Re: [syzbot] [kernel?] general protection fault in remove_waiter

Next message: Mario Limonciello: "Re: [PATCH v2 0/6] Improvements to PCI hibernate path"
Previous message: Rob Herring (Arm): "[PATCH] ARM: Kconfig: Disable ARM_VIRT extension if XIP_KERNEL"
In reply to: syzbot: "[syzbot] [kernel?] general protection fault in remove_waiter"
Next in thread: syzbot: "Re: [syzbot] [kernel?] general protection fault in remove_waiter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hillf Danton

Date: Tue Apr 28 2026 - 18:02:21 EST

> Date: Tue, 28 Apr 2026 13:12:28 -0700 [thread overview]
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 897d54018cc9 Merge tag 'fbdev-for-7.1-rc1-2' of git://git...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=172c32ce580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=59da38148f3a3d24
> dashboard link: https://syzkaller.appspot.com/bug?extid=78147abe6c524f183ee9
> compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c7f273980000

#syz test

--- x/kernel/locking/rtmutex.c
+++ y/kernel/locking/rtmutex.c
@@ -1558,6 +1558,8 @@ static void __sched remove_waiter(struct

lockdep_assert_held(&lock->wait_lock);

+ if (!waiter_task)
+ return;
scoped_guard(raw_spinlock, &waiter_task->pi_lock) {
rt_mutex_dequeue(lock, waiter);
waiter_task->pi_blocked_on = NULL;
--