| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251112-ferien-trott-4d99d59d676d@brauner> Date: Wed, 12 Nov 2025 10:44:35 +0100 From: Christian Brauner <brauner@...nel.org> To: syzbot <syzbot+0a8655a80e189278487e@...kaller.appspotmail.com> Cc: jack@...e.cz, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk Subject: Re: [syzbot] [fs?] WARNING in nsproxy_ns_active_get On Tue, Nov 11, 2025 at 05:54:02AM -0800, syzbot wrote: > Hello, > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > WARNING in __ns_ref_active_put > > ------------[ cut here ]------------ > WARNING: CPU: 0 PID: 6510 at kernel/nscommon.c:171 __ns_ref_active_put+0x3d7/0x450 kernel/nscommon.c:171 > Modules linked in: > CPU: 0 UID: 0 PID: 6510 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 > RIP: 0010:__ns_ref_active_put+0x3d7/0x450 kernel/nscommon.c:171 > Code: 4d 8b 3e e9 1b fd ff ff e8 76 62 32 00 90 0f 0b 90 e9 29 fd ff ff e8 68 62 32 00 90 0f 0b 90 e9 59 fd ff ff e8 5a 62 32 00 90 <0f> 0b 90 e9 72 ff ff ff e8 4c 62 32 00 90 0f 0b 90 e9 64 ff ff ff > RSP: 0018:ffffc900038dfa60 EFLAGS: 00010293 > RAX: ffffffff818e5946 RBX: 00000000ffffffff RCX: ffff88802f641e40 > RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 > RBP: ffffc900038dfc00 R08: ffff88807dbaac6b R09: 1ffff1100fb7558d > R10: dffffc0000000000 R11: ffffed100fb7558e R12: dffffc0000000000 > R13: 1ffff1100fb7558c R14: ffff88807dbaac60 R15: ffff88807dbaac68 > FS: 0000000000000000(0000) GS:ffff888125cf3000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00005555674424a8 CR3: 000000000df38000 CR4: 00000000003526f0 > Call Trace: > <TASK> > nsproxy_ns_active_put+0x87/0x200 fs/nsfs.c:702 > free_nsproxy kernel/nsproxy.c:80 [inline] > put_nsproxy include/linux/nsproxy.h:110 [inline] > switch_task_namespaces+0xc2/0x120 kernel/nsproxy.c:223 > do_exit+0x6b0/0x2300 kernel/exit.c:966 > do_group_exit+0x21c/0x2d0 kernel/exit.c:1108 > get_signal+0x1285/0x1340 kernel/signal.c:3034 > arch_do_signal_or_restart+0xa0/0x790 arch/x86/kernel/signal.c:337 > exit_to_user_mode_loop+0x72/0x130 kernel/entry/common.c:40 > exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] > syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] > syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] > do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > RIP: 0033:0x7efc6318f6c9 > Code: Unable to access opcode bytes at 0x7efc6318f69f. > RSP: 002b:00007efc63f910e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca > RAX: fffffffffffffe00 RBX: 00007efc633e5fa8 RCX: 00007efc6318f6c9 > RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007efc633e5fa8 > RBP: 00007efc633e5fa0 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > R13: 00007efc633e6038 R14: 00007fff3109d6b0 R15: 00007fff3109d798 > </TASK> > > > Tested on: > > commit: cc719c88 nsproxy: fix free_nsproxy() and simplify crea.. > git tree: https://github.com/brauner/linux.git namespace-6.19 > console output: https://syzkaller.appspot.com/x/log.txt?x=147c8658580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=59952e73920025e4 > dashboard link: https://syzkaller.appspot.com/bug?extid=0a8655a80e189278487e > compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 > > Note: no patches were applied. #syz test: https://github.com/brauner/linux.git namespace-6.19
Powered by blists - more mailing lists