WARNING in closure_put_after

WARNING in closure_put_after_sub

Status: upstream: reported on 2025/07/17 01:05
Subsystems: bcachefs
[Documentation on labels]
Reported-by: syzbot+0ea2c41a649240197795@syzkaller.appspotmail.com
Fix commit: bcachefs: Ensure we don't return with closure on waitlist
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 43d, last: 15d

▶ ▼ Discussions (1)

Title	Replies (including bot)	Last reply
[syzbot] [bcachefs?] WARNING in closure_put_after_sub	1 (2)	2025/07/22 16:25

Sample crash report:

------------[ cut here ]------------
closure has guard bits set: a8000000 (25)
WARNING: CPU: 0 PID: 5335 at lib/closure.c:22 closure_put_after_sub_checks lib/closure.c:20 [inline]
WARNING: CPU: 0 PID: 5335 at lib/closure.c:22 closure_put_after_sub+0x173/0x320 lib/closure.c:32
Modules linked in:
CPU: 0 UID: 0 PID: 5335 Comm: kworker/u5:2 Not tainted 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: bcachefs_journal journal_write_done
RIP: 0010:closure_put_after_sub_checks lib/closure.c:20 [inline]
RIP: 0010:closure_put_after_sub+0x173/0x320 lib/closure.c:32
Code: c1 6e 50 ff cd 4c 89 f3 e9 c8 fe ff ff e8 e5 27 c0 fc 90 44 89 f0 48 0f bd d0 48 c7 c7 40 66 e5 8b 44 89 fe e8 9e b6 83 fc 90 <0f> 0b 90 90 e9 d0 fe ff ff e8 bf 27 c0 fc 90 89 ee 81 e6 00 00 00
RSP: 0018:ffffc9000d2b7820 EFLAGS: 00010246
RAX: 9cc8c93b7a9cec00 RBX: ffffc9000d395fb0 RCX: ffff8880003b2440
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 00000000efffffff R08: ffff88801fc24253 R09: 1ffff11003f8484a
R10: dffffc0000000000 R11: ffffed1003f8484b R12: dffffc0000000000
R13: ffff8880534ca9f0 R14: 0000000003ffffff R15: 00000000a8000000
FS:  0000000000000000(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005626bcfbb168 CR3: 00000000428dc000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 closure_sub lib/closure.c:61 [inline]
 __closure_wake_up+0x81/0xb0 lib/closure.c:91
 closure_wake_up include/linux/closure.h:349 [inline]
 journal_write_done+0xa24/0x13d0 fs/bcachefs/journal_io.c:1768
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/08/10 01:01	upstream	c30a13538d9f	32a0e5ed	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	WARNING in closure_put_after_sub
2025/07/13 01:02	upstream	3f31a806a62e	3cda49cf	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	WARNING in closure_put_after_sub

* ~~Struck through~~ repros no longer work on HEAD.