------------[ cut here ]------------
WARNING: CPU: 1 PID: 3629 at kernel/signal.c:2050 rcuref_put include/linux/rcuref.h:151 [inline]
WARNING: CPU: 1 PID: 3629 at kernel/signal.c:2050 posixtimer_putref include/linux/posix-timers.h:226 [inline]
WARNING: CPU: 1 PID: 3629 at kernel/signal.c:2050 posixtimer_send_sigqueue+0x274/0x38c kernel/signal.c:2044
Modules linked in:
CPU: 1 UID: 0 PID: 3629 Comm: syz.1.97 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0
Hardware name: linux,dummy-virt (DT)
pstate: 004020c9 (nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : posixtimer_send_sigqueue+0x274/0x38c kernel/signal.c:2050
lr : posixtimer_send_sigqueue+0x94/0x38c kernel/signal.c:2005
sp : ffff800089b03d20
x29: ffff800089b03d20 x28: f3f00000094f36c0 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 000000000000000e
x23: 0000000000000000 x22: f6f000000948e088 x21: f3f00000094f36c0
x20: 0000000000000001 x19: f6f000000948e000 x18: 0000000000000000
x17: fff07ffffd18c000 x16: ffff800080008000 x15: 0000000000000000
x14: 0000000000000386 x13: ffff8000827800c8 x12: 0000000000000001
x11: 0000002abdb2a7f2 x10: 5cf07afdf9af6f33 x9 : f8f000000304db00
x8 : ffff800089b03748 x7 : 0000000000000001 x6 : dead000000000100
x5 : 0000000000000000 x4 : f6f000000948e110 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f3f00000094f36c0 x0 : faf00000053f9710
Call trace:
 rcuref_put include/linux/rcuref.h:151 [inline] (P)
 posixtimer_putref include/linux/posix-timers.h:226 [inline] (P)
 posixtimer_send_sigqueue+0x274/0x38c kernel/signal.c:2044 (P)
 posix_timer_queue_signal+0x24/0x30 kernel/time/posix-timers.c:308
 cpu_timer_fire kernel/time/posix-cpu-timers.c:607 [inline]
 handle_posix_cpu_timers kernel/time/posix-cpu-timers.c:1390 [inline]
 posix_cpu_timers_work+0x1cc/0x4e4 kernel/time/posix-cpu-timers.c:1137
 task_work_run+0x78/0xd4 kernel/task_work.c:239
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 do_notify_resume+0x134/0x164 arch/arm64/kernel/entry-common.c:151
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc0/0xe0 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---