221][ T2905]  ? __pfx_do_error_trap+0x10/0x10
[   71.238280][ T2905]  ? handle_invalid_op+0x34/0x40
[   71.240430][ T2905]  ? __list_add_valid_or_report+0xd6/0xf0
[   71.243120][ T2905]  ? exc_invalid_op+0x38/0x50
[   71.245320][ T2905]  ? asm_exc_invalid_op+0x1a/0x20
[   71.247623][ T2905]  ? __wake_up_klogd+0xcc/0x110
[   71.249514][ T2905]  ? __list_add_valid_or_report+0xd6/0xf0
[   71.251786][ T2905]  add_to_unbuddied+0x2e4/0x4d0
[   71.253739][ T2905]  do_compact_page+0x924/0xc50
[   71.255618][ T2905]  ? process_scheduled_works+0x976/0x1850
[   71.257884][ T2905]  process_scheduled_works+0xa63/0x1850
[   71.260185][ T2905]  ? __pfx_process_scheduled_works+0x10/0x10
[   71.262504][ T2905]  ? assign_work+0x364/0x3d0
[   71.264565][ T2905]  worker_thread+0x870/0xd30
[   71.266769][ T2905]  ? __kthread_parkme+0x169/0x1d0
[   71.268817][ T2905]  ? __pfx_worker_thread+0x10/0x10
[   71.270714][ T2905]  kthread+0x2f0/0x390
[   71.272128][ T2905]  ? __pfx_worker_thread+0x10/0x10
[   71.273952][ T2905]  ? __pfx_kthread+0x10/0x10
[   71.275501][ T2905]  ret_from_fork+0x4b/0x80
[   71.277144][ T2905]  ? __pfx_kthread+0x10/0x10
[   71.279128][ T2905]  ret_from_fork_asm+0x1a/0x30
[   71.281472][ T2905]  </TASK>
[   71.283079][ T2905] Modules linked in:
[   71.285482][ T2905] ---[ end trace 0000000000000000 ]---
[   71.288077][ T2905] RIP: 0010:__list_add_valid_or_report+0xd6/0xf0
[   71.290601][ T2905] Code: e8 6f 08 00 07 90 0f 0b 48 c7 c7 00 f9 60 8c e8 60 08 00 07 90 0f 0b 48 c7 c7 60 f9 60 8c 4c 89 e6 4c 89 f1 e8 4b 08 00 07 90 <0f> 0b 48 c7 c7 e0 f9 60 8c 4c 89 f6 4c 89 e1 e8 36 08 00 07 90 0f
[   71.298319][ T2905] RSP: 0018:ffffc9000c497ad0 EFLAGS: 00010246
[   71.301286][ T2905] RAX: 0000000000000075 RBX: ffff88801aa39408 RCX: da664adfef8a5100
[   71.304436][ T2905] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   71.307510][ T2905] RBP: ffffe8ffffc31ed0 R08: ffffffff81749dec R09: 1ffff92001892ef4
[   71.310843][ T2905] R10: dffffc0000000000 R11: fffff52001892ef5 R12: ffffe8ffffc31ed0
[   71.314488][ T2905] R13: dffffc0000000000 R14: ffff88801aa39400 R15: ffff888011a19000
[   71.317958][ T2905] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   71.321172][ T2905] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.323730][ T2905] CR2: 00007f01a69980e8 CR3: 000000004c12e000 CR4: 0000000000352ef0
[   71.326722][ T2905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   71.329925][ T2905] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   71.332982][ T2905] Kernel panic - not syncing: Fatal exception
[   71.335890][ T2905] Kernel Offset: disabled
[   71.337593][ T2905] Rebooting in 86400 seconds..