fs/exec.c | 1 - 1 file changed, 1 deletion(-)
sched_mm_cid_after_execve() is called from the failure path
of bprm_execve(). At that point exec has not completed successfully,
so updating the mm CID state is incorrect and can trigger a panic,
as reported by syzbot.
Remove the call from the exec failure path.
Cc: stable@vger.kernel.org
Reported-by: syzbot+9ca2c6e6b098bf5ae60a@syzkaller.appspotmail.com
Signed-off-by: Jinchao Wang <wangjinchao600@gmail.com>
---
fs/exec.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/exec.c b/fs/exec.c
index 9d5ebc9d15b0..9044a75d26ab 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1773,7 +1773,6 @@ static int bprm_execve(struct linux_binprm *bprm)
if (bprm->point_of_no_return && !fatal_signal_pending(current))
force_fatal_sig(SIGSEGV);
- sched_mm_cid_after_execve(current);
rseq_force_update();
current->in_execve = 0;
--
2.43.0On Thu, Dec 18, 2025 at 11:23:23AM +0800, Jinchao Wang wrote: Hi, mathieu Please review this patch for mm_cid. The syzbot test failure occurs because the syz-repro breaks the system state, causing all user commands to fail. Actually the syz-rero can only trigger a panic or error. The broken system can be recovered by resetting binfmt_misc with: echo 0 > /proc/sys/fs/binfmt_misc/status Thanks. Cc: mathieu.desnoyers@efficios.com > sched_mm_cid_after_execve() is called from the failure path > of bprm_execve(). At that point exec has not completed successfully, > so updating the mm CID state is incorrect and can trigger a panic, > as reported by syzbot. > > Remove the call from the exec failure path. > > Cc: stable@vger.kernel.org > Reported-by: syzbot+9ca2c6e6b098bf5ae60a@syzkaller.appspotmail.com > Signed-off-by: Jinchao Wang <wangjinchao600@gmail.com> > --- > fs/exec.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/fs/exec.c b/fs/exec.c > index 9d5ebc9d15b0..9044a75d26ab 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1773,7 +1773,6 @@ static int bprm_execve(struct linux_binprm *bprm) > if (bprm->point_of_no_return && !fatal_signal_pending(current)) > force_fatal_sig(SIGSEGV); > > - sched_mm_cid_after_execve(current); > rseq_force_update(); > current->in_execve = 0; > > -- > 2.43.0 >
On 2025-12-24 07:10, Jinchao Wang wrote: > On Thu, Dec 18, 2025 at 11:23:23AM +0800, Jinchao Wang wrote: > > Hi, mathieu > > Please review this patch for mm_cid. Nack. Your fix lacks context and removes a needed call in the common case to fix what I understand to be a init task issue. See this patch instead which addresses an issue very similar to yours removing the relevant sched_mm_cid_after_exec() call: https://lore.kernel.org/lkml/20251223215113.639686-1-xiyou.wangcong@gmail.com/ I added Thomas Gleixner in CC. Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. https://www.efficios.com
On Wed, Dec 24, 2025 at 08:52:16AM -0500, Mathieu Desnoyers wrote: > On 2025-12-24 07:10, Jinchao Wang wrote: > > On Thu, Dec 18, 2025 at 11:23:23AM +0800, Jinchao Wang wrote: > > > > Hi, mathieu > > > > Please review this patch for mm_cid. > > Nack. Your fix lacks context and removes a needed call in the > common case to fix what I understand to be a init task issue. > > See this patch instead which addresses an issue very similar to > yours removing the relevant sched_mm_cid_after_exec() call: > > https://lore.kernel.org/lkml/20251223215113.639686-1-xiyou.wangcong@gmail.com/ Yes, they are same issue and this patch works. Thanks. > > I added Thomas Gleixner in CC. > > Thanks, > > Mathieu > > -- > Mathieu Desnoyers > EfficiOS Inc. > https://www.efficios.com
© 2016 - 2026 Red Hat, Inc.