Re: [PATCH] signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()

Next message: syzbot: "[syzbot] [bluetooth?] WARNING in hci_send_acl (4)"
Previous message: Steven Rostedt: "Re: [PATCH v20 00/10] ring-buffer: Making persistent ring buffers robust"
In reply to: syzbot: "[PATCH] signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()"
Next in thread: Christian Brauner: "Re: [PATCH] signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Oleg Nesterov

Date: Thu May 21 2026 - 08:29:40 EST

On 05/21, syzbot wrote:
>
> When a multi-threaded process receives a stop signal (e.g., SIGSTOP),
> do_signal_stop() sets JOBCTL_STOP_PENDING and JOBCTL_STOP_CONSUME on all
> threads and sets signal->group_stop_count to the number of threads. If
> one of the threads concurrently calls execve(), de_thread() invokes
> zap_other_threads() to kill all other threads. zap_other_threads()
> aborts the pending group stop by resetting signal->group_stop_count to 0
> and clears the JOBCTL_PENDING_MASK for all other threads. However, it
> fails to clear the job control flags for the calling thread.

Yes...

> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -1338,6 +1338,7 @@ int zap_other_threads(struct task_struct *p)
> int count = 0;
>
> p->signal->group_stop_count = 0;
> + task_clear_jobctl_pending(p, JOBCTL_PENDING_MASK);

OK, fair enough...

If we reset ->group_stop_count, we need to clear JOBCTL_PENDING_MASK for
every thread.

Acked-by: Oleg Nesterov <oleg@xxxxxxxxxx>

-----------------------------------------------------------------------
But. It seems that we need more fixes (and more discussions) about the
SIGSTOP with exec race...

Oleg.