On Tue, Jan 18, 2022 at 05:24:17PM -0800, Tadeusz Struk wrote: > Syzbot found a GPF in reweight_entity. This has been bisected to commit > c85c6fadbef0 ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") That's a stable commit, the real commit is 4ef0c5c6b5ba1f38f0ea1cedad0cad722f00c14a > Looks like after this change there is a time window, when > task_struct->se.cfs_rq can be NULL. This can be exploited to trigger > null-ptr-deref by calling setpriority on that task. Looks like isn't good enough, either there is, in which case you explain the window, or there isn't in which case what are we doing here?