list_add corruption. prev->next should be next (85e02600), but was 836c2400. (prev=827d6f4c).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:30!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 30180 Comm: syz-executor.0 Not tainted 6.4.0-rc4-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __list_add_valid+0x8c/0xb4 lib/list_debug.c:30
LR is at __wake_up_klogd.part.0+0x7c/0xac kernel/printk/printk.c:3798
pc : [<807d4f88>]    lr : [<802b2a40>]    psr: 60000013
sp : eb0b5c58  ip : eb0b5b98  fp : eb0b5c64
r10: 81b4b9d4  r9 : 84209650  r8 : 85e02600
r7 : 827d6f4c  r6 : 827d6f48  r5 : 00000000  r4 : 85c41e00
r3 : 00000000  r2 : 00000000  r1 : 81f9d7bc  r0 : 0000005d
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 85dc63c0  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: non-slab/vmalloc memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-512 start 85c41e00 pointer offset 0 size 512
Register r5 information: NULL pointer
Register r6 information: non-slab/vmalloc memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: slab kmalloc-512 start 85e02600 pointer offset 0 size 512
Register r9 information: slab shmem_inode_cache start 84209600 pointer offset 80 size 504
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xeb0b4000 allocated at kernel_clone+0x9c/0x3dc kernel/fork.c:2915
Register r12 information: 2-page vmalloc region starting at 0xeb0b4000 allocated at kernel_clone+0x9c/0x3dc kernel/fork.c:2915
Process syz-executor.0 (pid: 30180, stack limit = 0xeb0b4000)
Stack: (0xeb0b5c58 to 0xeb0b6000)
5c40:                                                       eb0b5c94 eb0b5c68
5c60: 8175f4c8 807d4f08 00000000 85cbc000 00000000 85cbc000 00000000 85cbc018
5c80: 8274dc94 8274dc80 eb0b5cbc eb0b5c98 81756c2c 8175f30c 84f34000 00000000
5ca0: 00000077 84f34000 00000000 00000077 eb0b5d04 eb0b5cc0 81763578 81756bd4
5cc0: 00000000 81b4b988 000000de 3263666e 69636e5f 5f78745f 00007177 81768754
5ce0: 85dc6c80 86b703c0 00000077 d5a0ebb2 85dc6c80 86b703c0 eb0b5d1c eb0b5d08
5d00: 80a6910c 81763358 827554bc 86b703c0 eb0b5d4c eb0b5d20 809689b4 80a69080
5d20: 80968880 832bdd40 84209650 81b284c4 804d3a7c 86b703c0 eb0b5e48 86b703c0
5d40: eb0b5d84 eb0b5d50 804d3b4c 8096888c 806e4ce0 d5a0ebb2 00000000 86b703c0
5d60: 84209650 00000000 804d3a7c 86b703c8 eb0b5e48 86b703c0 eb0b5dac eb0b5d88
5d80: 804c956c 804d3a88 00000002 00000000 eb0b5f20 00000000 00000000 eb0b5e48
5da0: eb0b5dbc eb0b5db0 804cb418 804c9420 eb0b5e44 eb0b5dc0 804e0164 804cb3f0
5dc0: eb0b5e34 eb0b5dd0 817fa5d4 80277f20 00000002 ffffd000 81fb8508 fffff000
5de0: 00000000 00000041 8446e530 8260c960 00000009 8446de00 81a02a74 00000000
5e00: 00000000 82714268 ddde5640 8446de00 8309b9c0 d5a0ebb2 eb0b5e44 eb0b5f58
5e20: eb0b5f20 8446de00 00000001 eb0b5e48 8446de00 00000142 eb0b5f0c eb0b5e48
5e40: 804e2018 804dfc4c 844de790 83d35908 69ae3a65 0000000b 835a3015 80277e50
5e60: 00000000 83e0db28 84209650 00000101 00000000 00000000 00000000 00002c24
5e80: 0000321e 00000000 00000000 00000000 eb0b5e94 8340ad40 8340ad00 d5a0ebb2
5ea0: 00000003 8340ad00 eb0b5ec4 eb0b5eb8 81803548 80276a30 eb0b5efc eb0b5ec8
5ec0: 804f24b8 835a3000 00000000 00000002 ffffff9c 00000000 835a41ed 00000000
5ee0: ffffff9c d5a0ebb2 8446de00 eb0b5f58 835a3000 00000003 ffffff9c 80200288
5f00: eb0b5f54 eb0b5f10 804cb6f8 804e1fa0 8446de00 000000f0 eb0b5f4c eb0b5f28
5f20: 00000002 80300000 00000006 00000100 00000001 d5a0ebb2 ffffff9c 20000080
5f40: 0014c2bc 00000142 eb0b5fa4 eb0b5f58 804cbba8 804cb65c 00000002 00000000
5f60: 00000000 00000000 00000000 00000000 00000002 00000000 00000000 00000000
5f80: 00000000 00000000 eb0b5fac d5a0ebb2 00000000 00000000 00000000 eb0b5fa8
5fa0: 80200060 804cbb10 00000000 00000000 ffffff9c 20000080 00000002 00000000
5fc0: 00000000 00000000 0014c2bc 00000142 7e9ef3c2 76b3f6d0 7e9ef534 76b3f20c
5fe0: 76b3f020 76b3f010 00017004 0004dfb0 60000010 ffffff9c 00000000 00000000
Backtrace: 
[<807d4efc>] (__list_add_valid) from [<8175f4c8>] (__list_add include/linux/list.h:69 [inline])
[<807d4efc>] (__list_add_valid) from [<8175f4c8>] (list_add include/linux/list.h:88 [inline])
[<807d4efc>] (__list_add_valid) from [<8175f4c8>] (nfc_llcp_register_device+0x1c8/0x1f4 net/nfc/llcp_core.c:1604)
[<8175f300>] (nfc_llcp_register_device) from [<81756c2c>] (nfc_register_device+0x64/0x170 net/nfc/core.c:1124)
 r8:8274dc80 r7:8274dc94 r6:85cbc018 r5:00000000 r4:85cbc000
[<81756bc8>] (nfc_register_device) from [<81763578>] (nci_register_device+0x22c/0x294 net/nfc/nci/core.c:1257)
 r6:00000077 r5:00000000 r4:84f34000
[<8176334c>] (nci_register_device) from [<80a6910c>] (virtual_ncidev_open+0x98/0xdc drivers/nfc/virtual_ncidev.c:148)
 r5:86b703c0 r4:85dc6c80
[<80a69074>] (virtual_ncidev_open) from [<809689b4>] (misc_open+0x134/0x168 drivers/char/misc.c:165)
 r5:86b703c0 r4:827554bc
[<80968880>] (misc_open) from [<804d3b4c>] (chrdev_open+0xd0/0x244 fs/char_dev.c:414)
 r10:86b703c0 r9:eb0b5e48 r8:86b703c0 r7:804d3a7c r6:81b284c4 r5:84209650
 r4:832bdd40 r3:80968880
[<804d3a7c>] (chrdev_open) from [<804c956c>] (do_dentry_open+0x158/0x48c fs/open.c:920)
 r10:86b703c0 r9:eb0b5e48 r8:86b703c8 r7:804d3a7c r6:00000000 r5:84209650
 r4:86b703c0
[<804c9414>] (do_dentry_open) from [<804cb418>] (vfs_open+0x34/0x38 fs/open.c:1051)
 r9:eb0b5e48 r8:00000000 r7:00000000 r6:eb0b5f20 r5:00000000 r4:00000002
[<804cb3e4>] (vfs_open) from [<804e0164>] (do_open fs/namei.c:3636 [inline])
[<804cb3e4>] (vfs_open) from [<804e0164>] (path_openat+0x524/0x101c fs/namei.c:3791)
[<804dfc40>] (path_openat) from [<804e2018>] (do_filp_open+0x84/0x124 fs/namei.c:3818)
 r10:00000142 r9:8446de00 r8:eb0b5e48 r7:00000001 r6:8446de00 r5:eb0b5f20
 r4:eb0b5f58
[<804e1f94>] (do_filp_open) from [<804cb6f8>] (do_sys_openat2+0xa8/0x16c fs/open.c:1356)
 r8:80200288 r7:ffffff9c r6:00000003 r5:835a3000 r4:eb0b5f58
[<804cb650>] (do_sys_openat2) from [<804cbba8>] (do_sys_open fs/open.c:1372 [inline])
[<804cb650>] (do_sys_openat2) from [<804cbba8>] (__do_sys_openat fs/open.c:1388 [inline])
[<804cb650>] (do_sys_openat2) from [<804cbba8>] (sys_openat+0xa4/0xcc fs/open.c:1383)
 r7:00000142 r6:0014c2bc r5:20000080 r4:ffffff9c
[<804cbb04>] (sys_openat) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xeb0b5fa8 to 0xeb0b5ff0)
5fa0:                   00000000 00000000 ffffff9c 20000080 00000002 00000000
5fc0: 00000000 00000000 0014c2bc 00000142 7e9ef3c2 76b3f6d0 7e9ef534 76b3f20c
5fe0: 76b3f020 76b3f010 00017004 0004dfb0
 r5:00000000 r4:00000000
Code: e34801fe e1a02001 e1a0100c eb401f4a (e7f001f2) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e34801fe 	movt	r0, #33278	; 0x81fe
   4:	e1a02001 	mov	r2, r1
   8:	e1a0100c 	mov	r1, ip
   c:	eb401f4a 	bl	0x1007d3c
* 10:	e7f001f2 	udf	#18 <-- trapping instruction