[Bug 2151273] Re: Kernel panic in path_is_under() at fs/namespace.c when running Docker containers on Ubuntu 26.04 with kernel 7.0.0

** Tags added: kernel-daily-bug -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2151273 Title: Kernel panic in path_is_under() at fs/namespace.c when running Docker containers on Ubuntu 26.04 with kernel 7.0.0 Status in linux package in Ubuntu: New Bug description: On Ubuntu 26.04 LTS (kernel 7.0.0-15-generic), the system crashes unpredictably with a general protection fault in path_is_under()+0x50/0x90 (fs/namespace.c). The crash occurs consistently when Docker containers are started or stopped — both privileged Docker and rootless Docker trigger it. The fault address is always a non-canonical (garbage) pointer, indicating memory corruption in the mount/namespace path. Environment: - OS: Ubuntu 26.04 LTS (Resolute Raccoon) - Kernel: 7.0.0-15-generic (also reproduced on 7.0.0-14-generic) - CPU: Intel Core i9-13900K - Docker: 29.4.2 (both privileged and rootless modes tested) - Storage driver: overlay2 / fuse-overlayfs (both tested) Steps to reproduce: 1. Boot into kernel 7.0.0-15-generic 2. Start any Docker container (docker run --rm hello-world is sufficient) 3. Container starts successfully, but during cleanup (mount namespace teardown / overlayfs unmount), the system crashes 4. kdump captures the vmcore; on next boot, systemd-fsck reports dirty filesystems Expected result: Docker container starts and exits cleanly without kernel panic. Actual result: System crashes with the following oops (from /var/crash/202605060957/dmesg): [ 267.477621] Oops: general protection fault, probably for non-canonical address 0xfb4c20ffffffffa4: 0000 [#1] SMP NOPTI [ 267.477631] RIP: 0010:path_is_under+0x50/0x90 [ 267.477644] Call Trace: [ 267.477682] RIP: 0033:0x7bdb36995210 The faulting address changes across crashes (e.g., 0xfb4c20ffffffffa4, 0x856023c00000415d, 0x75efb188ffff8d9c), consistent with use-after- free or memory corruption in the mount tree. What has been ruled out: - Not a hardware/PSU issue: crashes are 100% reproducible with Docker, never happen without Docker running - Not BIOS/ACPI: BIOS was updated; ACPI errors remain but are unrelated - Not split-lock detection: user-space split-lock traps are logged as warnings only; the panic is a GPF, not #AC - Not overlayfs-specific: rootless Docker with fuse-overlayfs storage driver crashes identically - Not container runtime-specific: both Docker (privileged) and rootless Docker trigger it ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: linux-image-7.0.0-15-generic 7.0.0-15.15 ProcVersionSignature: Ubuntu 7.0.0-15.15-generic 7.0.0 Uname: Linux 7.0.0-15-generic x86_64 ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: chenxuefei 6485 F.... wireplumber /dev/snd/controlC1: chenxuefei 6485 F.... wireplumber /dev/snd/seq: chenxuefei 6467 F.... pipewire CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed May 6 10:44:55 2026 InstallationDate: Installed on 2026-04-27 (9 days ago) InstallationMedia: Ubuntu 26.04 "Resolute Raccoon" - Release amd64 (20260423.1) MachineType: Micro-Star International Co., Ltd. MS-7E06 ProcEnviron: LANG=zh_CN.UTF-8 PATH=(custom, no user) SHELL=/usr/bin/zsh TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcFB: 0 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-7.0.0-15-generic root=UUID=6eeb9663-e340-4ac4-970b-8729a939c496 ro quiet splash crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RfKill: 0: hci0: Bluetooth Soft blocked: no Hard blocked: no SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/31/2025 dmi.bios.release: 5.32 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: A.I0 dmi.board.asset.tag: Default string dmi.board.name: PRO Z790-P (MS-7E06) dmi.board.vendor: Micro-Star International Co., Ltd. dmi.board.version: 2.0 dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Micro-Star International Co., Ltd. dmi.chassis.version: 2.0 dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrA.I0:bd07/31/2025:br5.32:svnMicro-StarInternationalCo.,Ltd.:pnMS-7E06:pvr2.0:rvnMicro-StarInternationalCo.,Ltd.:rnPROZ790-P(MS-7E06):rvr2.0:cvnMicro-StarInternationalCo.,Ltd.:ct3:cvr2.0:skuDefaultstring:pfaDefaultstring: dmi.product.family: Default string dmi.product.name: MS-7E06 dmi.product.sku: Default string dmi.product.version: 2.0 dmi.sys.vendor: Micro-Star International Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2151273/+subscriptions