| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260116-diebstahl-anmachen-546a1209101c@brauner>
Date: Fri, 16 Jan 2026 11:40:06 +0100
From: Christian Brauner <brauner@...nel.org>
To: syzbot <syzbot+55fd613012e606d75d45@...kaller.appspotmail.com>
Cc: jack@...e.cz, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk
Subject: Re: [syzbot] [fs?] possible deadlock in put_mnt_ns
On Thu, Jan 15, 2026 at 01:50:24AM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 0f853ca2a798 Add linux-next specific files for 20260113
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1386f99a580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=789b351b8a4cafe1
> dashboard link: https://syzkaller.appspot.com/bug?extid=55fd613012e606d75d45
> compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1482859a580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13402052580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/9c7778b6d6be/disk-0f853ca2.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/ea278b0d6aff/vmlinux-0f853ca2.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/60b94236c918/bzImage-0f853ca2.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+55fd613012e606d75d45@...kaller.appspotmail.com
>
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
> R13: 00007fca229e5fa0 R14: 00007fca229e5fa0 R15: 0000000000000003
> </TASK>
> ============================================
> WARNING: possible recursive locking detected
> syzkaller #0 Not tainted
> --------------------------------------------
> syz.0.23/6026 is trying to acquire lock:
> ffffffff8e49efd0 (namespace_sem){++++}-{4:4}, at: namespace_lock fs/namespace.c:1730 [inline]
> ffffffff8e49efd0 (namespace_sem){++++}-{4:4}, at: class_namespace_excl_constructor fs/namespace.c:101 [inline]
> ffffffff8e49efd0 (namespace_sem){++++}-{4:4}, at: put_mnt_ns+0x170/0x2f0 fs/namespace.c:6241
>
> but task is already holding lock:
> ffffffff8e49efd0 (namespace_sem){++++}-{4:4}, at: namespace_lock fs/namespace.c:1730 [inline]
> ffffffff8e49efd0 (namespace_sem){++++}-{4:4}, at: lock_mount_exact+0x89/0x630 fs/namespace.c:3852
>
> other info that might help us debug this:
> Possible unsafe locking scenario:
>
> CPU0
> ----
> lock(namespace_sem);
> lock(namespace_sem);
Groan, simple fix. opening nsfs fd must be done outside of the lock as
it would drop the mntns reference. Fixing.
Powered by blists - more mailing lists