From: syzbot <syzbot+553c4078ab14e3cf3358@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [lsm?] WARNING in put_cred_rcu
Date: Fri, 07 Nov 2025 23:14:02 -0800 [thread overview]
Message-ID: <690eedba.a70a0220.22f260.0075.GAE@google.com> (raw)
In-Reply-To: <20251108063831.8984-1-hdanton@sina.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in destroy_super_work
------------[ cut here ]------------
WARNING: CPU: 0 PID: 22406 at ./include/linux/ns_common.h:261 __ns_ref_put include/linux/ns_common.h:261 [inline]
WARNING: CPU: 0 PID: 22406 at ./include/linux/ns_common.h:261 put_user_ns include/linux/user_namespace.h:189 [inline]
WARNING: CPU: 0 PID: 22406 at ./include/linux/ns_common.h:261 destroy_super_work+0x15c/0x1a0 fs/super.c:280
Modules linked in:
CPU: 0 UID: 0 PID: 22406 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: events destroy_super_work
RIP: 0010:__ns_ref_put include/linux/ns_common.h:261 [inline]
RIP: 0010:put_user_ns include/linux/user_namespace.h:189 [inline]
RIP: 0010:destroy_super_work+0x15c/0x1a0 fs/super.c:280
Code: 4a 65 ff 48 81 c3 a8 fc ff ff 48 89 df e8 8c 4a 65 ff 4c 89 f7 5b 41 5c 41 5d 41 5e 41 5f 5d e9 6a 66 e2 ff e8 c5 48 88 ff 90 <0f> 0b 90 e9 6d ff ff ff e8 b7 48 88 ff 4c 89 e7 be 03 00 00 00 e8
RSP: 0018:ffffc90003b7fa28 EFLAGS: 00010293
RAX: ffffffff823893cb RBX: ffff88805ca22898 RCX: ffff88807b670000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: 0000000000000004 R08: ffff8880277fc9e3 R09: 1ffff11004eff93c
R10: dffffc0000000000 R11: ffffed1004eff93d R12: ffff8880277fc9e0
R13: dffffc0000000000 R14: ffff88805ca22000 R15: ffff8880277fc850
FS: 0000000000000000(0000) GS:ffff888125cf2000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4d20c10286 CR3: 000000000df38000 CR4: 00000000003526f0
Call Trace:
<TASK>
process_one_work kernel/workqueue.c:3263 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Tested on:
commit: 00f5a3b5 DO NOT MERGE - This is purely for testing a b..
git tree: https://github.com/brauner/linux.git namespace-6.19.fixes
console output: https://syzkaller.appspot.com/x/log.txt?x=17a46a58580000
kernel config: https://syzkaller.appspot.com/x/.config?x=e31f5f45f87b6763
dashboard link: https://syzkaller.appspot.com/bug?extid=553c4078ab14e3cf3358
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Note: no patches were applied.
next prev parent reply other threads:[~2025-11-08 7:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 14:05 [syzbot] [lsm?] WARNING in put_cred_rcu syzbot
2025-11-08 6:38 ` Hillf Danton
2025-11-08 7:14 ` syzbot [this message]
2025-11-10 8:45 ` Christian Brauner
2025-11-10 10:09 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=690eedba.a70a0220.22f260.0075.GAE@google.com \
--to=syzbot+553c4078ab14e3cf3358@syzkaller.appspotmail.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.