Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
Bluetooth: hci3: Injecting HCI hardware error event
Bluetooth: hci3: hardware error 0x00
 slab kmalloc-2k start ffff88805f089000 pointer offset 1368 size 2048
list_del corruption. prev->next should be ffff88805f08f558, but was 0000000000000000. (prev=ffff88805f089558)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:64!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5832 Comm: kworker/u9:6 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: hci3 hci_error_reset
RIP: 0010:__list_del_entry_valid_or_report+0x15a/0x190 lib/list_debug.c:62
Code: e8 4b 8d 48 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 ec 19 68 fd 49 8b 17 48 c7 c7 00 0b c1 8b 48 89 de 4c 89 f9 e8 17 e2 6f fc 90 <0f> 0b 4c 89 f7 e8 1c 8d 48 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 bd
RSP: 0018:ffffc90004517840 EFLAGS: 00010246
RAX: 000000000000006d RBX: ffff88805f08f558 RCX: 2705460507324e00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff88805f08d010 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bba944 R12: 1ffff1100be112ab
R13: dffffc0000000000 R14: ffff88805f089558 R15: ffff88805f089558
FS:  0000000000000000(0000) GS:ffff8881260f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbd6e5a36b0 CR3: 0000000060c3a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del_init include/linux/list.h:287 [inline]
 bt_accept_unlink+0x39/0x240 net/bluetooth/af_bluetooth.c:256
 l2cap_sock_teardown_cb+0x17e/0x460 net/bluetooth/l2cap_sock.c:1613
 l2cap_chan_del+0xb2/0x5e0 net/bluetooth/l2cap_core.c:655
 l2cap_conn_del+0x388/0x680 net/bluetooth/l2cap_core.c:1786
 hci_disconn_cfm include/net/bluetooth/hci_core.h:2068 [inline]
 hci_conn_hash_flush+0x10a/0x230 net/bluetooth/hci_conn.c:2534
 hci_dev_close_sync+0xaef/0x1330 net/bluetooth/hci_sync.c:5225
 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]
 hci_error_reset+0x127/0x3e0 net/bluetooth/hci_core.c:1016
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0x15a/0x190 lib/list_debug.c:62
Code: e8 4b 8d 48 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 ec 19 68 fd 49 8b 17 48 c7 c7 00 0b c1 8b 48 89 de 4c 89 f9 e8 17 e2 6f fc 90 <0f> 0b 4c 89 f7 e8 1c 8d 48 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 bd
RSP: 0018:ffffc90004517840 EFLAGS: 00010246
RAX: 000000000000006d RBX: ffff88805f08f558 RCX: 2705460507324e00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff88805f08d010 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1bba944 R12: 1ffff1100be112ab
R13: dffffc0000000000 R14: ffff88805f089558 R15: ffff88805f089558
FS:  0000000000000000(0000) GS:ffff8881261f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f81fce4 CR3: 000000007e36e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400