[syzbot] [mm?] WARNING in __put_task_struct (5)
1 view
Skip to first unread message
syzbot
Jun 18, 2025, 8:56:33 AM6/18/25
to Liam.H...@oracle.com, ak...@linux-foundation.org, bse...@google.com, da...@redhat.com, dietmar....@arm.com, juri....@redhat.com, ke...@kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, lorenzo...@oracle.com, mgo...@suse.de, mho...@suse.com, mi...@redhat.com, pet...@infradead.org, ros...@goodmis.org, rp...@kernel.org, sur...@google.com, syzkall...@googlegroups.com, vba...@suse.cz, vincent...@linaro.org, vsch...@redhat.com
Hello,
syzbot found the following issue on:
HEAD commit: 4663747812d1 Merge tag 'platform-drivers-x86-v6.16-2' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1626f90c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d6f01a06a8393850
dashboard link: https://syzkaller.appspot.com/bug?extid=ca15a081ac6b8357d82c
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c9d5d4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ef27ce1c74bb/disk-46637478.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2962783b1956/vmlinux-46637478.xz
kernel image: https://storage.googleapis.com/syzbot-assets/faa841f27097/bzImage-46637478.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ca15a0...@syzkaller.appspotmail.com
RBP: 00007ff5f3810b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff5f39b5fa0 R15: 00007ffd192cb478
</TASK>
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6071 at kernel/fork.c:731 __put_task_struct+0x340/0x530 kernel/fork.c:731
Modules linked in:
CPU: 1 UID: 0 PID: 6071 Comm: syz.2.22 Not tainted 6.16.0-rc2-syzkaller-00045-g4663747812d1 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__put_task_struct+0x340/0x530 kernel/fork.c:731
Code: f6 ac 41 00 be 03 00 00 00 4c 89 e7 e8 f9 c2 5e 03 e9 ed fe ff ff e8 df ac 41 00 90 0f 0b 90 e9 6d fd ff ff e8 d1 ac 41 00 90 <0f> 0b 90 e9 0b fd ff ff e8 c3 ac 41 00 90 0f 0b 90 e9 67 fd ff ff
RSP: 0018:ffffc90002fd7c50 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888026d18000 RCX: ffffffff8179d88b
RDX: ffff888032081e00 RSI: ffffffff8179db7f RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888026d18000
R13: 1ffff920005faf96 R14: ffff888026d18028 R15: 0000000000000000
FS: 00007ff5f452f6c0(0000) GS:ffff888124861000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff5f3725b20 CR3: 0000000073166000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
put_task_struct include/linux/sched/task.h:145 [inline]
put_task_struct include/linux/sched/task.h:132 [inline]
io_sq_offload_create+0xe4b/0x1330 io_uring/sqpoll.c:517
io_uring_create io_uring/io_uring.c:3747 [inline]
io_uring_setup+0x1493/0x2080 io_uring/io_uring.c:3830
__do_sys_io_uring_setup io_uring/io_uring.c:3864 [inline]
__se_sys_io_uring_setup io_uring/io_uring.c:3855 [inline]
__x64_sys_io_uring_setup+0xc2/0x170 io_uring/io_uring.c:3855
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff5f378e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff5f452f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
RAX: ffffffffffffffda RBX: 00007ff5f39b5fa0 RCX: 00007ff5f378e929
RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000059
RBP: 00007ff5f3810b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff5f39b5fa0 R15: 00007ffd192cb478
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4663747812d1 Merge tag 'platform-drivers-x86-v6.16-2' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1626f90c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d6f01a06a8393850
dashboard link: https://syzkaller.appspot.com/bug?extid=ca15a081ac6b8357d82c
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c9d5d4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ef27ce1c74bb/disk-46637478.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2962783b1956/vmlinux-46637478.xz
kernel image: https://storage.googleapis.com/syzbot-assets/faa841f27097/bzImage-46637478.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ca15a0...@syzkaller.appspotmail.com
RBP: 00007ff5f3810b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff5f39b5fa0 R15: 00007ffd192cb478
</TASK>
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6071 at kernel/fork.c:731 __put_task_struct+0x340/0x530 kernel/fork.c:731
Modules linked in:
CPU: 1 UID: 0 PID: 6071 Comm: syz.2.22 Not tainted 6.16.0-rc2-syzkaller-00045-g4663747812d1 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__put_task_struct+0x340/0x530 kernel/fork.c:731
Code: f6 ac 41 00 be 03 00 00 00 4c 89 e7 e8 f9 c2 5e 03 e9 ed fe ff ff e8 df ac 41 00 90 0f 0b 90 e9 6d fd ff ff e8 d1 ac 41 00 90 <0f> 0b 90 e9 0b fd ff ff e8 c3 ac 41 00 90 0f 0b 90 e9 67 fd ff ff
RSP: 0018:ffffc90002fd7c50 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888026d18000 RCX: ffffffff8179d88b
RDX: ffff888032081e00 RSI: ffffffff8179db7f RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888026d18000
R13: 1ffff920005faf96 R14: ffff888026d18028 R15: 0000000000000000
FS: 00007ff5f452f6c0(0000) GS:ffff888124861000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff5f3725b20 CR3: 0000000073166000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
put_task_struct include/linux/sched/task.h:145 [inline]
put_task_struct include/linux/sched/task.h:132 [inline]
io_sq_offload_create+0xe4b/0x1330 io_uring/sqpoll.c:517
io_uring_create io_uring/io_uring.c:3747 [inline]
io_uring_setup+0x1493/0x2080 io_uring/io_uring.c:3830
__do_sys_io_uring_setup io_uring/io_uring.c:3864 [inline]
__se_sys_io_uring_setup io_uring/io_uring.c:3855 [inline]
__x64_sys_io_uring_setup+0xc2/0x170 io_uring/io_uring.c:3855
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff5f378e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff5f452f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
RAX: ffffffffffffffda RBX: 00007ff5f39b5fa0 RCX: 00007ff5f378e929
RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000059
RBP: 00007ff5f3810b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff5f39b5fa0 R15: 00007ffd192cb478
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Jens Axboe
Jun 18, 2025, 6:49:43 PM6/18/25
to Andrew Morton, syzbot, Liam.H...@oracle.com, bse...@google.com, da...@redhat.com, dietmar....@arm.com, juri....@redhat.com, ke...@kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, lorenzo...@oracle.com, mgo...@suse.de, mho...@suse.com, mi...@redhat.com, pet...@infradead.org, ros...@goodmis.org, rp...@kernel.org, sur...@google.com, syzkall...@googlegroups.com, vba...@suse.cz, vincent...@linaro.org, vsch...@redhat.com
On 6/18/25 4:31 PM, Andrew Morton wrote:
> io_sq_offload_create() error path.
Yeah it's a bug added in this release, already fixed and going upstream
later this week.
#syz dup: [syzbot] [io-uring?] WARNING: ODEBUG bug in io_sq_offload_create
--
Jens Axboe
> On Wed, 18 Jun 2025 05:56:30 -0700 syzbot <syzbot+ca15a0...@syzkaller.appspotmail.com> wrote:
>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: 4663747812d1 Merge tag 'platform-drivers-x86-v6.16-2' of g..
>> git tree: upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1626f90c580000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=d6f01a06a8393850
>> dashboard link: https://syzkaller.appspot.com/bug?extid=ca15a081ac6b8357d82c
>> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c9d5d4580000
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/ef27ce1c74bb/disk-46637478.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/2962783b1956/vmlinux-46637478.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/faa841f27097/bzImage-46637478.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: syzbot+ca15a0...@syzkaller.appspotmail.com
>>
>> RBP: 00007ff5f3810b39 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
>> R13: 0000000000000000 R14: 00007ff5f39b5fa0 R15: 00007ffd192cb478
>> </TASK>
>> ------------[ cut here ]------------
>> WARNING: CPU: 1 PID: 6071 at kernel/fork.c:731 __put_task_struct+0x340/0x530 kernel/fork.c:731
>
> It doesn't look MM related. Perhaps there's something wonky in the
>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: 4663747812d1 Merge tag 'platform-drivers-x86-v6.16-2' of g..
>> git tree: upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1626f90c580000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=d6f01a06a8393850
>> dashboard link: https://syzkaller.appspot.com/bug?extid=ca15a081ac6b8357d82c
>> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c9d5d4580000
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/ef27ce1c74bb/disk-46637478.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/2962783b1956/vmlinux-46637478.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/faa841f27097/bzImage-46637478.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: syzbot+ca15a0...@syzkaller.appspotmail.com
>>
>> RBP: 00007ff5f3810b39 R08: 0000000000000000 R09: 0000000000000000
>> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
>> R13: 0000000000000000 R14: 00007ff5f39b5fa0 R15: 00007ffd192cb478
>> </TASK>
>> ------------[ cut here ]------------
>> WARNING: CPU: 1 PID: 6071 at kernel/fork.c:731 __put_task_struct+0x340/0x530 kernel/fork.c:731
>
> io_sq_offload_create() error path.
Yeah it's a bug added in this release, already fixed and going upstream
later this week.
#syz dup: [syzbot] [io-uring?] WARNING: ODEBUG bug in io_sq_offload_create
--
Jens Axboe
Reply all
Reply to author
Forward
0 new messages