From: y2k <y2k@desarrollaria.com>
To: oleg@redhat.com
Cc: brauner@kernel.org, linux-kernel@vger.kernel.org,
syzkaller@googlegroups.com
Subject: WARNING in do_notify_parent (kernel/signal.c:2174)
Date: Thu, 07 May 2026 15:24:52 +0200 [thread overview]
Message-ID: <e244f40b19cb3ca95221d5d28c23d243.y2k@desarrollaria.com> (raw)
Hello,
I am reporting a kernel bug found with syzkaller fuzzer.
KERNEL VERSION
--------------
7.1.0-rc2-00099-gadc1e5c6203c
arch: x86_64
preemption: PREEMPT(lazy)
REPRODUCER (syzkaller program)
------------------------------
# {Threaded:false Repeat:false Procs:1 Sandbox: SandboxArg:0 Sysctl:true HandleSegv:true}
syz_clone(0x200080, &(0x7f00000003c0)="9562597ade4c359303b4585229dfcf8a12e5a172b6bfeb0d6d973e21df1c19605d9eb45142bd770cb6310057f646adcbde17681e392e8c11af0836a4ffff47c8c083fd4da4af3fdaa71e8a42df556d90bfb7e2511aac2628e271cddf224733c2881a422684cd3c7033fd24e00b205efdd94ece24e22040e80a310fb8cfaafecb00e067c5c2dfc13181c8773d3a37aa7635b8da5dbf2c9b25a7192f3861c442929542a4a564920eb870a06b383e781fe0d54d05275c7e2cd2f901c72c8270308a5db0adbed89176bac1122b21cb2e2d202569ae8d5a97cbce75aff3444207cb68bfcf", 0xe2, 0x0, 0x0, 0x0)
KERNEL CONFIG (relevant options)
---------------------------------
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_KASAN_SHADOW_OFFSET=0xdffffc0000000000
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_INFO_DWARF4=y
CONFIG_DEBUG_BUGVERBOSE=y
CRASH REPORT
------------
------------[ cut here ]------------
WARNING: kernel/signal.c:2174 at do_notify_parent+0xfef/0x11c0 kernel/signal.c:2174
CPU: 1 UID: 0 PID: 1245 Comm: syz.3.17 Not tainted 7.1.0-rc2-00099-gadc1e5c6203c #1 PREEMPT(lazy)
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996)
RIP: 0010:do_notify_parent+0xfef/0x11c0 kernel/signal.c:2174
Code: 06 00 00 e8 23 b8 ff ff e9 81 f8 ff ff 41 bf 01 00 00 00 e9 76 f8 ff ff 4c 8d bb d0 08 00 00 e9 e7 f1 ff ff e8 82 88 39 00 90 <0f> 0b 90 45 31 ff e9 95 f8 ff ff e8 71 88 39 00 90 0f 0b 90 e9 d8
RSP: 0018:ffff8880057ffd38 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffff88800c158000 RCX: ffffffff8287ce7e
RDX: ffff88800c158000 RSI: 0000000000000040 RDI: 0000000000000007
RBP: ffff88800c015e50 R08: 0000000000000001 R09: ffffed1000afffb7
R10: 0000000000000080 R11: ffff88800c158000 R12: 1ffff11000afffaa
R13: dffffc0000000000 R14: 0000000000000080 R15: 0000000000000001
FS: 000055556c108500(0000) GS:ffff8881121b5000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff9749c2480 CR3: 00000000afea6000 CR4: 00000000000006f0
Call Trace:
<TASK>
exit_notify kernel/exit.c:757 [inline]
do_exit+0x1a84/0x2960 kernel/exit.c:987
__do_sys_exit kernel/exit.c:1084 [inline]
__se_sys_exit kernel/exit.c:1082 [inline]
__x64_sys_exit+0x42/0x50 kernel/exit.c:1082
x64_sys_call+0x1880/0x1880 arch/x86/include/generated/asm/syscalls_64.h:61
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x115/0x6a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
</TASK>
REPRODUCTION NOTES
------------------
The bug was reproduced consistently. Syzkaller minimized the reproducer
to a single syz_clone() call. The WARNING fires in do_notify_parent()
during process exit when notifying the parent, called from exit_notify()
via do_exit() -> sys_exit().
Reproducing took 38 minutes across 87 programs. The crash is confirmed
not corrupted and reproducible.
This bug was found with syzkaller. The full .config is available on request.
Thanks,
y2k
y2k@desarrollaria.com
next reply other threads:[~2026-05-07 13:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-07 13:24 y2k [this message]
2026-05-09 10:37 ` WARNING in do_notify_parent (kernel/signal.c:2174) Oleg Nesterov
-- strict thread matches above, loose matches on Subject: below --
2026-05-07 15:45 y2k
2026-05-07 16:00 y2k
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e244f40b19cb3ca95221d5d28c23d243.y2k@desarrollaria.com \
--to=y2k@desarrollaria.com \
--cc=brauner@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox