list_del corruption. prev->next should be ffff00011ebfc200, but was ffff00010b8c2f28. (prev=ffff00010b8c2f28) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:61! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 16688 Comm: syz-executor.3 Not tainted 6.0.0-rc6-syzkaller-17742-gc194837ebb57 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __list_del_entry_valid+0xbc/0xd0 lib/list_debug.c:59 lr : __list_del_entry_valid+0xbc/0xd0 lib/list_debug.c:59 sp : ffff800013463af0 x29: ffff800013463af0 x28: ffff0000eb47b500 x27: 0000000000000000 x26: 0000000000000098 x25: ffff00011f4ed8e8 x24: ffff00011f4ed898 x23: ffff00011f4ed940 x22: ffff80000cc5f057 x21: ffff0000eb47b500 x20: ffff00011f4ed800 x19: ffff00011ebfc200 x18: 00000000000003d0 x17: ffff80000bffd6bc x16: ffff80000db49158 x15: ffff0000eb47b500 x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000eb47b500 x11: ff808000081c1630 x10: 0000000000000000 x9 : d1b96e4997174f00 x8 : d1b96e4997174f00 x7 : ffff8000081625f0 x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : ffff0001fefddcd0 x1 : 0000000100000000 x0 : 000000000000006d Call trace: __list_del_entry_valid+0xbc/0xd0 lib/list_debug.c:59 __list_del_entry include/linux/list.h:134 [inline] list_del include/linux/list.h:148 [inline] io_uring_del_tctx_node+0x74/0x114 io_uring/tctx.c:176 io_uring_clean_tctx+0x60/0xe8 io_uring/tctx.c:191 io_uring_cancel_generic+0x2f0/0x390 io_uring/io_uring.c:2852 __io_uring_cancel+0x24/0x34 io_uring/io_uring.c:2866 io_uring_files_cancel include/linux/io_uring.h:44 [inline] do_exit+0x8c/0xbe0 kernel/exit.c:750 do_group_exit+0x70/0xe8 kernel/exit.c:925 get_signal+0xb0c/0xb40 kernel/signal.c:2857 do_signal+0x128/0x438 arch/arm64/kernel/signal.c:1071 do_notify_resume+0xc0/0x1f0 arch/arm64/kernel/signal.c:1124 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline] el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654 el0t_64_sync+0x18c/0x190 Code: 9001b460 912d2000 aa0803e3 94a768fe (d4210000) ---[ end trace 0000000000000000 ]---