From: Oleg Nesterov <oleg@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: syzbot <syzbot+c6d438f2d77f96cae7c2@syzkaller.appspotmail.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
linux-kernel@vger.kernel.org, luto@kernel.org,
michael.christie@oracle.com, mst@redhat.com,
peterz@infradead.org, syzkaller-bugs@googlegroups.com,
tglx@linutronix.de
Subject: Re: [syzbot] [kernel?] WARNING in signal_wake_up_state
Date: Wed, 10 Jan 2024 17:03:20 +0100 [thread overview]
Message-ID: <20240110160319.GA21002@redhat.com> (raw)
In-Reply-To: <CAHk-=wgM=MmqrQC-qgXoSehW=itHaqOUiBfN8jRBGAHn1=D0tg@mail.gmail.com>
On 01/09, Linus Torvalds wrote:
>
> Oleg/Eric, can you make any sense of this?
>
> On Tue, 9 Jan 2024 at 10:18, syzbot
> <syzbot+c6d438f2d77f96cae7c2@syzkaller.appspotmail.com> wrote:
> >
> > The issue was bisected to:
> >
> > commit f9010dbdce911ee1f1af1398a24b1f9f992e0080
>
> Hmm. This smells more like a "that triggers the problem" than a cause.
>
> Because the warning itself is
>
> > WARNING: CPU: 1 PID: 5069 at kernel/signal.c:771 signal_wake_up_state+0xfa/0x120 kernel/signal.c:771
>
> That's
>
> lockdep_assert_held(&t->sighand->siglock);
I have a fever, possibly I am totally confused, but this commit added
+ /* Don't require de_thread to wait for the vhost_worker */
+ if ((t->flags & (PF_IO_WORKER | PF_USER_WORKER)) != PF_USER_WORKER)
+ count++;
into zap_other_threads().
So it seems the caller can do unshare_sighand() before vhost thread exits and
actually unshare ->sighand because oldsighand->count > 1.
This is already very wrong (plus it seems this breaks the signal->notify_count
logic). IIRC I even tried to argue with this change... not sure.
And this can explain the warning, this task can start the coredump after exec
and hit vhost_worker with the old sighand != current->sighand.
Oleg.
next prev parent reply other threads:[~2024-01-10 16:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-09 18:18 [syzbot] [kernel?] WARNING in signal_wake_up_state syzbot
2024-01-09 19:05 ` Linus Torvalds
2024-01-10 16:03 ` Oleg Nesterov [this message]
2024-01-10 16:11 ` Eric W. Biederman
2024-01-11 17:20 ` Mike Christie
2024-09-23 3:12 ` syzbot
2026-05-20 18:10 ` Forwarded: syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240110160319.GA21002@redhat.com \
--to=oleg@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=michael.christie@oracle.com \
--cc=mst@redhat.com \
--cc=peterz@infradead.org \
--cc=syzbot+c6d438f2d77f96cae7c2@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.