syzbot

list_del corruption. prev->next should be ffff888079dcb000, but was ffff88807acbb000. (prev=ffffffff8e546ce0)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:59!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 21557 Comm: syz-executor.2 Not tainted 6.2.0-rc4-syzkaller-00077-gd368967cb103 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
RIP: 0010:__list_del_entry_valid.cold+0x12/0x72 lib/list_debug.c:59
Code: f0 ff 0f 0b 48 89 f1 48 c7 c7 80 bd a6 8a 4c 89 e6 e8 cb 2c f0 ff 0f 0b 4c 89 e1 48 89 ee 48 c7 c7 e0 bf a6 8a e8 b7 2c f0 ff <0f> 0b 48 89 ee 48 c7 c7 c0 be a6 8a e8 a6 2c f0 ff 0f 0b 4c 89 e2
RSP: 0018:ffffc9000b28fd58 EFLAGS: 00010282
RAX: 000000000000006d RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88806b5b9d40 RSI: ffffffff8166822c RDI: fffff52001651f9d
RBP: ffff888079dcb000 R08: 000000000000006d R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8e546ce0
R13: ffff88802b1e3000 R14: ffff888079dce000 R15: ffff888079dc95f0
FS:  0000555555fb1400(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4363fad988 CR3: 000000002820b000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __list_del_entry include/linux/list.h:134 [inline]
 list_del include/linux/list.h:148 [inline]
 local_release net/nfc/llcp_core.c:171 [inline]
 kref_put include/linux/kref.h:65 [inline]
 nfc_llcp_local_put net/nfc/llcp_core.c:181 [inline]
 nfc_llcp_local_put net/nfc/llcp_core.c:176 [inline]
 nfc_llcp_unregister_device+0xb8/0x260 net/nfc/llcp_core.c:1619
 nfc_unregister_device+0x196/0x330 net/nfc/core.c:1179
 virtual_ncidev_close+0x52/0xb0 drivers/nfc/virtual_ncidev.c:163
 __fput+0x27c/0xa90 fs/file_table.c:320
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc8d423df7b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007ffce18f3bb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007fc8d423df7b
RDX: 00007fc8d3e00588 RSI: ffffffffffffffff RDI: 0000000000000005
RBP: 00007fc8d43ad980 R08: 0000000000000000 R09: 00007fc8d3e00000
R10: 00007fc8d3e00590 R11: 0000000000000293 R12: 00000000000bda59
R13: 00007ffce18f3cb0 R14: 00007fc8d43abf80 R15: 0000000000000032
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid.cold+0x12/0x72 lib/list_debug.c:59
Code: f0 ff 0f 0b 48 89 f1 48 c7 c7 80 bd a6 8a 4c 89 e6 e8 cb 2c f0 ff 0f 0b 4c 89 e1 48 89 ee 48 c7 c7 e0 bf a6 8a e8 b7 2c f0 ff <0f> 0b 48 89 ee 48 c7 c7 c0 be a6 8a e8 a6 2c f0 ff 0f 0b 4c 89 e2
RSP: 0018:ffffc9000b28fd58 EFLAGS: 00010282
RAX: 000000000000006d RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88806b5b9d40 RSI: ffffffff8166822c RDI: fffff52001651f9d
RBP: ffff888079dcb000 R08: 000000000000006d R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8e546ce0
R13: ffff88802b1e3000 R14: ffff888079dce000 R15: ffff888079dc95f0
FS:  0000555555fb1400(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4363fad988 CR3: 000000002820b000 CR4: 0000000000350ef0