From: syzbot <syzbot+8bca99e91de7e060e4ea@syzkaller.appspotmail.com>
To: gnoack@google.com, jmorris@namei.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, mic@digikod.net,
paul@paul-moore.com, serge@hallyn.com,
syzkaller-bugs@googlegroups.com
Subject: [syzbot] [lsm?] WARNING in free_ruleset
Date: Sun, 30 Mar 2025 03:15:27 -0700 [thread overview]
Message-ID: <67e919bf.050a0220.1547ec.00a0.GAE@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 7d06015d936c Merge tag 'pci-v6.15-changes' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12c4fbb0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f2dde96545058477
dashboard link: https://syzkaller.appspot.com/bug?extid=8bca99e91de7e060e4ea
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13380404580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=174f764c580000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-7d06015d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a3714415ac07/vmlinux-7d06015d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/60a299508e73/Image-7d06015d.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8bca99e91de7e060e4ea@syzkaller.appspotmail.com
el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132
do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151
el0_svc+0x30/0xe0 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 __ll_sc_atomic_fetch_sub_release arch/arm64/include/asm/atomic_ll_sc.h:96 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 raw_atomic_fetch_sub_release include/linux/atomic/atomic-arch-fallback.h:944 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:401 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 __refcount_sub_and_test include/linux/refcount.h:264 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 __refcount_dec_and_test include/linux/refcount.h:307 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 refcount_dec_and_test include/linux/refcount.h:325 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 landlock_put_hierarchy security/landlock/domain.h:164 [inline]
WARNING: CPU: 1 PID: 3298 at security/landlock/domain.h:133 free_ruleset+0x144/0x174 security/landlock/ruleset.c:490
Modules linked in:
CPU: 1 UID: 0 PID: 3298 Comm: syz-executor356 Not tainted 6.14.0-syzkaller-09584-g7d06015d936c #0 PREEMPT
Hardware name: linux,dummy-virt (DT)
pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : landlock_free_hierarchy_details security/landlock/domain.h:133 [inline]
pc : landlock_put_hierarchy security/landlock/domain.h:168 [inline]
pc : free_ruleset+0x144/0x174 security/landlock/ruleset.c:490
lr : landlock_put_hierarchy security/landlock/domain.h:167 [inline]
lr : free_ruleset+0xdc/0x174 security/landlock/ruleset.c:490
sp : ffff800089483d30
x29: ffff800089483d30 x28: f7f0000005ba0000 x27: 0000000000000000
x26: 0000000000000000 x25: fcf000000415ca80 x24: fcf00000040a7438
x23: 00000000ffffffff x22: 0000000000000001 x21: fcf00000040a7420
x20: fcf00000040a7420 x19: f1f000000678ca00 x18: 00000000fffffffd
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800089483270
x14: 00000000ffffffea x13: ffff800089483808 x12: ffff80008298eb10
x11: 0000000000000001 x10: 0000000000000001 x9 : 000000000002ffe8
x8 : f7f0000005ba0000 x7 : ffff800089483fd8 x6 : 00000000000affa8
x5 : fff000007f8e3588 x4 : ffff800089484000 x3 : 0000000000000000
x2 : fcf00000040a7458 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
__ll_sc_atomic_fetch_sub_release arch/arm64/include/asm/atomic_ll_sc.h:96 [inline] (P)
arch_atomic_fetch_sub_release arch/arm64/include/asm/atomic.h:51 [inline] (P)
raw_atomic_fetch_sub_release include/linux/atomic/atomic-arch-fallback.h:944 [inline] (P)
atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:401 [inline] (P)
__refcount_sub_and_test include/linux/refcount.h:264 [inline] (P)
__refcount_dec_and_test include/linux/refcount.h:307 [inline] (P)
refcount_dec_and_test include/linux/refcount.h:325 [inline] (P)
landlock_put_hierarchy security/landlock/domain.h:164 [inline] (P)
free_ruleset+0x144/0x174 security/landlock/ruleset.c:490 (P)
landlock_put_ruleset security/landlock/ruleset.c:498 [inline]
landlock_put_ruleset security/landlock/ruleset.c:494 [inline]
__free_landlock_put_ruleset security/landlock/ruleset.h:200 [inline]
landlock_merge_ruleset+0x210/0x440 security/landlock/ruleset.c:534
__do_sys_landlock_restrict_self security/landlock/syscalls.c:549 [inline]
__se_sys_landlock_restrict_self security/landlock/syscalls.c:479 [inline]
__arm64_sys_landlock_restrict_self+0xb0/0x250 security/landlock/syscalls.c:479
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49
el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132
do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151
el0_svc+0x30/0xe0 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
next reply other threads:[~2025-03-30 10:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-30 10:15 syzbot [this message]
2025-03-31 10:47 ` [PATCH v1] landlock: Remove incorrect warning Mickaël Salaün
2025-04-01 11:51 ` Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67e919bf.050a0220.1547ec.00a0.GAE@google.com \
--to=syzbot+8bca99e91de7e060e4ea@syzkaller.appspotmail.com \
--cc=gnoack@google.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.