4664 – Not syncing: Attempted to kill init

Bug 4664 - Not syncing: Attempted to kill init

Summary: Not syncing: Attempted to kill init

Status:	NEW

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	general/others (show other bugs)	general/others
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	maqiao
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-03-30 19:55 UTC by DuckRui
Modified:	2023-03-30 19:55 UTC (History)
CC List:	0 users

See Also:

Attachments
Poc files that can trigger vulnerabilities (3.41 KB, text/x-csrc) 2023-03-30 19:55 UTC, DuckRui	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description DuckRui 2023-03-30 19:55:32 UTC

Created attachment 697 [details]
Poc files that can trigger vulnerabilities

Description of problem:
A vulnerability in kernel/exit.c which will make kernel Attempted to kill init!
The Call Trace like this:
[  101.140869] Call Trace:
[  101.142476]  dump_stack+0x9c/0xd3
[  101.144276]  panic+0x26d/0x5ae
[  101.146178]  ? print_oops_end_marker.cold+0x15/0x15
[  101.148682]  ? exit_signals+0x223/0x760
[  101.150685]  ? do_signal_stop+0x6e0/0x6e0
[  101.152784]  ? do_exit.cold+0xb4/0x1e6
[  101.154714]  do_exit.cold+0xc7/0x1e6
[  101.156520]  ? signal_wake_up_state+0x43/0x50
[  101.158791]  ? release_task+0x1290/0x1290
[  101.160811]  do_group_exit+0xee/0x310
[  101.162685]  get_signal+0x3f1/0x1b30
[  101.164503]  ? force_sig_fault+0x30/0x30
[  101.166525]  ? force_sigsegv+0xf0/0xf0
[  101.168443]  ? put_pid.part.0+0x98/0x120
[  101.170494]  arch_do_signal+0x89/0x1ca0
[  101.172492]  ? __x64_sys_pidfd_send_signal+0x590/0x590
[  101.175185]  ? __switch_to_asm+0x5a/0x80
[  101.177180]  ? get_sigframe_size+0x10/0x10
[  101.179328]  ? __do_sys_clone+0xc8/0x110
[  101.181340]  exit_to_user_mode_prepare+0x9f/0xf0
[  101.183800]  syscall_exit_to_user_mode+0x22/0x140
[  101.186285]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[  101.188984] RIP: 0033:0x7f470cce6469
[  101.190886] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
[  101.200667] RSP: 002b:00007ffcbab38238 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  101.204569] RAX: 0000000000006168 RBX: 00007ffcbab382e0 RCX: 00007f470cce6469
[  101.208294] RDX: 00007f470cfb21de RSI: 0000000000000000 RDI: 0000000000000011
[  101.212025] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  101.215730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcbab38928
[  101.219255] R13: 0000000000000000 R14: 00007ffcbab38920 R15: 0000000000000002
[  101.224449] Kernel Offset: disabled
[  101.226650] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---


Version-Release number of selected component (if applicable):
5.10.134

How reproducible:
Use qemu to boot this kernel, compile the poc file and execute.

Steps to Reproduce:
1. gcc poc.c -o poc
2. ./poc
3. Need to wait for a while

Actual results:
Dos

Expected results:
Dos


Best Regards,
Rui Yang