list_del corruption. prev->next should be ffff0000d6cfa518, but was ffff0000ce426518
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:61!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 8097 Comm: syz.8.913 Not tainted 5.15.179-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid+0x138/0x150 lib/list_debug.c:59
lr : __list_del_entry_valid+0x138/0x150 lib/list_debug.c:59
sp : ffff800020597440
x29: ffff800020597440 x28: dfff800000000000 x27: ffff0000d6cfd01c
x26: ffff0000d6cfd488 x25: 1fffe0001ad9fa04 x24: dfff800000000000
x23: dfff800000000000 x22: ffff0000ce426518 x21: dfff800000000000
x20: ffff0000ce426518 x19: ffff0000d6cfa518 x18: 1fffe0003682e78e
x17: 1fffe0003682e78e x16: ffff800011b5ac80 x15: ffff800014c0f2a0
x14: 1ffff0000296e06c x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : 1be0c985f38c7700
x8 : 1be0c985f38c7700 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000aa1313c
x2 : ffff0001b4173d10 x1 : 0000000100000000 x0 : 0000000000000054
Call trace:
 __list_del_entry_valid+0x138/0x150 lib/list_debug.c:59
 __list_del_entry include/linux/list.h:132 [inline]
 list_del_init include/linux/list.h:204 [inline]
 bt_accept_unlink+0x40/0x26c net/bluetooth/af_bluetooth.c:187
 l2cap_sock_teardown_cb+0x194/0x37c net/bluetooth/l2cap_sock.c:1588
 l2cap_chan_del+0xbc/0x560 net/bluetooth/l2cap_core.c:655
 l2cap_conn_del+0x2e8/0x554 net/bluetooth/l2cap_core.c:1929
 l2cap_disconn_cfm+0x90/0xe0 net/bluetooth/l2cap_core.c:8315
 hci_disconn_cfm include/net/bluetooth/hci_core.h:1520 [inline]
 hci_conn_hash_flush+0x104/0x220 net/bluetooth/hci_conn.c:1622
 hci_dev_do_close+0x7e4/0x1060 net/bluetooth/hci_core.c:1795
 hci_unregister_dev+0x248/0x4d4 net/bluetooth/hci_core.c:4040
 vhci_release+0x74/0xc4 drivers/bluetooth/hci_vhci.c:345
 __fput+0x1c4/0x800 fs/file_table.c:311
 ____fput+0x20/0x30 fs/file_table.c:339
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 exit_task_work include/linux/task_work.h:33 [inline]
 do_exit+0x670/0x20bc kernel/exit.c:874
 do_group_exit+0x110/0x268 kernel/exit.c:996
 get_signal+0x634/0x1550 kernel/signal.c:2900
 do_signal arch/arm64/kernel/signal.c:890 [inline]
 do_notify_resume+0x3d0/0x32b8 arch/arm64/kernel/signal.c:943
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
 asm_exit_to_user_mode+0x9c/0xf0 arch/arm64/kernel/entry-common.c:145
 ret_from_fork+0x1c/0x20 arch/arm64/kernel/entry.S:873
Code: f003b800 91198000 aa1303e1 95c38cb4 (d4210000) 
---[ end trace 2839c0191bf4a812 ]---