Received: by 10.223.164.202 with SMTP id h10csp280803wrb;
        Mon, 6 Nov 2017 06:33:42 -0800 (PST)
X-Google-Smtp-Source: ABhQp+RN/8KQCX/mv3Q7eIXLSUHUBulfGzvKJ7pl61a5LBtNa7tSW0LnUHX54MOkBvoZS1owUx++
X-Received: by 10.101.65.129 with SMTP id a1mr15494868pgq.203.1509978822862;
        Mon, 06 Nov 2017 06:33:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1509978822; cv=none;
        d=google.com; s=arc-20160816;
        b=bO0kh6MGdAhDlQO5GC8yKYb3XAlOWtbBQDJcgZAQlerhztfrmXS/Dba+w3knoIYhqi
         ZspMJ7l3v6rvxmzq4SE4KeFJnKkSYE6k+/RtJh09UA1UlFIGXDLMNLqvnvYLAy9qoZBO
         4DSBET9BewhVN72YwcY9wDL5l1HvWcbcTQdBSRMR9q02AfQH6o/sGyDREh86f6KY3mPR
         3g7gx4UgI9PqCwqnTYjLo4hpoYfZsZW8799orkcu9IaZ8PS4gJ8MwlhK/JyiG8yK3Ygj
         nYa1Fr3z+gG/+k2eDRcLFOUH4HmVSpf2r2HAwmj+cRNseIXXtJkTz4x3a78LUSy3uf5z
         g0XA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dmarc-filter:arc-authentication-results;
        bh=8NXUoj+GMPGjksaeaCfpE3zAXDNKaQI2rH7ER2hG8CI=;
        b=qiLBvb+qC0k2LGd68cHlpvhfSdTIBOHr0dPQ/bBOXJM/aZO4iDIsFpfQxPt4tKyNDJ
         GTtQvImwrPqz5BWBVfB5+hT2FAdTpm8ElOEAXzo0GAnRj39zO0lANCTtYUsTV8V10JIp
         nhWb26AL3L/3CZuVmUu1J09X2C65VtKj89N2+eKX4hzFcMVAfU8uSmE/vZ8ATJro6uws
         KvYo+EAgGBF2ZLpfjenlXhXJWbtmy4l5isqW4hhtirAS3VEgb3HcSA15dOo416MiBva7
         asc1oeR0iSitf/pGhM6/dYLdVpxMRnfKLQOD1zR+TQsAl4J/MggKaQRkXSGeoCplBkGU
         mniQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b189si11272437pgc.215.2017.11.06.06.33.29;
        Mon, 06 Nov 2017 06:33:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753454AbdKFObp (ORCPT <rfc822;tuxbino@gmail.com> + 97 others);
        Mon, 6 Nov 2017 09:31:45 -0500
Received: from mx1.redhat.com ([209.132.183.28]:3366 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752364AbdKFObn (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Nov 2017 09:31:43 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id F260580484;
        Mon,  6 Nov 2017 14:31:42 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com F260580484
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=oleg@redhat.com
Received: from dhcp-27-174.brq.redhat.com (unknown [10.34.27.30])
        by smtp.corp.redhat.com (Postfix) with SMTP id 7089F60C90;
        Mon,  6 Nov 2017 14:31:39 +0000 (UTC)
Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000
        oleg@redhat.com; Mon,  6 Nov 2017 15:31:42 +0100 (CET)
Date:   Mon, 6 Nov 2017 15:31:38 +0100
From:   Oleg Nesterov <oleg@redhat.com>
To:     Jamie Iles <jamie.iles@oracle.com>
Cc:     Dmitry Vyukov <dvyukov@google.com>,
        syzbot 
        <bot+c9f0eb0d2a5576ece331a767528e6b52b4ff1815@syzkaller.appspotmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Arvind Yadav <arvind.yadav.cs@gmail.com>,
        Mark Brown <broonie@kernel.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        =?iso-8859-1?Q?Fr=E9d=E9ric?= Weisbecker <fweisbec@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        mchehab@kernel.org, Ingo Molnar <mingo@kernel.org>,
        mpe@ellerman.id.au, syzkaller-bugs@googlegroups.com,
        Al Viro <viro@zeniv.linux.org.uk>, Kyle Huey <me@kylehuey.com>,
        Kees Cook <keescook@chromium.org>
Subject: Re: WARNING in task_participate_group_stop
Message-ID: <20171106143138.GA17423@redhat.com>
References: <94eb2c058c80ea49ed055cc8695e@google.com>
 <CACT4Y+Y-Zi+30FtfNJk5UUeO5RaTs2WNrDz2cKnXbAUyWvfgCQ@mail.gmail.com>
 <20171031163451.GA30223@redhat.com>
 <CACT4Y+Yex9wRJc_5TV+7gGmkNq0twbkCwzoPJOKtr_eFPB=vPQ@mail.gmail.com>
 <20171102170138.GA13663@redhat.com>
 <CACT4Y+ZA17tmCEFbkewkP2uZ+ZN0pLjEDZYdHG0gvpsYqUnVDA@mail.gmail.com>
 <20171106112508.lun6eftpj5icnvdy@cedar>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20171106112508.lun6eftpj5icnvdy@cedar>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 06 Nov 2017 14:31:43 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/06, Jamie Iles wrote:
>
> I'm unable to reproduce the warning in qemu with SMP (on a 32 CPU VM).

Neither me. Perhaps because I tried this test-case on the minimal system
with /bin/sh running as init process.

> Instead I get the following instant traceback which is different to what 
> you report when run as root:
>
> [   45.018469] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000013
> [   45.018469]
> [   45.019669] CPU: 19 PID: 1 Comm: systemd Not tainted 4.14.0-rc8 #7
> [   45.021094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014
> [   45.022768] Call Trace:
> [   45.023076]  dump_stack+0x12e/0x188
> [   45.023481]  panic+0x1e4/0x417

This is fine and hopefully confirms the theory. let me quote my previous email:

		line 111    r[8] = syscall(__NR_ptrace, 0x10ul, r[7]);

	this is PTRACE_ATTACH

		line 115        syscall(__NR_ptrace, 0x4200ul, r[7], 0x40000012ul, 0x100012ul);
		
	this is PTRACE_SETOPTIONS and "data" includes PTRACE_O_EXITKILL.

	r[7] is initialized at

		line 110      r[7] = *(uint32_t*)0x20f9cffc;

	so if it is eq to 1 then it can attach to init and in this case the problem
	can be explained by the wrong SIGNAL_UNKILLABLE/SIGKILL logic.

So, if it is eq to 1 then init will be killed after the child process created
by loop() function exits (see PTRACE_O_EXITKILL above).

This is correct, only the warning is not.

For example, this command does ptrace(PTRACE_SEIZE, 1,0, PTRACE_O_EXITKILL)

	# perl -e 'syscall 101, 0x4206, 1, 0, 0x100000'

and crashes the kernel the same way, this is correct.

Oleg.


From 1583319607901165427@xxx Mon Nov 06 12:27:24 +0000 2017
X-GM-THRID: 1582711532474407023
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread