From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753461AbdKFObp (ORCPT ); Mon, 6 Nov 2017 09:31:45 -0500 Received: from mx1.redhat.com ([209.132.183.28]:3366 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752364AbdKFObn (ORCPT ); Mon, 6 Nov 2017 09:31:43 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com F260580484 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=oleg@redhat.com Date: Mon, 6 Nov 2017 15:31:38 +0100 From: Oleg Nesterov To: Jamie Iles Cc: Dmitry Vyukov , syzbot , Andrew Morton , Arvind Yadav , Mark Brown , "Eric W. Biederman" , =?iso-8859-1?Q?Fr=E9d=E9ric?= Weisbecker , LKML , "Martin K. Petersen" , mchehab@kernel.org, Ingo Molnar , mpe@ellerman.id.au, syzkaller-bugs@googlegroups.com, Al Viro , Kyle Huey , Kees Cook Subject: Re: WARNING in task_participate_group_stop Message-ID: <20171106143138.GA17423@redhat.com> References: <94eb2c058c80ea49ed055cc8695e@google.com> <20171031163451.GA30223@redhat.com> <20171102170138.GA13663@redhat.com> <20171106112508.lun6eftpj5icnvdy@cedar> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171106112508.lun6eftpj5icnvdy@cedar> User-Agent: Mutt/1.5.24 (2015-08-30) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 06 Nov 2017 14:31:43 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/06, Jamie Iles wrote: > > I'm unable to reproduce the warning in qemu with SMP (on a 32 CPU VM). Neither me. Perhaps because I tried this test-case on the minimal system with /bin/sh running as init process. > Instead I get the following instant traceback which is different to what > you report when run as root: > > [ 45.018469] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000013 > [ 45.018469] > [ 45.019669] CPU: 19 PID: 1 Comm: systemd Not tainted 4.14.0-rc8 #7 > [ 45.021094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014 > [ 45.022768] Call Trace: > [ 45.023076] dump_stack+0x12e/0x188 > [ 45.023481] panic+0x1e4/0x417 This is fine and hopefully confirms the theory. let me quote my previous email: line 111 r[8] = syscall(__NR_ptrace, 0x10ul, r[7]); this is PTRACE_ATTACH line 115 syscall(__NR_ptrace, 0x4200ul, r[7], 0x40000012ul, 0x100012ul); this is PTRACE_SETOPTIONS and "data" includes PTRACE_O_EXITKILL. r[7] is initialized at line 110 r[7] = *(uint32_t*)0x20f9cffc; so if it is eq to 1 then it can attach to init and in this case the problem can be explained by the wrong SIGNAL_UNKILLABLE/SIGKILL logic. So, if it is eq to 1 then init will be killed after the child process created by loop() function exits (see PTRACE_O_EXITKILL above). This is correct, only the warning is not. For example, this command does ptrace(PTRACE_SEIZE, 1,0, PTRACE_O_EXITKILL) # perl -e 'syscall 101, 0x4206, 1, 0, 0x100000' and crashes the kernel the same way, this is correct. Oleg.