From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753609AbbKBNZz (ORCPT <rfc822;w@1wt.eu>);
	Mon, 2 Nov 2015 08:25:55 -0500
Received: from mail-oi0-f43.google.com ([209.85.218.43]:34832 "EHLO
	mail-oi0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752603AbbKBNZy (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 2 Nov 2015 08:25:54 -0500
MIME-Version: 1.0
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 2 Nov 2015 14:25:33 +0100
Message-ID: <CACT4Y+bbV2AM-v=T-pikxZX04T=b5Qzc7a2PY4HoakLcKr8RJw@mail.gmail.com>
Subject: WARNING in task_participate_group_stop
To: Oleg Nesterov <oleg@redhat.com>, Roland McGrath <roland@hack.frob.com>,
        Andrew Morton <akpm@linux-foundation.org>, amanieu@gmail.com,
        pmoore@redhat.com, Ingo Molnar <mingo@kernel.org>,
        vdavydov@parallels.com, qiaowei.ren@intel.com, dave@stgolabs.net,
        palmer@dabbelt.com
Cc: LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>,
        Sasha Levin <sasha.levin@oracle.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello,

I've hit the following WARNING on 6a13feb9c82803e2b815eca72fa7a9f5561d7861 (4.3)

------------[ cut here ]------------
WARNING: CPU: 1 PID: 1 at kernel/signal.c:334
task_participate_group_stop+0x157/0x1d0()
Modules linked in:
CPU: 1 PID: 1 Comm: init Not tainted 4.3.0 #48
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
 ffffffff82e40280 ffff88003eb0fae0 ffffffff819efe55 0000000000000000
 ffff88003eb0fb20 ffffffff810ec871 ffffffff8110f4d7 ffff88003eb00000
 ffff88003eb20000 0000000000000000 ffff88003eb0fbf8 ffff88003eb20000
Call Trace:
 [<ffffffff810eca35>] warn_slowpath_null+0x15/0x20 kernel/panic.c:480
 [<ffffffff8110f4d7>] task_participate_group_stop+0x157/0x1d0
kernel/signal.c:334
 [<ffffffff81113587>] do_signal_stop+0x1e7/0x6e0 kernel/signal.c:2060
 [<ffffffff81116ab7>] get_signal+0x387/0x11b0 kernel/signal.c:2316
 [<ffffffff8100cf0d>] do_signal+0x8d/0x19e0 arch/x86/kernel/signal.c:707
 [<ffffffff81005d8d>] prepare_exit_to_usermode+0x11d/0x170
arch/x86/entry/common.c:251
 [<ffffffff81005e83>] syscall_return_slowpath+0xa3/0x2b0
arch/x86/entry/common.c:317
 [<ffffffff82d4f6a7>] int_ret_from_sys_call+0x25/0x8f
arch/x86/entry/entry_64.S:281
---[ end trace f6697fd630b7c361 ]---


The reproducer is (needs to be run as root):

// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <sys/ptrace.h>
#include <unistd.h>

int main()
{
    int pid = 1;
    ptrace(PTRACE_ATTACH, pid, 0, 0);
    ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_EXITKILL);
    sleep(1);
    return 0;
}

Yes, it is weird and it kills init right afterwards. But I wasn't able
to figure out what's the root cause (why task does not have
JOBCTL_STOP_PENDING) and maybe the same WARNING can be triggered
without root and/or with other than init process. So still posting it
here.

Can somebody more knowledgeable in ptrace please take a look at the root cause?

Thanks