lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20251001072016.7814-1-hdanton@sina.com>
Date: Wed,  1 Oct 2025 15:20:15 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+7d23dc5cd4fa132fb9f3@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [fs?] WARNING in free_mnt_ns

> Date: Tue, 30 Sep 2025 13:17:34 -0700	[thread overview]
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    449c2b302c8e Merge tag 'vfs-6.18-rc1.async' of git://git.k..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=15b43858580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=595e5938a1dd5b4e
> dashboard link: https://syzkaller.appspot.com/bug?extid=7d23dc5cd4fa132fb9f3
> compiler:       gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11c9ad04580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=160bf27c580000

#syz test

--- l/include/linux/ns_common.h
+++ n/include/linux/ns_common.h
@@ -38,7 +38,7 @@ extern const struct proc_ns_operations t
 extern const struct proc_ns_operations timens_for_children_operations;
 
 struct ns_common {
-	u32 ns_type;
+	u32 ns_type, gi;
 	struct dentry *stashed;
 	const struct proc_ns_operations *ops;
 	unsigned int inum;
--- l/kernel/nscommon.c
+++ n/kernel/nscommon.c
@@ -57,6 +57,7 @@ int __ns_common_init(struct ns_common *n
 	ns->ops = ops;
 	ns->ns_id = 0;
 	ns->ns_type = ns_type;
+	ns->gi = 0;
 	RB_CLEAR_NODE(&ns->ns_tree_node);
 	INIT_LIST_HEAD(&ns->ns_list_node);
 
@@ -66,6 +67,7 @@ int __ns_common_init(struct ns_common *n
 
 	if (inum) {
 		ns->inum = inum;
+		ns->gi++;
 		return 0;
 	}
 	return proc_alloc_inum(&ns->inum);
@@ -73,5 +75,7 @@ int __ns_common_init(struct ns_common *n
 
 void __ns_common_free(struct ns_common *ns)
 {
+	if (ns->gi)
+		return;
 	proc_free_inum(ns->inum);
 }
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ