list_del corruption. prev->next should be ffff88807c91c068, but was 0000000000000000. (prev=ffff88807cda1868)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:59!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3648 Comm: kworker/u5:3 Not tainted 6.0.0-rc6-syzkaller-00030-g06f7db949993 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/16/2022
Workqueue: hci3 hci_rx_work
RIP: 0010:__list_del_entry_valid.cold+0x12/0x72 lib/list_debug.c:59
Code: f0 ff 0f 0b 48 89 f1 48 c7 c7 c0 06 49 8a 4c 89 e6 e8 af ee f0 ff 0f 0b 4c 89 e1 48 89 ee 48 c7 c7 20 09 49 8a e8 9b ee f0 ff <0f> 0b 48 89 ee 48 c7 c7 00 08 49 8a e8 8a ee f0 ff 0f 0b 4c 89 e2
RSP: 0018:ffffc90003ccf8c8 EFLAGS: 00010282
RAX: 000000000000006d RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff8161f3d8 RDI: fffff52000799f0b
RBP: ffff88807c91c068 R08: 000000000000006d R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88807cda1868
R13: ffff888077a48c40 R14: ffff88807c91c060 R15: ffff888046215138
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555570c3708 CR3: 000000007492a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_del_entry include/linux/list.h:134 [inline]
 list_del include/linux/list.h:148 [inline]
 klist_release+0x66/0x480 lib/klist.c:189
 kref_put include/linux/kref.h:65 [inline]
 klist_dec_and_del lib/klist.c:206 [inline]
 klist_put+0x151/0x1d0 lib/klist.c:217
 device_del+0x243/0xc80 drivers/base/core.c:3683
 hci_conn_del_sysfs+0xdc/0x180 net/bluetooth/hci_sysfs.c:78
 hci_conn_cleanup+0x315/0x7b0 net/bluetooth/hci_conn.c:147
 hci_conn_del+0x29b/0x790 net/bluetooth/hci_conn.c:1022
 hci_cs_disconnect+0x5b6/0xe40 net/bluetooth/hci_event.c:2781
 hci_cmd_status_evt+0x25d/0x8d0 net/bluetooth/hci_event.c:4291
 hci_event_func net/bluetooth/hci_event.c:7440 [inline]
 hci_event_packet+0x63d/0xfd0 net/bluetooth/hci_event.c:7495
 hci_rx_work+0xae7/0x1230 net/bluetooth/hci_core.c:4007
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid.cold+0x12/0x72 lib/list_debug.c:59
Code: f0 ff 0f 0b 48 89 f1 48 c7 c7 c0 06 49 8a 4c 89 e6 e8 af ee f0 ff 0f 0b 4c 89 e1 48 89 ee 48 c7 c7 20 09 49 8a e8 9b ee f0 ff <0f> 0b 48 89 ee 48 c7 c7 00 08 49 8a e8 8a ee f0 ff 0f 0b 4c 89 e2
RSP: 0018:ffffc90003ccf8c8 EFLAGS: 00010282
RAX: 000000000000006d RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff8161f3d8 RDI: fffff52000799f0b
RBP: ffff88807c91c068 R08: 000000000000006d R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88807cda1868
R13: ffff888077a48c40 R14: ffff88807c91c060 R15: ffff888046215138
FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555570c3708 CR3: 000000007492a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400