[linux-next:master] [ns] 3a18f80918: WARNING:at_include/linux/ns_common.h:#put_cred_rcu
Christian Brauner
brauner at kernel.org
Tue Nov 11 09:36:28 UTC 2025
On Tue, Nov 11, 2025 at 03:08:10PM +0800, kernel test robot wrote:
>
>
> Hello,
>
> kernel test robot noticed "WARNING:at_include/linux/ns_common.h:#put_cred_rcu" on:
>
> commit: 3a18f809184bc5a1cfad7cde5b8b026e2ff61587 ("ns: add active reference count")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
This is fixed in namespace-6.19 which should've made it into -next about
five hours ago.
Note that "linux-next.git master" is pretty useless. By the time I read
this mail linux-next's master branch will have already been updated. So
you should give a commit hash as well or a tag.
>
> in testcase: trinity
> version:
> with following parameters:
>
> runtime: 300s
> group: group-01
> nr_groups: 5
>
>
>
> config: x86_64-randconfig-r053-20251109
> compiler: gcc-14
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang at intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202511111547.de480df9-lkp@intel.com
>
>
> [ 41.172047][ C1] ------------[ cut here ]------------
> [ 41.172821][ C1] WARNING: CPU: 1 PID: 0 at include/linux/ns_common.h:227 put_cred_rcu (include/linux/ns_common.h:227 include/linux/user_namespace.h:189 kernel/cred.c:88)
> [ 41.173907][ C1] Modules linked in: serio_raw(F) floppy(F) tiny_power_button(F) button(F)
> [ 41.174959][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: GF T 6.18.0-rc2-00014-g3a18f809184b #1 PREEMPTLAZY 9f2dc8152166a7dcc87d7d6a6b2b12a17475cded
> [ 41.176815][ C1] Tainted: [F]=FORCED_MODULE, [T]=RANDSTRUCT
> [ 41.177517][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> [ 41.178764][ C1] RIP: 0010:put_cred_rcu (include/linux/ns_common.h:227 include/linux/user_namespace.h:189 kernel/cred.c:88)
> [ 41.179419][ C1] Code: 02 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 0c 84 d2 74 08 48 89 ef e8 0d 9f 55 00 8b 83 30 03 00 00 85 c0 74 09 e8 ae 24 1c 00 90 <0f> 0b 90 e8 a5 24 1c 00 48 89 df e8 fd a9 1b 00 e8 98 24 1c 00 4c
> All code
> ========
> 0: 02 48 89 add -0x77(%rax),%cl
> 3: e8 83 e0 07 83 call 0xffffffff8307e08b
> 8: c0 03 38 rolb $0x38,(%rbx)
> b: d0 7c 0c 84 sarb $1,-0x7c(%rsp,%rcx,1)
> f: d2 74 08 48 shlb %cl,0x48(%rax,%rcx,1)
> 13: 89 ef mov %ebp,%edi
> 15: e8 0d 9f 55 00 call 0x559f27
> 1a: 8b 83 30 03 00 00 mov 0x330(%rbx),%eax
> 20: 85 c0 test %eax,%eax
> 22: 74 09 je 0x2d
> 24: e8 ae 24 1c 00 call 0x1c24d7
> 29: 90 nop
> 2a:* 0f 0b ud2 <-- trapping instruction
> 2c: 90 nop
> 2d: e8 a5 24 1c 00 call 0x1c24d7
> 32: 48 89 df mov %rbx,%rdi
> 35: e8 fd a9 1b 00 call 0x1baa37
> 3a: e8 98 24 1c 00 call 0x1c24d7
> 3f: 4c rex.WR
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: 90 nop
> 3: e8 a5 24 1c 00 call 0x1c24ad
> 8: 48 89 df mov %rbx,%rdi
> b: e8 fd a9 1b 00 call 0x1baa0d
> 10: e8 98 24 1c 00 call 0x1c24ad
> 15: 4c rex.WR
> [ 41.181507][ C1] RSP: 0018:ffffc900001c8e58 EFLAGS: 00010246
> [ 41.182352][ C1] RAX: 0000000000000000 RBX: ffff8881649b8780 RCX: 0000000000000000
> [ 41.183326][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> [ 41.184311][ C1] RBP: ffff8881649b8ab0 R08: 0000000000000000 R09: 0000000000000000
> [ 41.185324][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88815d490c80
> [ 41.186287][ C1] R13: ffffffff83d2b7c0 R14: 0000000000000004 R15: ffffffff813e6e70
> [ 41.187244][ C1] FS: 0000000000000000(0000) GS:ffff888799e76000(0000) knlGS:0000000000000000
> [ 41.188285][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 41.191457][ C1] CR2: 00000000004003c0 CR3: 0000000003c88000 CR4: 00000000000406b0
> [ 41.192491][ C1] Call Trace:
> [ 41.192939][ C1] <IRQ>
> [ 41.193359][ C1] rcu_do_batch (include/linux/rcupdate.h:341 kernel/rcu/tree.c:2607)
> [ 41.193952][ C1] ? rcu_pending (kernel/rcu/tree.c:2529)
> [ 41.194567][ C1] ? rcu_disable_urgency_upon_qs (kernel/rcu/tree.c:725 (discriminator 1))
> [ 41.195408][ C1] ? trace_irq_enable+0xac/0xe0
> [ 41.196177][ C1] rcu_core (kernel/rcu/tree.c:2863)
> [ 41.196782][ C1] handle_softirqs (arch/x86/include/asm/jump_label.h:36 include/trace/events/irq.h:142 kernel/softirq.c:623)
> [ 41.197442][ C1] __irq_exit_rcu (kernel/softirq.c:496 kernel/softirq.c:723)
> [ 41.198071][ C1] irq_exit_rcu (kernel/softirq.c:741 (discriminator 38))
> [ 41.198779][ C1] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1052 (discriminator 35) arch/x86/kernel/apic/apic.c:1052 (discriminator 35))
> [ 41.199466][ C1] </IRQ>
> [ 41.199885][ C1] <TASK>
> [ 41.200311][ C1] asm_sysvec_apic_timer_interrupt (arch/x86/include/asm/idtentry.h:569)
> [ 41.201027][ C1] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82)
> [ 41.201736][ C1] Code: 48 8b 3d 28 51 54 02 e8 23 00 00 00 48 2b 05 fc cf af 00 31 ff c3 cc cc cc cc cc cc cc cc cc eb 07 0f 00 2d 97 fc 0e 00 fb f4 <c3> cc cc cc cc 41 57 41 56 41 55 41 54 55 48 89 fd 53 44 8b 6d 00
> All code
> ========
> 0: 48 8b 3d 28 51 54 02 mov 0x2545128(%rip),%rdi # 0x254512f
> 7: e8 23 00 00 00 call 0x2f
> c: 48 2b 05 fc cf af 00 sub 0xafcffc(%rip),%rax # 0xafd00f
> 13: 31 ff xor %edi,%edi
> 15: c3 ret
> 16: cc int3
> 17: cc int3
> 18: cc int3
> 19: cc int3
> 1a: cc int3
> 1b: cc int3
> 1c: cc int3
> 1d: cc int3
> 1e: cc int3
> 1f: eb 07 jmp 0x28
> 21: 0f 00 2d 97 fc 0e 00 verw 0xefc97(%rip) # 0xefcbf
> 28: fb sti
> 29: f4 hlt
> 2a:* c3 ret <-- trapping instruction
> 2b: cc int3
> 2c: cc int3
> 2d: cc int3
> 2e: cc int3
> 2f: 41 57 push %r15
> 31: 41 56 push %r14
> 33: 41 55 push %r13
> 35: 41 54 push %r12
> 37: 55 push %rbp
> 38: 48 89 fd mov %rdi,%rbp
> 3b: 53 push %rbx
> 3c: 44 8b 6d 00 mov 0x0(%rbp),%r13d
>
> Code starting with the faulting instruction
> ===========================================
> 0: c3 ret
> 1: cc int3
> 2: cc int3
> 3: cc int3
> 4: cc int3
> 5: 41 57 push %r15
> 7: 41 56 push %r14
> 9: 41 55 push %r13
> b: 41 54 push %r12
> d: 55 push %rbp
> e: 48 89 fd mov %rdi,%rbp
> 11: 53 push %rbx
> 12: 44 8b 6d 00 mov 0x0(%rbp),%r13d
> [ 41.203822][ C1] RSP: 0018:ffffc9000014fe38 EFLAGS: 00000246
> [ 41.204551][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
> [ 41.205618][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> [ 41.206601][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
> [ 41.207613][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881008322c0
> [ 41.208650][ C1] R13: 1ffff92000029fca R14: dffffc0000000000 R15: 0000000000000000
> [ 41.209689][ C1] default_idle (arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767)
> [ 41.210257][ C1] default_idle_call (include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1))
> [ 41.210879][ C1] cpuidle_idle_call (kernel/sched/idle.c:191)
> [ 41.211506][ C1] ? arch_cpu_idle_exit+0x30/0x30
> [ 41.215390][ C1] ? tick_nohz_start_idle (kernel/time/tick-sched.c:753)
> [ 41.216069][ C1] ? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:81)
> [ 41.216763][ C1] do_idle (kernel/sched/idle.c:332)
> [ 41.217295][ C1] cpu_startup_entry (kernel/sched/idle.c:427)
> [ 41.217929][ C1] start_secondary (arch/x86/kernel/smpboot.c:315)
> [ 41.218650][ C1] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:233)
> [ 41.219100][ C1] common_startup_64 (arch/x86/kernel/head_64.S:419)
> [ 41.219506][ C1] </TASK>
> [ 41.219783][ C1] irq event stamp: 42022
> [ 41.220131][ C1] hardirqs last enabled at (42021): tick_nohz_idle_exit (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:119 kernel/time/tick-sched.c:1472)
> [ 41.220844][ C1] hardirqs last disabled at (42022): __schedule (kernel/sched/core.c:6814)
> [ 41.221520][ C1] softirqs last enabled at (42010): handle_softirqs (kernel/softirq.c:469 (discriminator 2) kernel/softirq.c:650 (discriminator 2))
> [ 41.222380][ C1] softirqs last disabled at (42001): __irq_exit_rcu (kernel/softirq.c:496 kernel/softirq.c:723)
> [ 41.223139][ C1] ---[ end trace 0000000000000000 ]---
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20251111/202511111547.de480df9-lkp@intel.com
>
>
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
More information about the Linux-security-module-archive
mailing list