------------[ cut here ]------------ WARNING: CPU: 0 PID: 5181 at kernel/workqueue.c:4442 pwq_busy kernel/workqueue.c:4394 [inline] WARNING: CPU: 0 PID: 5181 at kernel/workqueue.c:4442 destroy_workqueue+0x218/0x650 kernel/workqueue.c:4442 Modules linked in: CPU: 0 PID: 5181 Comm: syz-executor.1 Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 Hardware name: linux,dummy-virt (DT) pstate: 100000c5 (nzcV daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : destroy_workqueue+0x218/0x650 kernel/workqueue.c:4442 lr : destroy_workqueue+0x13c/0x650 kernel/workqueue.c:4441 sp : ffff8000187679d0 x29: ffff8000187679d0 x28: 1fffe0000297c580 x27: ffff000014be2c00 x26: dfff800000000000 x25: ffff80000e093ec0 x24: ffff000015893020 x23: 0000000000000003 x22: ffff80000e093100 x21: ffff000015893000 x20: 0000000000000003 x19: ffff000014be2c28 x18: ffff00006a985c00 x17: 0000000000000000 x16: 0000000000000000 x15: ffff00006a985bc8 x14: 1ffff000030ecf04 x13: 0000000000000000 x12: ffff7000030ecf2f x11: 1ffff000030ecf2e x10: ffff7000030ecf2e x9 : dfff800000000000 x8 : ffff800018767973 x7 : 0000000000000004 x6 : 0000000000000001 x5 : ffff800018767970 x4 : 0000000000000000 x3 : 1fffe0000d530601 x2 : 1fffe0000297c584 x1 : 0000000000000007 x0 : 0000000000000001 Call trace: pwq_busy kernel/workqueue.c:4394 [inline] destroy_workqueue+0x218/0x650 kernel/workqueue.c:4442 nci_unregister_device+0x60/0x280 net/nfc/nci/core.c:1293 virtual_ncidev_close+0x70/0x90 drivers/nfc/virtual_ncidev.c:166 __fput+0x1ac/0x860 fs/file_table.c:320 ____fput+0x10/0x1c fs/file_table.c:348 task_work_run+0x12c/0x220 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] do_notify_resume+0x920/0x2840 arch/arm64/kernel/signal.c:1127 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline] el0_svc+0x11c/0x140 arch/arm64/kernel/entry-common.c:638 el0t_64_sync_handler+0xb8/0xc0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 irq event stamp: 10032 hardirqs last enabled at (10031): [] kasan_quarantine_put+0x108/0x254 mm/kasan/quarantine.c:242 hardirqs last disabled at (10032): [] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:117 [inline] hardirqs last disabled at (10032): [] _raw_spin_lock_irq+0x8c/0x90 kernel/locking/spinlock.c:170 softirqs last enabled at (10022): [] _stext+0x9d4/0x107c softirqs last disabled at (9987): [] ____do_softirq+0x10/0x20 arch/arm64/kernel/irq.c:79 ---[ end trace 0000000000000000 ]--- destroy_workqueue: nfc2_nci_cmd_wq has the following busy pwq pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=3 pending: nci_cmd_work workqueue nfc2_nci_cmd_wq: flags=0xe000a pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/1 refcnt=3 in-flight: 52:nci_cmd_work ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: nci_cmd_timer+0x0/0xa0 net/nfc/nci/core.c:624 WARNING: CPU: 0 PID: 5181 at lib/debugobjects.c:502 debug_print_object+0x188/0x264 lib/debugobjects.c:502 Modules linked in: CPU: 0 PID: 5181 Comm: syz-executor.1 Tainted: G W 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 Hardware name: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : debug_print_object+0x188/0x264 lib/debugobjects.c:502 lr : debug_print_object+0x188/0x264 lib/debugobjects.c:502 sp : ffff800018767820 x29: ffff800018767820 x28: dfff800000000000 x27: ffff000016765348 x26: 0000000000000002 x25: ffff80000835baf0 x24: ffff80000cd3b2c0 x23: ffff80000cac62a0 x22: 0000000000000003 x21: ffff80000cd3aaa0 x20: ffff80000dfefb78 x19: ffff000015ad1f18 x18: ffff00006a9a4c00 x17: 6e6968207473696c x16: 5f72656d6974203a x15: 6570797420746365 x14: 1ffff000030ece60 x13: 1fffe000027594a9 x12: ffff60000d530b95 x11: 1fffe0000d530b94 x10: ffff60000d530b94 x9 : dfff800000000000 x8 : ffff00006a985ca3 x7 : 00009ffff2acf46c x6 : 0000000000000001 x5 : ffff00006a985ca0 x4 : 1fffe00002759369 x3 : dfff800000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000013ac9b40 Call trace: debug_print_object+0x188/0x264 lib/debugobjects.c:502 __debug_check_no_obj_freed lib/debugobjects.c:989 [inline] debug_check_no_obj_freed+0x2e4/0x420 lib/debugobjects.c:1020 slab_free_hook mm/slub.c:1699 [inline] slab_free_freelist_hook+0x124/0x1bc mm/slub.c:1750 slab_free mm/slub.c:3661 [inline] __kmem_cache_free+0xa4/0x370 mm/slub.c:3674 kfree+0xdc/0x284 mm/slab_common.c:1007 nci_free_device+0x44/0x5c net/nfc/nci/core.c:1205 virtual_ncidev_close+0x78/0x90 drivers/nfc/virtual_ncidev.c:167 __fput+0x1ac/0x860 fs/file_table.c:320 ____fput+0x10/0x1c fs/file_table.c:348 task_work_run+0x12c/0x220 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] do_notify_resume+0x920/0x2840 arch/arm64/kernel/signal.c:1127 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline] el0_svc+0x11c/0x140 arch/arm64/kernel/entry-common.c:638 el0t_64_sync_handler+0xb8/0xc0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 irq event stamp: 10472 hardirqs last enabled at (10471): [] __up_console_sem+0x78/0x84 kernel/printk/printk.c:261 hardirqs last disabled at (10472): [] el1_dbg+0x24/0xa0 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (10284): [] _stext+0x9d4/0x107c softirqs last disabled at (10269): [] ____do_softirq+0x10/0x20 arch/arm64/kernel/irq.c:79 ---[ end trace 0000000000000000 ]---