list_del corruption. prev->next should be f3ff000007ab4288, but was 00007bff8254d628
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:51!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 19322 Comm: syz-executor.1 Not tainted 5.14.0-rc2-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
pc : __list_del_entry_valid+0x90/0xb0 lib/list_debug.c:51
lr : __list_del_entry_valid+0x90/0xb0 lib/list_debug.c:51
sp : ffff80001332b970
x29: ffff80001332b970 x28: ffff80001332bc78 x27: 0000000000000000
x26: 0000000000000003 x25: f3ff000007ab4220 x24: ffff800012337810
x23: 0000000000000001 x22: ffff800012337848 x21: f3ff000007ab4200
x20: faff000007bb7578 x19: f3ff000007ab4288 x18: 00000000fffffffa
x17: 20747562202c3838 x16: 3234626137303030 x15: 0000b0ca3f099258
x14: 000000000000001b x13: 000000000000001b x12: 0000000000000000
x11: ffff800011dc0fc0 x10: 8bf497cd8bcaf579 x9 : 7d872f18c3e4ba84
x8 : f1ff0000085ddaf8 x7 : 0000000000000004 x6 : 0000004004d72430
x5 : 0000000000000000 x4 : ffff00007fbb0988 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f1ff0000085dcc40 x0 : 0000000000000054
Call trace:
 __list_del_entry_valid+0x90/0xb0 lib/list_debug.c:51
 __list_del_entry include/linux/list.h:132 [inline]
 list_del_init include/linux/list.h:204 [inline]
 __fw_load_abort drivers/base/firmware_loader/fallback.c:97 [inline]
 __fw_load_abort drivers/base/firmware_loader/fallback.c:88 [inline]
 kill_pending_fw_fallback_reqs+0x7c/0xe0 drivers/base/firmware_loader/fallback.c:119
 fw_pm_notify+0x50/0x110 drivers/base/firmware_loader/main.c:1450
 notifier_call_chain kernel/notifier.c:83 [inline]
 notifier_call_chain_robust kernel/notifier.c:118 [inline]
 blocking_notifier_call_chain_robust kernel/notifier.c:302 [inline]
 blocking_notifier_call_chain_robust+0x78/0xe4 kernel/notifier.c:290
 pm_notifier_call_chain_robust+0x24/0x44 kernel/power/main.c:87
 snapshot_open+0xa0/0x124 kernel/power/user.c:75
 misc_open+0x130/0x174 drivers/char/misc.c:141
 chrdev_open+0xc0/0x260 fs/char_dev.c:414
 do_dentry_open+0x12c/0x3c0 fs/open.c:826
 vfs_open+0x30/0x3c fs/open.c:949
 do_open fs/namei.c:3374 [inline]
 path_openat+0x488/0xf10 fs/namei.c:3507
 do_filp_open+0x80/0x130 fs/namei.c:3534
 do_sys_openat2+0xb4/0x15c fs/open.c:1204
 do_sys_open fs/open.c:1220 [inline]
 __do_sys_openat fs/open.c:1236 [inline]
 __se_sys_openat fs/open.c:1231 [inline]
 __arm64_sys_openat+0x64/0xb0 fs/open.c:1231
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x40/0xdc arch/arm64/kernel/syscall.c:145
 do_el0_svc+0x78/0x90 arch/arm64/kernel/syscall.c:184
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:511
 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:527
 el0t_64_sync+0x1b4/0x1b8 arch/arm64/kernel/entry.S:574
Code: aa0003e1 b000c400 913d6000 9446d71f (d4210000) 
---[ end trace 6815df6f97f7c66f ]---