syzbot

------------[ cut here ]------------
WARNING: CPU: 0 PID: 21835 at kernel/time/posix-timers.c:1109 exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109
Modules linked in:
CPU: 0 UID: 0 PID: 21835 Comm: syz.0.5419 Not tainted 6.14.0-rc4-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109
lr : itimer_delete kernel/time/posix-timers.c:1081 [inline]
lr : exit_itimers+0x17c/0x34c kernel/time/posix-timers.c:1103
sp : ffff800088ffbbf0
x29: ffff800088ffbbf0 x28: 0000000000000001 x27: f0f0000007b99a38
x26: 0000000000000000 x25: 0000000000000000 x24: f0f0000007b99240
x23: 0000000000000000 x22: f0f0000007b99240 x21: f0f0000007b99240
x20: 0000000000000001 x19: f0f0000007b99240 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffea2d02c8
x14: f0f0000007b992c0 x13: ffff8000828500c8 x12: 0000000000000001
x11: 00000355b7b9e14b x10: 5d48c5ec52c2bb1a x9 : b4052c63a0d52864
x8 : ffff800088ffbe38 x7 : fdf0000003263488 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000001000001 x3 : 00000000000001f4
x2 : fff000007f8d0758 x1 : f0f0000007b99240 x0 : fdf0000016d5fb60
Call trace:
 exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109 (P)
 do_exit+0x17c/0x98c kernel/exit.c:912
 do_group_exit+0x34/0x90 kernel/exit.c:1087
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:3036
 do_signal+0x94/0x360 arch/arm64/kernel/signal.c:1658
 do_notify_resume+0xd8/0x164 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc0/0xe0 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
rcuref - imbalanced put()
WARNING: CPU: 0 PID: 21835 at lib/rcuref.c:267 rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
Modules linked in:
CPU: 0 UID: 0 PID: 21835 Comm: syz.0.5419 Tainted: G        W          6.14.0-rc4-syzkaller #0
Tainted: [W]=WARN
Hardware name: linux,dummy-virt (DT)
pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
lr : rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
sp : ffff800088ffbbd0
x29: ffff800088ffbbd0 x28: 0000000000000001 x27: f0f0000007b99a38
x26: 0000000000000000 x25: 0000000000000000 x24: f0f0000007b99240
x23: 0000000000000000 x22: f0f0000007b99240 x21: f0f0000007b99240
x20: 00000000ffffffff x19: fdf0000016d5fc28 x18: 000000000001cf9f
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800088ffb560
x14: 00000000ffffffea x13: ffff800088ffb988 x12: ffff80008292d920
x11: fffffffffffd8010 x10: fffffffffffd7fe8 x9 : 0000000000009be8
x8 : c0000000ffffe67f x7 : ffff80008287d898 x6 : 0000000000023ba8
x5 : ffff8000828a14c8 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : f0f0000007b99240
Call trace:
 rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267 (P)
 __rcuref_put include/linux/rcuref.h:94 [inline]
 rcuref_put include/linux/rcuref.h:150 [inline]
 posixtimer_putref include/linux/posix-timers.h:226 [inline]
 posix_timer_cleanup_ignored kernel/time/posix-timers.c:977 [inline]
 exit_itimers+0x334/0x34c kernel/time/posix-timers.c:1114
 do_exit+0x17c/0x98c kernel/exit.c:912
 do_group_exit+0x34/0x90 kernel/exit.c:1087
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:3036
 do_signal+0x94/0x360 arch/arm64/kernel/signal.c:1658
 do_notify_resume+0xd8/0x164 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc0/0xe0 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---