list_add corruption. prev->next should be next (82bbca08), but was 00000000. (prev=865e75ac). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:26! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM Modules linked in: CPU: 1 PID: 5339 Comm: syz-executor.1 Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: ARM-Versatile Express PC is at __list_add_valid+0x80/0x84 lib/list_debug.c:26 LR is at wake_up_klogd.part.0+0x7c/0xb4 kernel/printk/printk.c:3118 pc : [<808072b8>] lr : [<802d21b0>] psr: 60000013 sp : 86657e30 ip : 86657d60 fp : 86657e3c r10: 81104354 r9 : 00000010 r8 : 865e75ac r7 : 82bbca08 r6 : 865e7400 r5 : 865e75ac r4 : 82bbc6d8 r3 : 00000000 r2 : 00000000 r1 : ddfd6688 r0 : 0000005d Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 30c5387d Table: 86712700 DAC: 00000000 Process syz-executor.1 (pid: 5339, stack limit = 0x86656210) Stack: (0x86657e30 to 0x86658000) 7e20: 86657e6c 86657e40 810e61b8 80807244 7e40: 00000010 56b92eae 86657e6c 86424900 86ca70c0 86424948 811034c0 84343b40 7e60: 86657e9c 86657e70 811035a0 810e6048 8046d9e4 00000000 00000005 56b92eae 7e80: 86ca70c0 00000010 200008c0 86ca70c0 86657ed4 86657ea0 811044a0 811034cc 7ea0: 804d8fc8 00000007 fa000008 56b92eae 00004000 00000000 86c46140 200008c0 7ec0: ffffe000 00000000 86657f64 86657ed8 804da914 81104360 853d5140 82bfd5ec 7ee0: 86c46140 81f40284 86657f3c 86657ef8 80502e64 802bf578 00000000 00000000 7f00: 80502d24 835f4000 86657f3c 81f718ac 8020d140 00000000 00000000 200008c0 7f20: 00000010 80200224 86656000 00000004 86657f4c 56b92eae 80502f48 86c46141 7f40: 86c46140 200008c0 00000010 80200224 86656000 00000004 86657f94 86657f68 7f60: 804dad30 804da838 86657f94 86657f78 828abd1c 56b92eae 00000000 00000000 7f80: ffffffff 00000004 86657fa4 86657f98 804dad78 804dac88 00000000 86657fa8 7fa0: 80200060 804dad74 00000000 00000000 00000003 200008c0 00000010 00000000 7fc0: 00000000 00000000 ffffffff 00000004 7ebc531a 76f7b6d0 7ebc54a4 76f7b20c 7fe0: 76f7b048 76f7b038 00018e9c 0004ba40 60000010 00000003 00000000 00000000 Backtrace: [<80807238>] (__list_add_valid) from [<810e61b8>] (__list_add include/linux/list.h:67 [inline]) [<80807238>] (__list_add_valid) from [<810e61b8>] (list_add_tail include/linux/list.h:100 [inline]) [<80807238>] (__list_add_valid) from [<810e61b8>] (cma_listen_on_all drivers/infiniband/core/cma.c:2557 [inline]) [<80807238>] (__list_add_valid) from [<810e61b8>] (rdma_listen+0x17c/0x37c drivers/infiniband/core/cma.c:3751) [<810e603c>] (rdma_listen) from [<811035a0>] (ucma_listen+0xe0/0x130 drivers/infiniband/core/ucma.c:1102) r8:84343b40 r7:811034c0 r6:86424948 r5:86ca70c0 r4:86424900 [<811034c0>] (ucma_listen) from [<811044a0>] (ucma_write+0x14c/0x1b0 drivers/infiniband/core/ucma.c:1732) r6:86ca70c0 r5:200008c0 r4:00000010 [<81104354>] (ucma_write) from [<804da914>] (vfs_write+0xe8/0x350 fs/read_write.c:603) r8:00000000 r7:ffffe000 r6:200008c0 r5:86c46140 r4:00000000 [<804da82c>] (vfs_write) from [<804dad30>] (ksys_write+0xb4/0xec fs/read_write.c:658) r10:00000004 r9:86656000 r8:80200224 r7:00000010 r6:200008c0 r5:86c46140 r4:86c46141 [<804dac7c>] (ksys_write) from [<804dad78>] (__do_sys_write fs/read_write.c:670 [inline]) [<804dac7c>] (ksys_write) from [<804dad78>] (sys_write+0x10/0x14 fs/read_write.c:667) r7:00000004 r6:ffffffff r5:00000000 r4:00000000 [<804dad68>] (sys_write) from [<80200060>] (ret_fast_syscall+0x0/0x2c arch/arm/mm/proc-v7.S:64) Exception stack(0x86657fa8 to 0x86657ff0) 7fa0: 00000000 00000000 00000003 200008c0 00000010 00000000 7fc0: 00000000 00000000 ffffffff 00000004 7ebc531a 76f7b6d0 7ebc54a4 76f7b20c 7fe0: 76f7b048 76f7b038 00018e9c 0004ba40 Code: e34801fa e1a02001 e1a0100c eb3ffb2e (e7f001f2) ---[ end trace 7ea3f2e08d88cef1 ]--- ---------------- Code disassembly (best guess): 0: e34801fa movt r0, #33274 ; 0x81fa 4: e1a02001 mov r2, r1 8: e1a0100c mov r1, ip c: eb3ffb2e bl 0xffeccc * 10: e7f001f2 udf #18 <-- trapping instruction