WARNING in task_participate_group_stop (2)
34 views
Skip to first unread message
syzbot
Apr 29, 2018, 1:00:03 PM4/29/18
to ak...@linux-foundation.org, ebie...@xmission.com, l...@altlinux.org, linux-...@vger.kernel.org, li...@dominikbrodowski.net, ol...@redhat.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Hello,
syzbot hit the following crash on upstream commit
bf8f5de17442bba5f811e7e724980730e079ee11 (Sat Apr 28 17:05:04 2018 +0000)
MAINTAINERS: add myself as maintainer of AFFS
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=b109633ea805cac54a61
So far this crash happened 2 times on upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5663992005525504
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=6218046343479296
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=6209281858732032
Kernel config:
https://syzkaller.appspot.com/x/.config?id=7043958930931867332
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b10963...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
WARNING: CPU: 1 PID: 4520 at kernel/signal.c:351
task_participate_group_stop+0x205/0x260 kernel/signal.c:351
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 4520 Comm: 3 Not tainted 4.17.0-rc2+ #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
panic+0x22f/0x4de kernel/panic.c:184
__warn.cold.8+0x163/0x1b3 kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:task_participate_group_stop+0x205/0x260 kernel/signal.c:351
RSP: 0018:ffff8801ae7b7880 EFLAGS: 00010093
RAX: ffff8801d96200c0 RBX: 0000000000000000 RCX: ffffffff81498b5b
RDX: 0000000000000000 RSI: ffffffff81498c75 RDI: 0000000000000005
RBP: ffff8801ae7b78a0 R08: ffff8801d96200c0 R09: ffffed0036c48971
R10: ffffed0036c48971 R11: ffff8801b6244b8b R12: ffff8801d926ecd8
R13: ffff8801d926ec40 R14: 0000000000040000 R15: dffffc0000000000
do_signal_stop+0x502/0xa20 kernel/signal.c:2176
get_signal+0x9b4/0x1960 kernel/signal.c:2353
do_signal+0x98/0x2040 arch/x86/kernel/signal.c:810
exit_to_usermode_loop+0x28a/0x310 arch/x86/entry/common.c:162
prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
syscall_return_slowpath arch/x86/entry/common.c:265 [inline]
do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x127
RSP: 002b:00007ffda970b440 EFLAGS: 00000200 ORIG_RAX: 000000000000003b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzbot hit the following crash on upstream commit
bf8f5de17442bba5f811e7e724980730e079ee11 (Sat Apr 28 17:05:04 2018 +0000)
MAINTAINERS: add myself as maintainer of AFFS
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=b109633ea805cac54a61
So far this crash happened 2 times on upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5663992005525504
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=6218046343479296
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=6209281858732032
Kernel config:
https://syzkaller.appspot.com/x/.config?id=7043958930931867332
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b10963...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
WARNING: CPU: 1 PID: 4520 at kernel/signal.c:351
task_participate_group_stop+0x205/0x260 kernel/signal.c:351
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 4520 Comm: 3 Not tainted 4.17.0-rc2+ #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
panic+0x22f/0x4de kernel/panic.c:184
__warn.cold.8+0x163/0x1b3 kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:task_participate_group_stop+0x205/0x260 kernel/signal.c:351
RSP: 0018:ffff8801ae7b7880 EFLAGS: 00010093
RAX: ffff8801d96200c0 RBX: 0000000000000000 RCX: ffffffff81498b5b
RDX: 0000000000000000 RSI: ffffffff81498c75 RDI: 0000000000000005
RBP: ffff8801ae7b78a0 R08: ffff8801d96200c0 R09: ffffed0036c48971
R10: ffffed0036c48971 R11: ffff8801b6244b8b R12: ffff8801d926ecd8
R13: ffff8801d926ec40 R14: 0000000000040000 R15: dffffc0000000000
do_signal_stop+0x502/0xa20 kernel/signal.c:2176
get_signal+0x9b4/0x1960 kernel/signal.c:2353
do_signal+0x98/0x2040 arch/x86/kernel/signal.c:810
exit_to_usermode_loop+0x28a/0x310 arch/x86/entry/common.c:162
prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
syscall_return_slowpath arch/x86/entry/common.c:265 [inline]
do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x127
RSP: 002b:00007ffda970b440 EFLAGS: 00000200 ORIG_RAX: 000000000000003b
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Oleg Nesterov
Apr 30, 2018, 9:22:36 AM4/30/18
to syzbot, ak...@linux-foundation.org, ebie...@xmission.com, l...@altlinux.org, linux-...@vger.kernel.org, li...@dominikbrodowski.net, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
On 04/29, syzbot wrote:
>
> RIP: 0010:task_participate_group_stop+0x205/0x260 kernel/signal.c:351
> RSP: 0018:ffff8801ae7b7880 EFLAGS: 00010093
> RAX: ffff8801d96200c0 RBX: 0000000000000000 RCX: ffffffff81498b5b
> RDX: 0000000000000000 RSI: ffffffff81498c75 RDI: 0000000000000005
> RBP: ffff8801ae7b78a0 R08: ffff8801d96200c0 R09: ffffed0036c48971
> R10: ffffed0036c48971 R11: ffff8801b6244b8b R12: ffff8801d926ecd8
> R13: ffff8801d926ec40 R14: 0000000000040000 R15: dffffc0000000000
> do_signal_stop+0x502/0xa20 kernel/signal.c:2176
> get_signal+0x9b4/0x1960 kernel/signal.c:2353
> do_signal+0x98/0x2040 arch/x86/kernel/signal.c:810
> exit_to_usermode_loop+0x28a/0x310 arch/x86/entry/common.c:162
> prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
> syscall_return_slowpath arch/x86/entry/common.c:265 [inline]
> do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
Thanks... I need to think and recall how this code works, but at first glance
>
> RIP: 0010:task_participate_group_stop+0x205/0x260 kernel/signal.c:351
> RSP: 0018:ffff8801ae7b7880 EFLAGS: 00010093
> RAX: ffff8801d96200c0 RBX: 0000000000000000 RCX: ffffffff81498b5b
> RDX: 0000000000000000 RSI: ffffffff81498c75 RDI: 0000000000000005
> RBP: ffff8801ae7b78a0 R08: ffff8801d96200c0 R09: ffffed0036c48971
> R10: ffffed0036c48971 R11: ffff8801b6244b8b R12: ffff8801d926ecd8
> R13: ffff8801d926ec40 R14: 0000000000040000 R15: dffffc0000000000
> do_signal_stop+0x502/0xa20 kernel/signal.c:2176
> get_signal+0x9b4/0x1960 kernel/signal.c:2353
> do_signal+0x98/0x2040 arch/x86/kernel/signal.c:810
> exit_to_usermode_loop+0x28a/0x310 arch/x86/entry/common.c:162
> prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
> syscall_return_slowpath arch/x86/entry/common.c:265 [inline]
> do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
zap_other_threads() needs task_clear_jobctl_pending(current).
I am almost sure the warning should go away, but iiuc there are more problems
and it is not clear to me what can we do...
Oleg.
Reply all
Reply to author
Forward
0 new messages