syzbot

 sign-in | mailing list | source | docs
🐞 Open [115]
🐞 Fixed [2]
🐞 Invalid [176]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

invalid opcode in __traceiter_sched_wakeup

Status: upstream: reported C repro on 2025/07/15 12:37
Bug presence: origin:lts
[Documentation on labels]
Reported-by: syzbot+d31f98d94f68a066fa17@syzkaller.appspotmail.com
First crash: 18d, last: 5d16h
Bug presence (2)
Date Name Commit Repro Result
2025/07/15 lts (merge base) 58485ff1a74f C [report] invalid opcode in __traceiter_sched_switch
2025/07/15 upstream (ToT) 155a3c003e55 C Didn't crash

Sample crash report:
RAX: ffffffffffffffea RBX: 00007fff6b1236f0 RCX: 00007f131c1c0869
RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000200
RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000000000a0
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
CFI failure at __traceiter_sched_wakeup+0x7d/0xb0 include/trace/events/sched.h:178 (target: tp_stub_func+0x0/0x10; expected type: 0x389e96a6)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 294 Comm: syz-executor245 Not tainted 6.1.141-syzkaller-00038-ge2deb0b42a3a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__traceiter_sched_wakeup+0x7d/0xb0 include/trace/events/sched.h:178
Code: 49 8d 7e 08 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 96 58 69 00 49 8b 7f 08 48 89 de 41 ba 5a 69 61 c7 45 03 55 fc 74 02 <0f> 0b 41 ff d5 49 83 c6 18 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74
RSP: 0018:ffffc90000e17480 EFLAGS: 00010817
RAX: 1ffff1102229ba86 RBX: ffff88810082a880 RCX: ffff88811070d100
RDX: 0000000000000000 RSI: ffff88810082a880 RDI: ffffffff86f03d20
RBP: ffffc90000e174a8 R08: dffffc0000000000 R09: fffffbfff0ee43ee
R10: 000000006ca1d066 R11: 1ffffffff0ee43ed R12: dffffc0000000000
R13: ffffffff817113c0 R14: ffff8881114dd428 R15: ffff8881114dd428
FS:  000055557ecf2380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 00000001224a8000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 trace_sched_wakeup include/trace/events/sched.h:178 [inline]
 ttwu_do_wakeup+0x468/0x490 kernel/sched/core.c:3782
 ttwu_do_activate+0x174/0x280 kernel/sched/core.c:3837
 ttwu_queue kernel/sched/core.c:4058 [inline]
 try_to_wake_up+0x5c0/0x1220 kernel/sched/core.c:4387
 wake_up_process+0x10/0x20 kernel/sched/core.c:4523
 wake_up_worker kernel/workqueue.c:866 [inline]
 insert_work+0x271/0x300 kernel/workqueue.c:1376
 __queue_work+0x9b1/0xd30 kernel/workqueue.c:1527
 __queue_delayed_work+0x188/0x200 kernel/workqueue.c:1675
 queue_delayed_work_on+0xdb/0x150 kernel/workqueue.c:1711
 queue_delayed_work include/linux/workqueue.h:525 [inline]
 srcu_funnel_gp_start kernel/rcu/srcutree.c:951 [inline]
 srcu_gp_start_if_needed+0xbd8/0xfe0 kernel/rcu/srcutree.c:1151
 __call_srcu kernel/rcu/srcutree.c:1196 [inline]
 __synchronize_srcu+0x164/0x1f0 kernel/rcu/srcutree.c:1242
 synchronize_srcu+0x1d9/0x1f0 kernel/rcu/srcutree.c:-1
 tracepoint_synchronize_unregister include/linux/tracepoint.h:93 [inline]
 perf_trace_event_unreg+0xd8/0x1c0 kernel/trace/trace_event_perf.c:168
 perf_trace_destroy+0xbe/0x180 kernel/trace/trace_event_perf.c:241
 tp_perf_event_destroy+0x15/0x20 kernel/events/core.c:9996
 _free_event+0x9cd/0xce0 kernel/events/core.c:5045
 put_event kernel/events/core.c:5139 [inline]
 perf_event_release_kernel+0x819/0x8a0 kernel/events/core.c:5264
 perf_release+0x3b/0x40 kernel/events/core.c:5274
 __fput+0x1fc/0x8f0 fs/file_table.c:320
 ____fput+0x15/0x20 fs/file_table.c:348
 task_work_run+0x1db/0x240 kernel/task_work.c:203
 ptrace_notify+0x221/0x250 kernel/signal.c:2377
 ptrace_report_syscall include/linux/ptrace.h:424 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:486 [inline]
 syscall_exit_work+0x84/0x140 kernel/entry/common.c:258
 syscall_exit_to_user_mode_prepare+0x1c/0x20 kernel/entry/common.c:285
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0xd/0x30 kernel/entry/common.c:303
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f131c1c0869
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff6b1236d8 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffea RBX: 00007fff6b1236f0 RCX: 00007f131c1c0869
RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000200
RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000000000a0
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_sched_wakeup+0x7d/0xb0 include/trace/events/sched.h:178
Code: 49 8d 7e 08 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 96 58 69 00 49 8b 7f 08 48 89 de 41 ba 5a 69 61 c7 45 03 55 fc 74 02 <0f> 0b 41 ff d5 49 83 c6 18 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74
RSP: 0018:ffffc90000e17480 EFLAGS: 00010817
RAX: 1ffff1102229ba86 RBX: ffff88810082a880 RCX: ffff88811070d100
RDX: 0000000000000000 RSI: ffff88810082a880 RDI: ffffffff86f03d20
RBP: ffffc90000e174a8 R08: dffffc0000000000 R09: fffffbfff0ee43ee
R10: 000000006ca1d066 R11: 1ffffffff0ee43ed R12: dffffc0000000000
R13: ffffffff817113c0 R14: ffff8881114dd428 R15: ffff8881114dd428
FS:  000055557ecf2380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 00000001224a8000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/15 12:36 android14-6.1 e2deb0b42a3a 03fcfc4b .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf invalid opcode in __traceiter_sched_wakeup
2025/07/15 11:35 android14-6.1 e2deb0b42a3a 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf invalid opcode in __traceiter_sched_wakeup
2025/07/03 03:23 android14-6.1 7011769d221c bc80e4f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf invalid opcode in __traceiter_sched_wakeup
* Struck through repros no longer work on HEAD.