list_add corruption. next->prev should be prev (ffff88021fffac40), but was ffffea00072de020. (next=ffffea0007523420).
BUG: unable to handle kernel paging request at ffffffff8c336ce8
PGD ac32067 P4D ac32067 PUD ac33063 PMD 0 
Oops: 0000 [#1] SMP PTI
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4562 Comm: syz-executor2 Not tainted 4.17.0-rc5+ #102
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:depot_fetch_stack+0x7/0x40 lib/stackdepot.c:200
RSP: 0000:ffff880139c3f250 EFLAGS: 00010002
RAX: 000000000019fc25 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff8b588000 RSI: ffff880139c3f258 RDI: 000000008119fc25
RBP: ffff880139c3f2b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 000000008119fc25 R14: ffffffff8175c53d R15: ffff88013da4ba80
FS:  0000000000cb3940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8c336ce8 CR3: 0000000139c2a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686
 irq_work_claim kernel/irq_work.c:40 [inline]
 irq_work_queue+0xbd/0x300 kernel/irq_work.c:93
 wake_up_klogd kernel/printk/printk.c:2902 [inline]
 console_unlock+0x1c59/0x1ca0 kernel/printk/printk.c:2451
 vprintk_emit+0xd22/0xff0 kernel/printk/printk.c:1915
 vprintk_default+0x90/0xa0 kernel/printk/printk.c:1955
 vprintk_func+0x517/0x700 kernel/printk/printk_safe.c:379
 printk+0x1b6/0x1f0 kernel/printk/printk.c:1991
 __list_add_valid+0x275/0x450 lib/list_debug.c:23
 __list_add include/linux/list.h:60 [inline]
 list_add include/linux/list.h:79 [inline]
 __free_one_page+0x1483/0x1800 mm/page_alloc.c:876
 free_one_page mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x87f/0x16c0 mm/page_alloc.c:1260
 __free_pages+0x109/0x240 mm/page_alloc.c:4442
 free_thread_stack kernel/fork.c:267 [inline]
 release_task_stack kernel/fork.c:354 [inline]
 put_task_stack+0x233/0x2f0 kernel/fork.c:365
 finish_task_switch+0x17c/0x270 kernel/sched/core.c:2741
 context_switch kernel/sched/core.c:2866 [inline]
 __schedule+0x688/0x730 kernel/sched/core.c:3507
 schedule+0x1cc/0x2f0 kernel/sched/core.c:3551
 freezable_schedule include/linux/freezer.h:172 [inline]
 do_nanosleep+0x2c3/0x9b0 kernel/time/hrtimer.c:1689
 hrtimer_nanosleep kernel/time/hrtimer.c:1743 [inline]
 __do_sys_nanosleep kernel/time/hrtimer.c:1775 [inline]
 __se_sys_nanosleep+0x4b3/0x6a0 kernel/time/hrtimer.c:1762
 __x64_sys_nanosleep+0x92/0xc0 kernel/time/hrtimer.c:1762
 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x481110
RSP: 002b:0000000000a3ea98 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
RAX: ffffffffffffffda RBX: 000000000000003d RCX: 0000000000481110
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a3eaa0
RBP: 0000000000020b48 R08: 0000000000000001 R09: 0000000000cb3940
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000007 R14: 00000000000001bb R15: 0000000000020b2c
Code: e8 7f 64 98 fd 89 c0 48 89 c1 48 c1 e1 20 48 09 c1 49 89 0e e9 92 fe ff ff 90 90 90 90 90 90 90 90 90 90 90 89 f8 25 ff ff 1f 00 <48> 8b 04 c5 c0 8b 63 8b c1 ef 11 81 e7 f0 3f 00 00 8b 4c 38 0c 
RIP: depot_fetch_stack+0x7/0x40 lib/stackdepot.c:200 RSP: ffff880139c3f250
CR2: ffffffff8c336ce8
---[ end trace 66765cff78d73252 ]---