From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-il1-f199.google.com (mail-il1-f199.google.com [209.85.166.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A9D6E285CB8 for ; Wed, 22 Oct 2025 17:13:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.199 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761153189; cv=none; b=pgaZRTf4o/vP50GUVPqyMjizru/evBeNslRryxpJtexP1XGXDzwmWF54ixe89TtkOk3a1QuPxOKxnmlr6xWL7lDqDSLn4Zj6ZbDIgGBfIGnTefOU4OhWBXaqxpt23SfUxcbs0TYTBG1VdAW7Etxz4e6+JCdkaSoa+VnqcVx98FM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761153189; c=relaxed/simple; bh=a6b0pE0itaFNtHF1kBvSxTDp8/T/2ZrbLOG6HV/5kNE=; h=MIME-Version:Date:Message-ID:Subject:From:To:Cc:Content-Type; b=cnuCYgPCWp49TiFGi44f5efmlOXr5CEttmrOgAZY3pHVKuxGVUnxtfPrxUC7c4Us0G0rc7Ab/NYeRG8D9xDetYFp0MeQbTV9Idbwq6Eth4ZRKeoaiXUTzQSpmt9GQPW5BdBYXY2pVTac2HYOHKnIcbJMGNN7rmiPrOVomxaPgfI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.166.199 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-il1-f199.google.com with SMTP id e9e14a558f8ab-430d7ace0ddso51467705ab.3 for ; Wed, 22 Oct 2025 10:13:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761153185; x=1761757985; h=content-transfer-encoding:cc:to:from:subject:message-id:date :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=O9vRtJm1k5wopfQlS6KWxGow74/phjsxdcIgFjLS/6I=; b=T/Rj0NySB0E2UXtFMuPcJnW7iV54GyjFProLqL36N9O1S7nvsqGZ204U1LeWH1RJB+ jUkojERzJCKUinvPnCksKkIS8Ed9Dz4Bn6FGaX94IZhj7fuE3xEokp0SrEBmAoHbcOK3 WbCMRgRW7zaxf5ioUBsyD/REx0MDFPZUW4NjlkzqMuQOMwxDldta1udFGb/A847hyyn/ UE+a/ZwDfg2QfYmeipY1K62bBhL+hMWwdfk0b7PSDwIN3Esa5gZsVyPaG98CWbZzwfN5 6BSKLPJhZRvGMOeZ6Wb3JZMYqxc2uM/yFyKIPwiSoc8Vcr8dpctfYGAVfDt2XtTG1Hfn NULA== X-Gm-Message-State: AOJu0YyyfdfGnNBZY//RacVqsN7BTjgWb57YjfFJAWiZY4ijWNJaREEZ Fl6WislN87npiBvzP8FB5Xalf7nP87cmwuZQdByrdMbtc5mWih/w2VKqud9GZzgyX7eGV1v+/52 dTqbwR4HwIswdaL27Zfkxh12iANllGTxb7Xp+c3nFRtBFxkXXrnU6VsGMufs= X-Google-Smtp-Source: AGHT+IGbOkOgYI2IgJh7E91zkxGlWCKwKCi4wOv9e3QBMc8KDhuSMl3+DSbVCifr+fXFytVCGh55WwaLtVd/yaTPd2eUjC7cW/R5 Precedence: bulk X-Mailing-List: syzbot@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6e02:1445:b0:430:8bff:c5a2 with SMTP id e9e14a558f8ab-430c529fba5mr328267295ab.30.1761153185453; Wed, 22 Oct 2025 10:13:05 -0700 (PDT) Date: Wed, 22 Oct 2025 10:13:05 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <68f910a1.050a0220.346f24.005e.GAE@google.com> Subject: [moderation/CI] Re: nstree: listns() From: syzbot ci To: syzkaller-upstream-moderation@googlegroups.com Cc: syzbot@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable syzbot ci has tested the following series [v2] nstree: listns() https://lore.kernel.org/all/20251022-work-namespace-nstree-listns-v2-0-71a5= 88572371@kernel.org * [PATCH v2 01/63] libfs: allow to specify s_d_flags * [PATCH v2 02/63] nsfs: use inode_just_drop() * [PATCH v2 03/63] nsfs: raise DCACHE_DONTCACHE explicitly * [PATCH v2 04/63] pidfs: raise DCACHE_DONTCACHE explicitly * [PATCH v2 05/63] nsfs: raise SB_I_NODEV and SB_I_NOEXEC * [PATCH v2 06/63] cgroup: add cgroup namespace to tree after owner is set * [PATCH v2 07/63] nstree: simplify return * [PATCH v2 08/63] ns: initialize ns_list_node for initial namespaces * [PATCH v2 09/63] ns: add __ns_ref_read() * [PATCH v2 10/63] ns: add active reference count * [PATCH v2 11/63] ns: use anonymous struct to group list member * [PATCH v2 12/63] nstree: introduce a unified tree * [PATCH v2 13/63] nstree: allow lookup solely based on inode * [PATCH v2 14/63] nstree: assign fixed ids to the initial namespaces * [PATCH v2 15/63] ns: maintain list of owned namespaces * [PATCH v2 16/63] nstree: add listns() * [PATCH v2 17/63] arch: hookup listns() system call * [PATCH v2 18/63] nsfs: update tools header * [PATCH v2 19/63] selftests/filesystems: remove CLONE_NEWPIDNS from setup_= userns() helper * [PATCH v2 20/63] selftests/namespaces: first active reference count tests * [PATCH v2 21/63] selftests/namespaces: second active reference count test= s * [PATCH v2 22/63] selftests/namespaces: third active reference count tests * [PATCH v2 23/63] selftests/namespaces: fourth active reference count test= s * [PATCH v2 24/63] selftests/namespaces: fifth active reference count tests * [PATCH v2 25/63] selftests/namespaces: sixth active reference count tests * [PATCH v2 26/63] selftests/namespaces: seventh active reference count tes= ts * [PATCH v2 27/63] selftests/namespaces: eigth active reference count tests * [PATCH v2 28/63] selftests/namespaces: ninth active reference count tests * [PATCH v2 29/63] selftests/namespaces: tenth active reference count tests * [PATCH v2 30/63] selftests/namespaces: eleventh active reference count te= sts * [PATCH v2 31/63] selftests/namespaces: twelth active reference count test= s * [PATCH v2 32/63] selftests/namespaces: thirteenth active reference count = tests * [PATCH v2 33/63] selftests/namespaces: fourteenth active reference count = tests * [PATCH v2 34/63] selftests/namespaces: fifteenth active reference count t= ests * [PATCH v2 35/63] selftests/namespaces: add listns() wrapper * [PATCH v2 36/63] selftests/namespaces: first listns() test * [PATCH v2 37/63] selftests/namespaces: second listns() test * [PATCH v2 38/63] selftests/namespaces: third listns() test * [PATCH v2 39/63] selftests/namespaces: fourth listns() test * [PATCH v2 40/63] selftests/namespaces: fifth listns() test * [PATCH v2 41/63] selftests/namespaces: sixth listns() test * [PATCH v2 42/63] selftests/namespaces: seventh listns() test * [PATCH v2 43/63] selftests/namespaces: ninth listns() test * [PATCH v2 44/63] selftests/namespaces: ninth listns() test * [PATCH v2 45/63] selftests/namespaces: first listns() permission test * [PATCH v2 46/63] selftests/namespaces: second listns() permission test * [PATCH v2 47/63] selftests/namespaces: third listns() permission test * [PATCH v2 48/63] selftests/namespaces: fourth listns() permission test * [PATCH v2 49/63] selftests/namespaces: fifth listns() permission test * [PATCH v2 50/63] selftests/namespaces: sixth listns() permission test * [PATCH v2 51/63] selftests/namespaces: seventh listns() permission test * [PATCH v2 52/63] selftests/namespaces: first inactive namespace resurrect= ion test * [PATCH v2 53/63] selftests/namespaces: second inactive namespace resurrec= tion test * [PATCH v2 54/63] selftests/namespaces: third inactive namespace resurrect= ion test * [PATCH v2 55/63] selftests/namespaces: fourth inactive namespace resurrec= tion test * [PATCH v2 56/63] selftests/namespaces: fifth inactive namespace resurrect= ion test * [PATCH v2 57/63] selftests/namespaces: sixth inactive namespace resurrect= ion test * [PATCH v2 58/63] selftests/namespaces: seventh inactive namespace resurre= ction test * [PATCH v2 59/63] selftests/namespaces: eigth inactive namespace resurrect= ion test * [PATCH v2 60/63] selftests/namespaces: ninth inactive namespace resurrect= ion test * [PATCH v2 61/63] selftests/namespaces: tenth inactive namespace resurrect= ion test * [PATCH v2 62/63] selftests/namespaces: eleventh inactive namespace resurr= ection test * [PATCH v2 63/63] selftests/namespaces: twelth inactive namespace resurrec= tion test and found the following issue: general protection fault in copy_creds Full report is available here: https://ci.syzbot.org/series/edb88bd4-fe2f-4399-a44b-69d30faa57fb *** general protection fault in copy_creds tree: bpf URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/bpf/bpf= .git base: 5fb750e8a9ae123b2034771b864b8a21dbef65cd arch: amd64 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp= 1~20250708183702.136), Debian LLD 20.1.8 config: https://ci.syzbot.org/builds/b6fa4981-93e1-4b9c-a4b4-a1be1c33d83= 5/config Oops: general protection fault, probably for non-canonical address 0xdffffc= 0000000012: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 1 UID: 0 PID: 5952 Comm: syz-executor Not tainted syzkaller #0 PREEMPT= (full)=20 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16= .2-1 04/01/2014 RIP: 0010:copy_creds+0x473/0xd10 Code: 6a 8b e8 a0 76 0f 00 48 c7 c7 e0 cd 13 8e 48 89 de e8 81 5c 0f 00 e8 = 6c 01 19 00 ba 01 00 00 00 4c 89 f7 31 f6 e8 6d 99 00 00 <41> 80 7c 24 12 0= 0 74 0a bf 90 00 00 00 e8 eb bc 97 00 4c 8b 34 25 RSP: 0018:ffffc900045d7938 EFLAGS: 00010286 RAX: 0000000000000131 RBX: ffffffff818e8499 RCX: ffff88810d1ad700 RDX: 0000000000000000 RSI: 7fffffffffffffff RDI: 0000000000000131 RBP: 0000000000000001 R08: ffffffff8dfef75f R09: 1ffffffff1bfdeeb R10: dffffc0000000000 R11: fffffbfff1bfdeec R12: dffffc0000000000 R13: 0000000000010000 R14: ffffffff8dfef6c0 R15: 1ffff110216064bd FS: 000055558d65c500(0000) GS:ffff8882a9d02000(0000) knlGS:000000000000000= 0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd1e15c36f0 CR3: 000000011b786000 CR4: 00000000000006f0 Call Trace: copy_process+0x964/0x3c00 kernel_clone+0x21e/0x840 __se_sys_clone3+0x256/0x2d0 do_syscall_64+0xfa/0xfa0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd1e15c3709 Code: d6 08 00 48 8d 3d bc d6 08 00 e8 02 29 f6 ff 66 90 b8 ea ff ff ff 48 = 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 7= 4 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 RSP: 002b:00007fff0ae99118 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 RAX: ffffffffffffffda RBX: 00007fd1e1545b10 RCX: 00007fd1e15c3709 RDX: 00007fd1e1545b10 RSI: 0000000000000058 RDI: 00007fff0ae99160 RBP: 00007fd1e13ff6c0 R08: 00007fd1e13ff6c0 R09: 00007fff0ae99247 R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffa8 R13: 0000000000000009 R14: 00007fff0ae99160 R15: 00007fff0ae99248 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:copy_creds+0x473/0xd10 Code: 6a 8b e8 a0 76 0f 00 48 c7 c7 e0 cd 13 8e 48 89 de e8 81 5c 0f 00 e8 = 6c 01 19 00 ba 01 00 00 00 4c 89 f7 31 f6 e8 6d 99 00 00 <41> 80 7c 24 12 0= 0 74 0a bf 90 00 00 00 e8 eb bc 97 00 4c 8b 34 25 RSP: 0018:ffffc900045d7938 EFLAGS: 00010286 RAX: 0000000000000131 RBX: ffffffff818e8499 RCX: ffff88810d1ad700 RDX: 0000000000000000 RSI: 7fffffffffffffff RDI: 0000000000000131 RBP: 0000000000000001 R08: ffffffff8dfef75f R09: 1ffffffff1bfdeeb R10: dffffc0000000000 R11: fffffbfff1bfdeec R12: dffffc0000000000 R13: 0000000000010000 R14: ffffffff8dfef6c0 R15: 1ffff110216064bd FS: 000055558d65c500(0000) GS:ffff8882a9d02000(0000) knlGS:000000000000000= 0 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fed5f717d60 CR3: 000000011b786000 CR4: 00000000000006f0 *** If these findings have caused you to resend the series or submit a separate fix, please add the following tag to your commit message: Tested-by: syzbot@syzkaller.appspotmail.com --- This report is generated by a bot. It may contain errors. syzbot ci engineers can be reached at syzkaller@googlegroups.com. The email will later be sent to: [amir73il@gmail.com arnd@arndb.de bpf@vger.kernel.org brauner@kernel.org cg= roups@vger.kernel.org cyphar@cyphar.com daan.j.demeyer@gmail.com edumazet@g= oogle.com hannes@cmpxchg.org jack@suse.cz jannh@google.com jlayton@kernel.o= rg josef@toxicpanda.com kuba@kernel.org linux-fsdevel@vger.kernel.org linux= -kernel@vger.kernel.org me@yhndnzj.com mzxreary@0pointer.de netdev@vger.ker= nel.org tglx@linutronix.de tj@kernel.org viro@zeniv.linux.org.uk zbyszek@in= .waw.pl] If the report looks fine to you, reply with: #syz upstream