[ 422.562542][T10928] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 422.708393][T10928] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 422.860917][T10928] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 423.020895][T10928] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 425.013637][T10928] device hsr_slave_0 left promiscuous mode
[ 425.021730][T10928] device hsr_slave_1 left promiscuous mode
[ 425.030402][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 425.041009][T10928] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 425.051924][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 425.064840][T10928] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 425.077546][T10928] device bridge_slave_1 left promiscuous mode
[ 425.087268][T10928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 425.100961][T10928] device bridge_slave_0 left promiscuous mode
[ 425.108933][T10928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 425.128238][T10928] device veth1_macvtap left promiscuous mode
[ 425.144928][T10928] device veth0_macvtap left promiscuous mode
[ 425.160401][T10928] device veth1_vlan left promiscuous mode
[ 425.170398][T10928] device veth0_vlan left promiscuous mode
[ 429.279958][T10928] team0 (unregistering): Port device team_slave_1 removed
[ 429.300849][T10928] team0 (unregistering): Port device team_slave_0 removed
[ 429.319223][T10928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 429.334104][T10928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts.
[ 429.391435][T10928] bond0 (unregistering): Released all slaves
[ 430.751532][ T7355] IPVS: ftp: loaded support on port[0] = 21
[ 430.911775][T10928] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 431.141760][T10928] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 431.374302][T10928] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 431.600693][T10928] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 431.995984][T10928] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 432.429877][T10928] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 432.649091][T10928] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 432.705666][ T7247] Bluetooth: hci0: command 0x0409 tx timeout
[ 432.881815][T10928] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 433.310043][T10928] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 433.651153][T10928] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 433.841066][T10928] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 434.057534][T10928] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 434.451611][T10928] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 434.785553][ T7247] Bluetooth: hci0: command 0x041b tx timeout
[ 434.867579][T10928] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 435.073480][T10928] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 435.286465][T10928] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 436.873987][ T8065] Bluetooth: hci0: command 0x040f tx timeout
[ 438.945215][ T8065] Bluetooth: hci0: command 0x0419 tx timeout
[ 439.756457][ T3261] ieee802154 phy0 wpan0: encryption failed: -22
[ 439.762812][ T3261] ieee802154 phy1 wpan1: encryption failed: -22
[ 446.002862][T10928] device hsr_slave_0 left promiscuous mode
[ 446.011776][T10928] device hsr_slave_1 left promiscuous mode
[ 446.021048][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 446.030742][T10928] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 446.041873][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 446.050557][T10928] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 446.063114][T10928] device bridge_slave_1 left promiscuous mode
[ 446.071287][T10928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 446.082480][T10928] device bridge_slave_0 left promiscuous mode
[ 446.090208][T10928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 446.104702][T10928] device hsr_slave_0 left promiscuous mode
[ 446.119392][T10928] device hsr_slave_1 left promiscuous mode
[ 446.128176][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 446.141491][T10928] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 446.155190][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 446.164715][T10928] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 446.181714][T10928] device bridge_slave_1 left promiscuous mode
[ 446.190368][T10928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 446.202284][T10928] device bridge_slave_0 left promiscuous mode
[ 446.209965][T10928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 446.233694][T10928] device hsr_slave_0 left promiscuous mode
[ 446.242038][T10928] device hsr_slave_1 left promiscuous mode
[ 446.250318][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 446.259316][T10928] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 446.275682][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 446.283607][T10928] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 446.295319][T10928] device bridge_slave_1 left promiscuous mode
[ 446.301802][T10928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 446.313782][T10928] device bridge_slave_0 left promiscuous mode
[ 446.323335][T10928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 446.336446][T10928] device hsr_slave_0 left promiscuous mode
[ 446.343378][T10928] device hsr_slave_1 left promiscuous mode
[ 446.351804][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 446.361196][T10928] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 446.372203][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 446.380590][T10928] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 446.391764][T10928] device bridge_slave_1 left promiscuous mode
[ 446.402283][T10928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 446.412522][T10928] device bridge_slave_0 left promiscuous mode
[ 446.423434][T10928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 446.445724][T10928] device hsr_slave_0 left promiscuous mode
[ 446.453361][T10928] device hsr_slave_1 left promiscuous mode
[ 446.467418][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 446.479035][T10928] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 446.489200][T10928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 446.497859][T10928] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 446.509937][T10928] device bridge_slave_1 left promiscuous mode
[ 446.520726][T10928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 446.530162][T10928] device bridge_slave_0 left promiscuous mode
[ 446.538942][T10928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 446.569104][T10928] device veth1_macvtap left promiscuous mode
[ 446.579525][T10928] device veth0_macvtap left promiscuous mode
[ 446.586858][T10928] device veth1_vlan left promiscuous mode
[ 446.593193][T10928] device veth0_vlan left promiscuous mode
[ 446.604885][T10928] device veth1_macvtap left promiscuous mode
[ 446.611451][T10928] device veth0_macvtap left promiscuous mode
[ 446.618268][T10928] device veth1_vlan left promiscuous mode
[ 446.624718][T10928] device veth0_vlan left promiscuous mode
[ 446.642224][T10928] device veth1_macvtap left promiscuous mode
[ 446.650248][T10928] device veth0_macvtap left promiscuous mode
[ 446.661150][T10928] device veth1_vlan left promiscuous mode
[ 446.671710][T10928] device veth0_vlan left promiscuous mode
[ 446.682868][T10928] device veth1_macvtap left promiscuous mode
[ 446.689374][T10928] device veth0_macvtap left promiscuous mode
[ 446.696432][T10928] device veth1_vlan left promiscuous mode
[ 446.706440][T10928] device veth0_vlan left promiscuous mode
[ 446.713801][T10928] device veth1_macvtap left promiscuous mode
[ 446.722768][T10928] device veth0_macvtap left promiscuous mode
[ 446.731130][T10928] device veth1_vlan left promiscuous mode
[ 446.739015][T10928] device veth0_vlan left promiscuous mode
[ 483.418591][T10928] team0 (unregistering): Port device team_slave_1 removed
[ 483.437675][T10928] team0 (unregistering): Port device team_slave_0 removed
[ 483.453456][T10928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 483.477659][T10928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 483.561211][T10928] bond0 (unregistering): Released all slaves
[ 483.709578][T10928] team0 (unregistering): Port device team_slave_1 removed
[ 483.727613][T10928] team0 (unregistering): Port device team_slave_0 removed
[ 483.742642][T10928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 483.765141][T10928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 483.847854][T10928] bond0 (unregistering): Released all slaves
[ 484.001212][T10928] team0 (unregistering): Port device team_slave_1 removed
[ 484.016464][T10928] team0 (unregistering): Port device team_slave_0 removed
[ 484.037876][T10928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 484.053458][T10928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 484.118214][T10928] bond0 (unregistering): Released all slaves
[ 484.288187][T10928] team0 (unregistering): Port device team_slave_1 removed
[ 484.312469][T10928] team0 (unregistering): Port device team_slave_0 removed
[ 484.327140][T10928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 484.343747][T10928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 484.427284][T10928] bond0 (unregistering): Released all slaves
[ 484.587367][T10928] team0 (unregistering): Port device team_slave_1 removed
[ 484.610215][T10928] team0 (unregistering): Port device team_slave_0 removed
[ 484.629549][T10928] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 484.651137][T10928] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 484.739327][T10928] bond0 (unregistering): Released all slaves
[ 501.180911][ T3261] ieee802154 phy0 wpan0: encryption failed: -22
[ 501.187781][ T3261] ieee802154 phy1 wpan1: encryption failed: -22
[ 541.267644][ T1715]
[ 541.270814][ T1715] ========================================================
[ 541.274731][ C0] ------------[ cut here ]------------
[ 541.278432][ T1715] WARNING: possible irq lock inversion dependency detected
[ 541.278439][ T1715] 5.11.0-rc6-syzkaller #0 Not tainted
[ 541.284073][ C0] refcount_t: underflow; use-after-free.
[ 541.284147][ C0] WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x140
[ 541.291699][ T1715] --------------------------------------------------------
[ 541.291703][ T1715] syz-executor913/1715 just changed the state of lock:
[ 541.297531][ C0] Modules linked in:
[ 541.303830][ T1715] ffff88801e107978
[ 541.314650][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.11.0-rc6-syzkaller #0
[ 541.322230][ T1715] (&tctx->task_lock
[ 541.330367][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 541.334296][ T1715] ){+...}-{2:2}
[ 541.338088][ C0] RIP: 0010:refcount_warn_saturate+0x12b/0x140
[ 541.346513][ T1715] , at: tctx_task_work+0x85/0x310
[ 541.350481][ C0] Code: 5d 83 04 0f 0b e9 53 ff ff ff 48 89 df e8 bd 98 2d fe e9 23 ff ff ff 48 c7 c7 c0 90 dd 88 c6 05 d0 b3 ab 08 01 e8 f7 5c 83 04 <0f> 0b e9 2c ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41
[ 541.361731][ T1715] but this lock was taken by another, HARDIRQ-safe lock in the past:
[ 541.361736][ T1715] (
[ 541.365307][ C0] RSP: 0018:ffffc90000007d68 EFLAGS: 00010086
[ 541.371882][ T1715] &ctx->completion_lock
[ 541.377170][ C0]
[ 541.377175][ C0] RAX: 0000000000000000 RBX: ffff8880195b8e1c RCX: 0000000000000000
[ 541.397614][ T1715] ){-...}-{2:2}
[ 541.406470][ C0] RDX: 0000000000010002 RSI: 0000000000000004 RDI: fffff52000000f9f
[ 541.409049][ T1715]
[ 541.409049][ T1715]
[ 541.409049][ T1715] and interrupts could create inverse lock ordering between them.
[ 541.409049][ T1715]
[ 541.415482][ C0] RBP: 0000000000000003 R08: 0000000000000001 R09: ffff8880b9e2015b
[ 541.419796][ T1715]
[ 541.419796][ T1715] other info that might help us debug this:
[ 541.422177][ C0] R10: ffffed10173c402b R11: 0000000000000001 R12: ffff8880195b8e1c
[ 541.430613][ T1715] Possible interrupt unsafe locking scenario:
[ 541.430613][ T1715]
[ 541.430618][ T1715] CPU0 CPU1
[ 541.434253][ C0] R13: ffff88801db82480 R14: ffff8880412428c0 R15: ffff8880195b8e10
[ 541.442470][ T1715] ---- ----
[ 541.442473][ T1715] lock(
[ 541.457546][ C0] FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
[ 541.466017][ T1715] &tctx->task_lock
[ 541.474311][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 541.482794][ T1715] );
[ 541.482796][ T1715] local_irq_disable();
[ 541.492024][ C0] CR2: 0000000000000000 CR3: 000000004071d000 CR4: 00000000001506f0
[ 541.497553][ T1715] lock(&ctx->completion_lock
[ 541.506111][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 541.511713][ T1715] );
[ 541.511716][ T1715] lock(
[ 541.514724][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 541.523724][ T1715] &tctx->task_lock
[ 541.527501][ C0] Call Trace:
[ 541.527507][ C0]
[ 541.534864][ T1715] );
[ 541.534871][ T1715]
[ 541.537641][ C0] io_link_timeout_fn+0x406/0x5d0
[ 541.544833][ T1715] lock(&ctx->completion_lock
[ 541.553328][ C0] ? io_async_find_and_cancel+0x1f0/0x1f0
[ 541.560776][ T1715] );
[ 541.569461][ C0] ? timerqueue_del+0x64/0x120
[ 541.572111][ T1715]
[ 541.572111][ T1715] *** DEADLOCK ***
[ 541.572111][ T1715]
[ 541.572115][ T1715] no locks held by syz-executor913/1715.
[ 541.577870][ C0] ? io_async_find_and_cancel+0x1f0/0x1f0
[ 541.586196][ T1715]
[ 541.586196][ T1715] the shortest dependencies between 2nd lock and 1st lock:
[ 541.586217][ T1715] ->
[ 541.589996][ C0] __hrtimer_run_queues+0x4d7/0xb00
[ 541.593354][ T1715] (&ctx->completion_lock
[ 541.596283][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80
[ 541.599194][ T1715] ){-...}-{2:2}
[ 541.602893][ C0] ? ktime_get_update_offsets_now+0xe8/0x450
[ 541.608429][ T1715] {
[ 541.613619][ C0] hrtimer_interrupt+0x300/0x930
[ 541.619569][ T1715] IN-HARDIRQ-W
[ 541.622311][ C0] __sysvec_apic_timer_interrupt+0x146/0x540
[ 541.627123][ T1715] at:
[ 541.627126][ T1715] lock_acquire+0x1a8/0x720
[ 541.636313][ C0] asm_call_irq_on_stack+0xf/0x20
[ 541.643882][ T1715] _raw_spin_lock_irqsave+0x39/0x50
[ 541.650121][ C0]
[ 541.660503][ T1715] io_timeout_fn+0x6a/0x390
[ 541.663286][ C0] sysvec_apic_timer_interrupt+0xbd/0x100
[ 541.669252][ T1715] __hrtimer_run_queues+0x4d7/0xb00
[ 541.674121][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 541.680699][ T1715] hrtimer_interrupt+0x300/0x930
[ 541.684232][ C0] RIP: 0010:acpi_idle_do_entry+0x161/0x1c0
[ 541.690281][ T1715] __sysvec_apic_timer_interrupt+0x146/0x540
[ 541.692850][ C0] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 6d 48 8b 45 00 a8 08 75 c9 e8 3d fe 35 f9 e9 07 00 00 00 0f 00 2d 61 2e b1 00 fb f4 <9c> 58 fa f6 c4 02 74 ae 5d e9 91 fa 35 f9 48 89 ef 5d e9 c8 f9 ff
[ 541.697896][ T1715] asm_call_irq_on_stack+0xf/0x20
[ 541.701941][ C0] RSP: 0018:ffffffff8a407d90 EFLAGS: 00000202
[ 541.708241][ T1715] sysvec_apic_timer_interrupt+0xbd/0x100
[ 541.708249][ T1715] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 541.708253][ T1715] _raw_spin_unlock_irq+0x25/0x40
[ 541.708259][ T1715] io_issue_sqe+0x10ab/0x4910
[ 541.708266][ T1715] __io_queue_sqe+0x1b8/0xc70
[ 541.708270][ T1715] io_submit_sqes+0x149f/0x2460
[ 541.708275][ T1715] __do_sys_io_uring_enter+0xb94/0x17d0
[ 541.708280][ T1715] do_syscall_64+0x2d/0x70
[ 541.708284][ T1715] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 541.708291][ T1715] INITIAL USE at:
[ 541.708296][ T1715] lock_acquire+0x1a8/0x720
[ 541.708302][ T1715] _raw_spin_lock_irqsave+0x39/0x50
[ 541.708307][ T1715] io_req_complete_post+0x49/0x780
[ 541.708312][ T1715] __io_queue_sqe+0x30e/0xc70
[ 541.708316][ T1715] io_submit_sqes+0x1110/0x2460
[ 541.708321][ T1715] __do_sys_io_uring_enter+0xb94/0x17d0
[ 541.711144][ C0]
[ 541.711146][ C0] RAX: 00000000000f1cd9 RBX: ffff888016784065 RCX: 1ffffffff1866459
[ 541.718315][ T1715] do_syscall_64+0x2d/0x70
[ 541.723505][ C0] RDX: 0000000000000000 RSI: ffffffff888afb60 RDI: ffffffff88ddcdc0
[ 541.730680][ T1715] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 541.733675][ C0] RBP: ffffffff8a4bb380 R08: 0000000000000001 R09: 0000000000000001
[ 541.740258][ T1715] }
[ 541.746124][ C0] R10: fffffbfff1497670 R11: 0000000000000001 R12: 0000000000000001
[ 541.753495][ T1715] ... key at: [] __key.9+0x0/0x40
[ 541.759461][ C0] R13: ffff888016784064 R14: ffffffff8b0ade80 R15: ffff888018d36804
[ 541.766308][ T1715] ... acquired at:
[ 541.766311][ T1715] _raw_spin_lock+0x2a/0x40
[ 541.772310][ C0] acpi_idle_enter+0x2c0/0x4b0
[ 541.780520][ T1715] io_req_task_work_add+0x10d/0x500
[ 541.801264][ C0] ? rcu_preempt_deferred_qs+0x13/0xe0
[ 541.808168][ T1715] io_kill_timeout.part.0+0x22a/0x390
[ 541.814407][ C0] cpuidle_enter_state+0x152/0xb40
[ 541.822392][ T1715] io_commit_cqring+0x210/0x9b0
[ 541.830532][ C0] cpuidle_enter+0x45/0xa0
[ 541.837694][ T1715] io_req_complete_post+0x65/0x780
[ 541.845248][ C0] do_idle+0x3e1/0x590
[ 541.852006][ T1715] __io_queue_sqe+0x30e/0xc70
[ 541.859226][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 541.866883][ T1715] io_submit_sqes+0x1110/0x2460
[ 541.873305][ C0] cpu_startup_entry+0x14/0x20
[ 541.881320][ T1715] __do_sys_io_uring_enter+0xb94/0x17d0
[ 541.885713][ C0] start_kernel+0x330/0x34d
[ 541.892304][ T1715] do_syscall_64+0x2d/0x70
[ 541.899748][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 541.906939][ T1715] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 541.913435][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 541.920351][ T1715]
[ 541.920356][ T1715] ->
[ 541.927704][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.11.0-rc6-syzkaller #0
[ 541.930100][ T1715] (&tctx->task_lock
[ 541.938230][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 541.938240][ C0] Call Trace:
[ 541.938246][ C0]
[ 541.938250][ C0] dump_stack+0x9a/0xcc
[ 541.944493][ T1715] ){+...}-{2:2}
[ 541.952812][ C0] panic+0x256/0x4eb
[ 541.960674][ T1715] {
[ 541.960677][ T1715] HARDIRQ-ON-W
[ 541.969165][ C0] ? __warn_printk+0xee/0xee
[ 541.971997][ T1715] at:
[ 541.972001][ T1715] lock_acquire+0x1a8/0x720
[ 541.980137][ C0] ? refcount_warn_saturate+0x12b/0x140
[ 541.987663][ T1715] _raw_spin_lock+0x2a/0x40
[ 541.995980][ C0] __warn.cold+0x2b/0x35
[ 541.999952][ T1715] tctx_task_work+0x85/0x310
[ 542.004963][ C0] ? refcount_warn_saturate+0x12b/0x140
[ 542.010814][ T1715] task_work_run+0xc0/0x160
[ 542.016866][ C0] report_bug+0x15a/0x1b0
[ 542.022303][ T1715] exit_to_user_mode_prepare+0x221/0x250
[ 542.028247][ C0] ? vprintk_emit+0xb7/0x2d0
[ 542.033616][ T1715] syscall_exit_to_user_mode+0x19/0x60
[ 542.038718][ C0] handle_bug+0x3c/0x60
[ 542.043205][ T1715] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 542.048740][ C0] exc_invalid_op+0x14/0x40
[ 542.053062][ T1715] INITIAL USE
[ 542.057975][ C0] asm_exc_invalid_op+0x12/0x20
[ 542.062968][ T1715] at:
[ 542.062971][ T1715] lock_acquire+0x1a8/0x720
[ 542.068119][ C0] RIP: 0010:refcount_warn_saturate+0x12b/0x140
[ 542.073149][ T1715] _raw_spin_lock+0x2a/0x40
[ 542.079120][ C0] Code: 5d 83 04 0f 0b e9 53 ff ff ff 48 89 df e8 bd 98 2d fe e9 23 ff ff ff 48 c7 c7 c0 90 dd 88 c6 05 d0 b3 ab 08 01 e8 f7 5c 83 04 <0f> 0b e9 2c ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41
[ 542.083740][ T1715] io_req_task_work_add+0x10d/0x500
[ 542.088651][ C0] RSP: 0018:ffffc90000007d68 EFLAGS: 00010086
[ 542.094609][ T1715] io_kill_timeout.part.0+0x22a/0x390
[ 542.101223][ C0]
[ 542.107888][ T1715] io_commit_cqring+0x210/0x9b0
[ 542.110307][ C0] RAX: 0000000000000000 RBX: ffff8880195b8e1c RCX: 0000000000000000
[ 542.112873][ T1715] io_req_complete_post+0x65/0x780
[ 542.121077][ C0] RDX: 0000000000010002 RSI: 0000000000000004 RDI: fffff52000000f9f
[ 542.125057][ T1715] __io_queue_sqe+0x30e/0xc70
[ 542.135451][ C0] RBP: 0000000000000003 R08: 0000000000000001 R09: ffff8880b9e2015b
[ 542.138814][ T1715] io_submit_sqes+0x1110/0x2460
[ 542.141725][ C0] R10: ffffed10173c402b R11: 0000000000000001 R12: ffff8880195b8e1c
[ 542.146023][ T1715] __do_sys_io_uring_enter+0xb94/0x17d0
[ 542.149626][ C0] R13: ffff88801db82480 R14: ffff8880412428c0 R15: ffff8880195b8e10
[ 542.153498][ T1715] do_syscall_64+0x2d/0x70
[ 542.155982][ C0] ? refcount_warn_saturate+0x12b/0x140
[ 542.159752][ T1715] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 542.164893][ C0] io_link_timeout_fn+0x406/0x5d0
[ 542.167645][ T1715] }
[ 542.174204][ C0] ? io_async_find_and_cancel+0x1f0/0x1f0
[ 542.179916][ T1715] ... key at: [] __key.15+0x0/0x40
[ 542.186042][ C0] ? timerqueue_del+0x64/0x120
[ 542.190340][ T1715] ... acquired at:
[ 542.190343][ T1715] __lock_acquire+0x87b/0x57d0
[ 542.196574][ C0] ? io_async_find_and_cancel+0x1f0/0x1f0
[ 542.202545][ T1715] lock_acquire+0x1a8/0x720
[ 542.209053][ C0] __hrtimer_run_queues+0x4d7/0xb00
[ 542.213626][ T1715] _raw_spin_lock+0x2a/0x40
[ 542.220996][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80
[ 542.225652][ T1715] tctx_task_work+0x85/0x310
[ 542.225660][ T1715] task_work_run+0xc0/0x160
[ 542.232908][ C0] ? ktime_get_update_offsets_now+0xe8/0x450
[ 542.237521][ T1715] exit_to_user_mode_prepare+0x221/0x250
[ 542.245155][ C0] hrtimer_interrupt+0x300/0x930
[ 542.249726][ T1715] syscall_exit_to_user_mode+0x19/0x60
[ 542.254035][ C0] __sysvec_apic_timer_interrupt+0x146/0x540
[ 542.259038][ T1715] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 542.261691][ C0] asm_call_irq_on_stack+0xf/0x20
[ 542.267825][ T1715]
[ 542.267827][ T1715]
[ 542.267827][ T1715] stack backtrace:
[ 542.273949][ C0]
[ 542.549311][ C0] sysvec_apic_timer_interrupt+0xbd/0x100
[ 542.555361][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 542.561500][ C0] RIP: 0010:acpi_idle_do_entry+0x161/0x1c0
[ 542.567548][ C0] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 6d 48 8b 45 00 a8 08 75 c9 e8 3d fe 35 f9 e9 07 00 00 00 0f 00 2d 61 2e b1 00 fb f4 <9c> 58 fa f6 c4 02 74 ae 5d e9 91 fa 35 f9 48 89 ef 5d e9 c8 f9 ff
[ 542.588101][ C0] RSP: 0018:ffffffff8a407d90 EFLAGS: 00000202
[ 542.594326][ C0] RAX: 00000000000f1cd9 RBX: ffff888016784065 RCX: 1ffffffff1866459
[ 542.602366][ C0] RDX: 0000000000000000 RSI: ffffffff888afb60 RDI: ffffffff88ddcdc0
[ 542.610755][ C0] RBP: ffffffff8a4bb380 R08: 0000000000000001 R09: 0000000000000001
[ 542.619016][ C0] R10: fffffbfff1497670 R11: 0000000000000001 R12: 0000000000000001
[ 542.627138][ C0] R13: ffff888016784064 R14: ffffffff8b0ade80 R15: ffff888018d36804
[ 542.635421][ C0] acpi_idle_enter+0x2c0/0x4b0
[ 542.640268][ C0] ? rcu_preempt_deferred_qs+0x13/0xe0
[ 542.645745][ C0] cpuidle_enter_state+0x152/0xb40
[ 542.651111][ C0] cpuidle_enter+0x45/0xa0
[ 542.655932][ C0] do_idle+0x3e1/0x590
[ 542.660583][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 542.665764][ C0] cpu_startup_entry+0x14/0x20
[ 542.670501][ C0] start_kernel+0x330/0x34d
[ 542.675419][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 542.681417][ T1715] CPU: 1 PID: 1715 Comm: syz-executor913 Not tainted 5.11.0-rc6-syzkaller #0
[ 542.690777][ T1715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 542.700995][ T1715] Call Trace:
[ 542.704462][ T1715] dump_stack+0x9a/0xcc
[ 542.708827][ T1715] mark_lock.cold+0x6d/0x72
[ 542.713384][ T1715] ? lock_chain_count+0x20/0x20
[ 542.718814][ T1715] ? mark_lock+0xee/0x1720
[ 542.723203][ T1715] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 542.729408][ T1715] ? lock_chain_count+0x20/0x20
[ 542.734349][ T1715] __lock_acquire+0x87b/0x57d0
[ 542.739302][ T1715] ? __lock_acquire+0x1644/0x57d0
[ 542.744329][ T1715] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 542.750296][ T1715] lock_acquire+0x1a8/0x720
[ 542.754946][ T1715] ? tctx_task_work+0x85/0x310
[ 542.760111][ T1715] ? lock_release+0x710/0x710
[ 542.764759][ T1715] ? find_held_lock+0x2d/0x110
[ 542.769584][ T1715] ? task_work_run+0xa3/0x160
[ 542.774322][ T1715] _raw_spin_lock+0x2a/0x40
[ 542.778896][ T1715] ? tctx_task_work+0x85/0x310
[ 542.783731][ T1715] tctx_task_work+0x85/0x310
[ 542.788382][ T1715] task_work_run+0xc0/0x160
[ 542.792976][ T1715] exit_to_user_mode_prepare+0x221/0x250
[ 542.798902][ T1715] syscall_exit_to_user_mode+0x19/0x60
[ 542.804635][ T1715] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 542.810601][ T1715] RIP: 0033:0x4510d9
[ 542.814586][ T1715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 542.835134][ T1715] RSP: 002b:00000000005efcd8 EFLAGS: 00000216 ORIG_RAX: 00000000000001aa
[ 542.843746][ T1715] RAX: 0000000000000100 RBX: 0000000000000003 RCX: 00000000004510d9
[ 542.852090][ T1715] RDX: 0000000000000000 RSI: 000000000000450c RDI: 0000000000000003
[ 542.860499][ T1715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 542.869349][ T1715] R10: 0000000000000000 R11: 0000000000000216 R12: 00000000005efd28
[ 542.877683][ T1715] R13: 00000000005efd40 R14: 00000000005efd80 R15: 00000000000019f2
[ 542.887333][ C0] Kernel Offset: disabled
[ 542.892208][ C0] Rebooting in 86400 seconds..