list_del corruption, ffff0000d53770b0->next is LIST_POISON1 (dead000000000100)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:55!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4212 Comm: syz.1.27 Not tainted 5.15.166-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid+0x110/0x150 lib/list_debug.c:53
lr : __list_del_entry_valid+0x110/0x150 lib/list_debug.c:53
sp : ffff8000205471b0
x29: ffff8000205471b0 x28: dfff800000000000 x27: 1ffff000040a8e58
x26: 1fffe0001aa6ee00 x25: dfff800000000000 x24: ffff0000c0fac800
x23: ffff7000040a8e50 x22: dead000000000100 x21: dfff800000000000
x20: dead000000000122 x19: ffff0000d53770b0 x18: 0000000000000002
x17: 0000000000000002 x16: ffff800011ab846c x15: 00000000ffffffff
x14: ffff0000c6729b40 x13: 0000000000000001 x12: 0000000000040000
x11: 000000000000aa64 x10: ffff800022929000 x9 : fc9e30ac581d0c00
x8 : fc9e30ac581d0c00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800020546918 x4 : ffff800014b8faa0 x3 : ffff80000a983a9c
x2 : ffff0001b41b0d10 x1 : 0000000100000001 x0 : 000000000000004e
Call trace:
 __list_del_entry_valid+0x110/0x150 lib/list_debug.c:53
 __list_del_entry include/linux/list.h:132 [inline]
 list_del include/linux/list.h:146 [inline]
 p9_fd_cancelled+0x9c/0x1d4 net/9p/trans_fd.c:736
 p9_client_flush+0x300/0x478 net/9p/client.c:681
 p9_client_rpc+0x964/0xf68 net/9p/client.c:788
 p9_client_create+0x95c/0xe04 net/9p/client.c:1056
 v9fs_session_init+0x18c/0x1504 fs/9p/v9fs.c:409
 v9fs_mount+0x88/0x780 fs/9p/vfs_super.c:126
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:611
 vfs_get_tree+0x90/0x274 fs/super.c:1528
 do_new_mount+0x278/0x8fc fs/namespace.c:3005
 path_mount+0x594/0x101c fs/namespace.c:3335
 do_mount fs/namespace.c:3348 [inline]
 __do_sys_mount fs/namespace.c:3556 [inline]
 __se_sys_mount fs/namespace.c:3533 [inline]
 __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 91058000 aa1303e1 f2fbd5a2 95c34079 (d4210000) 
---[ end trace 7533385e34e0eeb4 ]---