list_del corruption, ffffea0007206e88->next is LIST_POISON1 (dead000000000100)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:58!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 4547 Comm: udevd Not tainted 6.10.0-rc5-next-20240624-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56
Code: e8 01 96 d3 06 90 0f 0b 48 c7 c7 60 78 20 8c 4c 89 fe e8 ef 95 d3 06 90 0f 0b 48 c7 c7 c0 78 20 8c 4c 89 fe e8 dd 95 d3 06 90 <0f> 0b 48 c7 c7 20 79 20 8c 4c 89 fe e8 cb 95 d3 06 90 0f 0b 48 c7
RSP: 0000:ffffc9000484f0f8 EFLAGS: 00010046
RAX: 000000000000004e RBX: dead000000000122 RCX: 9cd1ba0822e42f00
RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
RBP: ffffc9000484f1f0 R08: ffffffff8173a319 R09: 1ffff92000909dbc
R10: dffffc0000000000 R11: fffff52000909dbd R12: dffffc0000000000
R13: ffffc9000484f180 R14: dead000000000100 R15: ffffea0007206e88
FS:  00007f17dd8adc80(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a94b69fe50 CR3: 000000006ff68000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del include/linux/list.h:229 [inline]
 lru_gen_del_folio include/linux/mm_inline.h:289 [inline]
 lruvec_del_folio include/linux/mm_inline.h:351 [inline]
 __page_cache_release+0x911/0x24b0 mm/swap.c:82
 page_cache_release mm/swap.c:110 [inline]
 __folio_put+0x17f/0x440 mm/swap.c:125
 migrate_folio_unmap mm/migrate.c:1117 [inline]
 migrate_pages_batch+0x9f0/0x3960 mm/migrate.c:1698
 migrate_pages+0x2264/0x3460 mm/migrate.c:1968
 migrate_misplaced_folio+0x323/0x9b0 mm/migrate.c:2613
 do_numa_page mm/memory.c:5358 [inline]
 handle_pte_fault+0x3e6e/0x6eb0 mm/memory.c:5528
 __handle_mm_fault mm/memory.c:5665 [inline]
 handle_mm_fault+0x10df/0x1ba0 mm/memory.c:5830
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f17dd4c6996
Code: 48 89 c7 e8 59 f8 ff ff 83 0d 29 b1 12 00 02 48 89 5d 00 5a 4c 89 e0 5b 5d 41 5c 41 5d c3 52 48 8b 4f 08 48 89 c8 48 83 e0 f8 <48> 3b 04 07 74 09 48 8d 3d 25 ea 0e 00 eb 1b 48 8b 47 10 48 8b 57
RSP: 002b:00007ffc6d3fdfd0 EFLAGS: 00010202
RAX: 0000000000003f70 RBX: 0000000000001010 RCX: 0000000000003f71
RDX: 0000000000020000 RSI: 00000000718e000c RDI: 000055a94b69bee0
RBP: 00007f17dd5f1aa0 R08: 00007f17dd5f1d80 R09: 0000000000000200
R10: 000000000000010f R11: 0000000000000000 R12: 000055a94b69bee0
R13: 0000000000003f70 R14: 00007f17dd5f1b00 R15: 0000000000003f70
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56
Code: e8 01 96 d3 06 90 0f 0b 48 c7 c7 60 78 20 8c 4c 89 fe e8 ef 95 d3 06 90 0f 0b 48 c7 c7 c0 78 20 8c 4c 89 fe e8 dd 95 d3 06 90 <0f> 0b 48 c7 c7 20 79 20 8c 4c 89 fe e8 cb 95 d3 06 90 0f 0b 48 c7
RSP: 0000:ffffc9000484f0f8 EFLAGS: 00010046
RAX: 000000000000004e RBX: dead000000000122 RCX: 9cd1ba0822e42f00
RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
RBP: ffffc9000484f1f0 R08: ffffffff8173a319 R09: 1ffff92000909dbc
R10: dffffc0000000000 R11: fffff52000909dbd R12: dffffc0000000000
R13: ffffc9000484f180 R14: dead000000000100 R15: ffffea0007206e88
FS:  00007f17dd8adc80(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a94b69fe50 CR3: 000000006ff68000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400