list_add corruption. prev->next should be next (ffff00011041f618), but was 663f733fc1793fb7. (prev=ffff000113881100).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:32!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.1.0-rc7-syzkaller-33097-ge3cb714fb489 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_add_valid+0xb4/0xb8 lib/list_debug.c:30
lr : __list_add_valid+0xb4/0xb8 lib/list_debug.c:30
sp : ffff80000800bd30
x29: ffff80000800bd30 x28: 0000000000000006 x27: 000000000000000a
x26: 0000000000000000 x25: ffff00011c3f7858 x24: 0000000000000001
x23: ffff000113881100 x22: ffff00011041f618 x21: ffff000119a17680
x20: 0000000000000000 x19: ffff00011041f5b8 x18: 00000000000000c0
x17: 3831366631343031 x16: ffff80000dbe6158 x15: ffff0000c0328000
x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c0328000
x11: ff808000081c4d64 x10: 0000000000000000 x9 : 2fd8970318e0fc00
x8 : 2fd8970318e0fc00 x7 : ffff80000c091044 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0001fefddcd0 x1 : 0000000000000102 x0 : 0000000000000075
Call trace:
 __list_add_valid+0xb4/0xb8 lib/list_debug.c:30
 __list_add include/linux/list.h:69 [inline]
 list_add_tail include/linux/list.h:102 [inline]
 list_move_tail include/linux/list.h:230 [inline]
 ref_tracker_free+0x138/0x340 lib/ref_tracker.c:143
 netdev_tracker_free include/linux/netdevice.h:4015 [inline]
 netdev_put include/linux/netdevice.h:4032 [inline]
 dst_destroy+0x9c/0x224 net/core/dst.c:120
 dst_destroy_rcu+0x20/0x30 net/core/dst.c:140
 rcu_do_batch+0x1a4/0x584 kernel/rcu/tree.c:2250
 rcu_core+0x2bc/0x5b4 kernel/rcu/tree.c:2510
 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2527
 _stext+0x168/0x37c
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
 call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:892
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
 invoke_softirq+0x70/0xbc kernel/softirq.c:452
 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650
 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:580
 arch_local_irq_enable+0xc/0x18 arch/arm64/include/asm/irqflags.h:35
 default_idle_call+0x48/0xb8 kernel/sched/idle.c:109
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x110/0x2d4 kernel/sched/idle.c:303
 cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:400
 secondary_start_kernel+0x154/0x17c arch/arm64/kernel/smp.c:265
 __secondary_switched+0xb0/0xb4 arch/arm64/kernel/head.S:621
Code: 9139b400 aa0303e1 aa0803e3 94aa88ef (d4210000) 
---[ end trace 0000000000000000 ]---