syzbot

------------[ cut here ]------------
refcount_read(&tsk->usage)
WARNING: kernel/fork.c:779 at __put_task_struct+0x33c/0x400 kernel/fork.c:779, CPU#1: udevd/8270
Modules linked in:
CPU: 1 UID: 0 PID: 8270 Comm: udevd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:__put_task_struct+0x33c/0x400 kernel/fork.c:779
Code: 4c 89 e6 e8 26 e9 98 00 e9 f2 fe ff ff e8 2c b2 3d 00 be 03 00 00 00 4c 89 e7 e8 cf af 58 01 e9 db fe ff ff e8 15 b2 3d 00 90 <0f> 0b 90 e8 0c b2 3d 00 65 48 3b 1d dc 25 81 0b 0f 85 64 fd ff ff
RSP: 0018:ffffc900001a8e00 EFLAGS: 00010246

RAX: 0000000000000000 RBX: ffff8881396d9d80 RCX: ffffffff8174478b
RDX: ffff88812327d880 RSI: ffffffff81744a2b RDI: ffff88812327d880
RBP: 00000000c0000000 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000c0000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88812327d880 R14: ffffffff8198896d R15: 0000000000000000
FS:  00007f7972b1b880(0000) GS:ffff8882687c9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2dd63fff CR3: 000000010d298000 CR4: 00000000003506f0
Call Trace:
 <IRQ>
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x5a2/0x10d0 kernel/rcu/tree.c:2869
 handle_softirqs+0x1de/0x9d0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x8f/0xb0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x6/0x320 kernel/locking/lockdep.c:5876
Code: 4c 24 18 4c 8b 54 24 10 44 8b 5c 24 0c eb 98 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <41> 56 41 54 55 53 48 89 fb 48 83 ec 18 65 48 8b 2d ad 92 66 0b 48
RSP: 0018:ffffc90014e9f868 EFLAGS: 00000286

RAX: 0000000000000000 RBX: ffff888119998230 RCX: ffffffff82249ef9
RDX: ffff88812327d880 RSI: ffffffff8224a004 RDI: ffff888119998248
RBP: 0000000000000010 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000010 R11: 0000000000000000 R12: ffff888119998230
R13: 0000000000000000 R14: ffff888119a08000 R15: ffff88810169c560
 __raw_spin_unlock include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock+0x16/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:389 [inline]
 fast_dput fs/dcache.c:867 [inline]
 dput.part.0+0x2d4/0x570 fs/dcache.c:924
 dput+0x1f/0x30 fs/dcache.c:920
 step_into_slowpath+0x670/0xf90 fs/namei.c:2115
 step_into fs/namei.c:2149 [inline]
 walk_component fs/namei.c:2285 [inline]
 link_path_walk+0xdc1/0x1b30 fs/namei.c:2653
 path_lookupat+0x74/0xc40 fs/namei.c:2809
 filename_lookup+0x202/0x590 fs/namei.c:2839
 vfs_statx+0xff/0x3f0 fs/stat.c:353
 vfs_fstatat+0x77/0xe0 fs/stat.c:373
 __do_sys_newfstatat+0x9d/0x120 fs/stat.c:538
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7972c73b0a
Code: 48 8b 15 f1 f2 0d 00 f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 8b 15 b9 f2 0d 00 f7
RSP: 002b:00007ffc3a83b4c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000106
RAX: ffffffffffffffda RBX: 00005648f005c728 RCX: 00007f7972c73b0a
RDX: 00007ffc3a83b4d0 RSI: 00007ffc3a83b560 RDI: 00000000ffffff9c
RBP: 00005648f3730640 R08: 00005648f005c728 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00005648f3730730
R13: 00007ffc3a83b560 R14: 00007ffc3a83d6a0 R15: 00005648f0062bcc
 </TASK>
----------------
Code disassembly (best guess):
   0:	4c 24 18             	rex.WR and $0x18,%al
   3:	4c 8b 54 24 10       	mov    0x10(%rsp),%r10
   8:	44 8b 5c 24 0c       	mov    0xc(%rsp),%r11d
   d:	eb 98                	jmp    0xffffffa7
   f:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	f3 0f 1e fa          	endbr64
  28:	41 57                	push   %r15
* 2a:	41 56                	push   %r14 <-- trapping instruction
  2c:	41 54                	push   %r12
  2e:	55                   	push   %rbp
  2f:	53                   	push   %rbx
  30:	48 89 fb             	mov    %rdi,%rbx
  33:	48 83 ec 18          	sub    $0x18,%rsp
  37:	65 48 8b 2d ad 92 66 	mov    %gs:0xb6692ad(%rip),%rbp        # 0xb6692ec
  3e:	0b
  3f:	48                   	rex.W