list_add corruption. next->prev should be prev (ffffe8ffac439150), but was ffffffff848b0160. (next=ffff888024fde100).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:29!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 2 UID: 0 PID: 5948 Comm: udevd Not tainted 6.14.0-rc5-syzkaller-00023-gbb2281fb05e5 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__list_add_valid_or_report+0xec/0x190 lib/list_debug.c:29
Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 e0 58 d3 8b e8 35 8f d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 16 1b 33 fd 48 8b 34 24 48 b8 00 00
RSP: 0000:ffffc900038e7528 EFLAGS: 00010282
RAX: 0000000000000075 RBX: ffff888012a14000 RCX: ffffffff819956c9
RDX: 0000000000000000 RSI: ffffffff8199ba3e RDI: 0000000000000005
RBP: ffff888024fde100 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000003 R12: ffff888012a14000
R13: ffff888024fde108 R14: ffffea00004a8500 R15: ffff888012a14008
FS:  00007f18886cb280(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005640e88d0a10 CR3: 0000000064978000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_add_valid include/linux/list.h:88 [inline]
 __list_add include/linux/list.h:150 [inline]
 list_add include/linux/list.h:169 [inline]
 add_to_unbuddied mm/z3fold.c:550 [inline]
 do_compact_page+0x10f2/0x27b0 mm/z3fold.c:772
 z3fold_free mm/z3fold.c:1156 [inline]
 z3fold_zpool_free+0xbc3/0xe80 mm/z3fold.c:1392
 zswap_entry_free+0x231/0x540 mm/zswap.c:806
 zswap_load+0x452/0x6c0 mm/zswap.c:1663
 swap_read_folio+0x41b/0x2240 mm/page_io.c:641
 swap_cluster_readahead+0x6a9/0x740 mm/swap_state.c:705
 swapin_readahead+0x12c/0xd60 mm/swap_state.c:881
 do_swap_page+0x680/0x59c0 mm/memory.c:4422
 handle_pte_fault mm/memory.c:5903 [inline]
 __handle_mm_fault+0x117f/0x2c60 mm/memory.c:6043
 handle_mm_fault+0x3fa/0xaa0 mm/memory.c:6212
 do_user_addr_fault+0x60d/0x13f0 arch/x86/mm/fault.c:1337
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f18887508ce
Code: 05 4f 89 12 00 73 dc 48 8b 56 10 48 85 d2 74 d3 f6 c2 0f 74 0c 48 8d 3d 0d d4 0e 00 e9 6b f6 ff ff 64 44 8b 14 25 18 00 00 00 <48> 8b 42 10 45 85 d2 0f 85 31 f6 ff ff 4c 8d 52 10 49 c1 ea 0c 4c
RSP: 002b:00007ffd9be32780 EFLAGS: 00010246
RAX: 0000000000000002 RBX: 00005640e88caa10 RCX: 00007f1888879ab0
RDX: 00005640e88d0a00 RSI: 00007f1888879aa0 RDI: 0000000000000000
RBP: 00007f1888879aa0 R08: 00005640e88d5070 R09: fffffffffffffe98
R10: 0000000000000000 R11: 0000000000000010 R12: fffffffffffffe98
R13: 0000000000000006 R14: 00007ffd9be32e21 R15: 00005640d9c1c4df
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_add_valid_or_report+0xec/0x190 lib/list_debug.c:29
Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 a5 00 00 00 48 8b 55 08 48 89 e9 48 c7 c7 e0 58 d3 8b e8 35 8f d1 fc 90 <0f> 0b 48 89 f7 48 89 34 24 e8 16 1b 33 fd 48 8b 34 24 48 b8 00 00
RSP: 0000:ffffc900038e7528 EFLAGS: 00010282

RAX: 0000000000000075 RBX: ffff888012a14000 RCX: ffffffff819956c9
RDX: 0000000000000000 RSI: ffffffff8199ba3e RDI: 0000000000000005
RBP: ffff888024fde100 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000003 R12: ffff888012a14000
R13: ffff888024fde108 R14: ffffea00004a8500 R15: ffff888012a14008
FS:  00007f18886cb280(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005640e88d0a10 CR3: 0000000064978000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400