| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9d16bff8-1a8f-404b-a5eb-6da5321a3bb8@redhat.com> Date: Thu, 15 May 2025 16:27:27 +0200 From: Paolo Abeni <pabeni@...hat.com> To: Guoyu Yin <y04609127@...il.com>, davem@...emloft.net Cc: dsahern@...nel.org, edumazet@...gle.com, kuba@...nel.org, horms@...nel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [BUG] WARNING in ipmr_rules_exit On 5/15/25 1:37 PM, Guoyu Yin wrote: > I discovered a kernel crash using the Syzkaller framework, described > as "WARNING in ipmr_rules_exit." This issue occurs in the > ipmr_free_table function at net/ipv4/ipmr.c:440, specifically when > ipmr_rules_exit calls ipmr_free_table, triggering the > WARN_ON_ONCE(!ipmr_can_free_table(net)); warning. > > From the call stack, this warning is triggered during the exit of a > network namespace, specifically in ipmr_net_exit_batch when calling > ipmr_rules_exit. The warning indicates that ipmr_can_free_table > returned false, suggesting that the mrt table may still have active > data structures when attempting to free it. Thanks for the report, I could actually reproduce the splat. I'm testing a patch I hope to share it soon. For the record, the above analysis is incorrect: the warning is triggered by a netns creation failure, not at netns exit time; the problem is that the running kernel has: # CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set and the ipmr_can_free_table() implementation in such case is incomplete/wrong. Cheers, Paolo
Powered by blists - more mailing lists