[syzbot] WARNING in __cleanup_sighand
1 view
Skip to first unread message
syzbot
Jan 16, 2022, 7:05:25 PM1/16/22
to ak...@linux-foundation.org, and...@kernel.org, a...@kernel.org, ax...@kernel.dk, b...@vger.kernel.org, chri...@brauner.io, dan...@iogearbox.net, da...@redhat.com, ebie...@xmission.com, john.fa...@gmail.com, ka...@fb.com, kps...@kernel.org, leg...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pet...@infradead.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
Hello,
syzbot found the following issue on:
HEAD commit: 79e06c4c4950 Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1285ed28700000
kernel config: https://syzkaller.appspot.com/x/.config?x=afd3ce8cd5cf174b
dashboard link: https://syzkaller.appspot.com/bug?extid=985a662ba46639a7897f
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+985a66...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3640 at kernel/sched/wait.c:245 __wake_up_pollfree+0x1c7/0x1d0 kernel/sched/wait.c:246
Modules linked in:
CPU: 0 PID: 3640 Comm: syz-executor.3 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__wake_up_pollfree+0x1c7/0x1d0 kernel/sched/wait.c:245
Code: 0d 00 00 c6 44 08 0f 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 a0 00 00 00 75 13 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b eb a7 e8 60 3e b0 08 55 41 57 41 56 41 55 41 54 53 48 83 ec
RSP: 0018:ffffc900028cf760 EFLAGS: 00010097
RAX: ffff88801ec1b130 RBX: 0000000000000046 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
RBP: ffffc900028cf848 R08: dffffc0000000000 R09: ffffed100850025a
R10: ffffed100850025a R11: 0000000000000000 R12: 0000000000000000
R13: ffffc900028cf7a0 R14: 1ffff92000519ef4 R15: ffff888042801308
FS: 0000555556549400(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fed83b131b8 CR3: 000000004a82a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 000000000000802e DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__cleanup_sighand+0x48/0xa0 kernel/fork.c:1590
__exit_signal kernel/exit.c:159 [inline]
release_task+0x115f/0x15d0 kernel/exit.c:200
wait_task_zombie kernel/exit.c:1114 [inline]
wait_consider_task+0x1995/0x2fb0 kernel/exit.c:1341
do_wait_thread kernel/exit.c:1404 [inline]
do_wait+0x291/0x9d0 kernel/exit.c:1521
kernel_wait4+0x2a3/0x3c0 kernel/exit.c:1684
__do_sys_wait4 kernel/exit.c:1712 [inline]
__se_sys_wait4 kernel/exit.c:1708 [inline]
__x64_sys_wait4+0x130/0x1e0 kernel/exit.c:1708
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f2aff29e487
Code: 89 7c 24 10 48 89 4c 24 18 e8 35 50 02 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 65 50 02 00 8b 44
RSP: 002b:00007ffeabee34f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 0000000000000932 RCX: 00007f2aff29e487
RDX: 0000000040000001 RSI: 00007ffeabee357c RDI: 00000000ffffffff
RBP: 00007ffeabee357c R08: 0000000000000000 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 00000000000af2e3 R14: 0000000000000009 R15: 00007ffeabee35e0
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 79e06c4c4950 Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1285ed28700000
kernel config: https://syzkaller.appspot.com/x/.config?x=afd3ce8cd5cf174b
dashboard link: https://syzkaller.appspot.com/bug?extid=985a662ba46639a7897f
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+985a66...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3640 at kernel/sched/wait.c:245 __wake_up_pollfree+0x1c7/0x1d0 kernel/sched/wait.c:246
Modules linked in:
CPU: 0 PID: 3640 Comm: syz-executor.3 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__wake_up_pollfree+0x1c7/0x1d0 kernel/sched/wait.c:245
Code: 0d 00 00 c6 44 08 0f 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 a0 00 00 00 75 13 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b eb a7 e8 60 3e b0 08 55 41 57 41 56 41 55 41 54 53 48 83 ec
RSP: 0018:ffffc900028cf760 EFLAGS: 00010097
RAX: ffff88801ec1b130 RBX: 0000000000000046 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
RBP: ffffc900028cf848 R08: dffffc0000000000 R09: ffffed100850025a
R10: ffffed100850025a R11: 0000000000000000 R12: 0000000000000000
R13: ffffc900028cf7a0 R14: 1ffff92000519ef4 R15: ffff888042801308
FS: 0000555556549400(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fed83b131b8 CR3: 000000004a82a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 000000000000802e DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__cleanup_sighand+0x48/0xa0 kernel/fork.c:1590
__exit_signal kernel/exit.c:159 [inline]
release_task+0x115f/0x15d0 kernel/exit.c:200
wait_task_zombie kernel/exit.c:1114 [inline]
wait_consider_task+0x1995/0x2fb0 kernel/exit.c:1341
do_wait_thread kernel/exit.c:1404 [inline]
do_wait+0x291/0x9d0 kernel/exit.c:1521
kernel_wait4+0x2a3/0x3c0 kernel/exit.c:1684
__do_sys_wait4 kernel/exit.c:1712 [inline]
__se_sys_wait4 kernel/exit.c:1708 [inline]
__x64_sys_wait4+0x130/0x1e0 kernel/exit.c:1708
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f2aff29e487
Code: 89 7c 24 10 48 89 4c 24 18 e8 35 50 02 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 65 50 02 00 8b 44
RSP: 002b:00007ffeabee34f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 0000000000000932 RCX: 00007f2aff29e487
RDX: 0000000040000001 RSI: 00007ffeabee357c RDI: 00000000ffffffff
RBP: 00007ffeabee357c R08: 0000000000000000 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 00000000000af2e3 R14: 0000000000000009 R15: 00007ffeabee35e0
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Eric Biggers
Jan 18, 2022, 1:45:41 PM1/18/22
to syzbot, ak...@linux-foundation.org, and...@kernel.org, a...@kernel.org, ax...@kernel.dk, b...@vger.kernel.org, chri...@brauner.io, dan...@iogearbox.net, da...@redhat.com, ebie...@xmission.com, john.fa...@gmail.com, ka...@fb.com, kps...@kernel.org, leg...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pet...@infradead.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
i.e. this is probably a duplicate of the previous syzbot report
https://lore.kernel.org/lkml/000000000000c9...@google.com/T/#u
("WARNING in signalfd_cleanup"). It's impossible to be certain without a
reproducer, but based on the console output here, some of the programs that
syzkaller executed use io_uring. So it's at least plausible.
- Eric
syzbot
Jan 20, 2022, 1:37:18 AM1/20/22
to ak...@linux-foundation.org, and...@kernel.org, a...@kernel.org, ax...@kernel.dk, b...@vger.kernel.org, chri...@brauner.io, dan...@iogearbox.net, da...@redhat.com, ebie...@xmission.com, ebig...@kernel.org, john.fa...@gmail.com, ka...@fb.com, kps...@kernel.org, leg...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pet...@infradead.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 1d1df41c5a33 Merge tag 'f2fs-for-5.17-rc1' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=135e0637b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8db61f521ec3155
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15160867b00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+985a66...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3600 at kernel/sched/wait.c:245 __wake_up_pollfree+0x1c7/0x1d0 kernel/sched/wait.c:246
Modules linked in:
CPU: 1 PID: 3600 Comm: syz-executor582 Not tainted 5.16.0-syzkaller #0
RSP: 0018:ffffc90001aaf760 EFLAGS: 00010016
RAX: ffff8880787693f0 RBX: 0000000000000046 RCX: dffffc0000000000
R10: ffffed10046325d2 R11: 0000000000000000 R12: 0000000000000000
R13: ffffc90001aaf7a0 R14: 1ffff92000355ef4 R15: ffff888023192ec8
FS: 000055555695d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__cleanup_sighand+0x48/0xa0 kernel/fork.c:1588
wait_consider_task+0x1995/0x3020 kernel/exit.c:1348
do_wait_thread kernel/exit.c:1411 [inline]
do_wait+0x291/0x9d0 kernel/exit.c:1528
kernel_wait4+0x2a3/0x3c0 kernel/exit.c:1691
__do_sys_wait4 kernel/exit.c:1719 [inline]
__se_sys_wait4 kernel/exit.c:1715 [inline]
__x64_sys_wait4+0x130/0x1e0 kernel/exit.c:1715
Code: 0f 1f 40 00 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
RSP: 002b:00007ffe9339ed58 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 000000000000ce97 RCX: 00007fb66a5bb386
RDX: 0000000040000001 RSI: 00007ffe9339ed74 RDI: 00000000ffffffff
RBP: 0000000000001284 R08: 00007ffe933e2080 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000246 R12: 431bde82d7b634db
R13: 00007ffe9339ed74 R14: 0000000000000000 R15: 0000000000000000
</TASK>
HEAD commit: 1d1df41c5a33 Merge tag 'f2fs-for-5.17-rc1' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=135e0637b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8db61f521ec3155
dashboard link: https://syzkaller.appspot.com/bug?extid=985a662ba46639a7897f
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13381237b00000
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15160867b00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+985a66...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 3600 Comm: syz-executor582 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__wake_up_pollfree+0x1c7/0x1d0 kernel/sched/wait.c:245
Code: 0d 00 00 c6 44 08 0f 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 a0 00 00 00 75 13 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b eb a7 e8 f0 89 b1 08 55 41 57 41 56 41 55 41 54 53 48 83 ec
RIP: 0010:__wake_up_pollfree+0x1c7/0x1d0 kernel/sched/wait.c:245
RSP: 0018:ffffc90001aaf760 EFLAGS: 00010016
RAX: ffff8880787693f0 RBX: 0000000000000046 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
RBP: ffffc90001aaf848 R08: dffffc0000000000 R09: ffffed10046325d2
R10: ffffed10046325d2 R11: 0000000000000000 R12: 0000000000000000
R13: ffffc90001aaf7a0 R14: 1ffff92000355ef4 R15: ffff888023192ec8
FS: 000055555695d300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 000000002374c000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__cleanup_sighand+0x48/0xa0 kernel/fork.c:1588
__exit_signal kernel/exit.c:159 [inline]
release_task+0x115f/0x15d0 kernel/exit.c:200
wait_task_zombie kernel/exit.c:1121 [inline]
release_task+0x115f/0x15d0 kernel/exit.c:200
wait_consider_task+0x1995/0x3020 kernel/exit.c:1348
do_wait_thread kernel/exit.c:1411 [inline]
do_wait+0x291/0x9d0 kernel/exit.c:1528
kernel_wait4+0x2a3/0x3c0 kernel/exit.c:1691
__do_sys_wait4 kernel/exit.c:1719 [inline]
__se_sys_wait4 kernel/exit.c:1715 [inline]
__x64_sys_wait4+0x130/0x1e0 kernel/exit.c:1715
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fb66a5bb386
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Code: 0f 1f 40 00 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 89 54 24 14 48 89 74 24
RSP: 002b:00007ffe9339ed58 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 000000000000ce97 RCX: 00007fb66a5bb386
RDX: 0000000040000001 RSI: 00007ffe9339ed74 RDI: 00000000ffffffff
RBP: 0000000000001284 R08: 00007ffe933e2080 R09: 0000000000000010
R10: 0000000000000000 R11: 0000000000000246 R12: 431bde82d7b634db
R13: 00007ffe9339ed74 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Eric Biggers
Jan 20, 2022, 1:43:17 AM1/20/22
to syzbot, ak...@linux-foundation.org, and...@kernel.org, a...@kernel.org, ax...@kernel.dk, b...@vger.kernel.org, chri...@brauner.io, dan...@iogearbox.net, da...@redhat.com, ebie...@xmission.com, john.fa...@gmail.com, ka...@fb.com, kps...@kernel.org, leg...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pet...@infradead.org, songliu...@fb.com, syzkall...@googlegroups.com, y...@fb.com
Reply all
Reply to author
Forward
0 new messages