Regression on linux-next (next-20250721)

John Johansen john.johansen at canonical.com
Thu Jul 31 08:16:19 UTC 2025 

On 7/30/25 23:46, Borah, Chaitanya Kumar wrote:
> 
> 
> On 7/30/2025 4:24 PM, John Johansen wrote:
>>> After bisecting the tree, the following patch [4] seems to be the first "bad" commit
>>>
>>> `````````````````````````````````````````````````````````````````````````````````````````````````````````
>>> commit 88fec3526e84123997ecebd6bb6778eb4ce779b7
>>>
>>> Author: John Johansen john.johansen at canonical.com
>>>
>>> Date:   Thu Jun 19 22:11:52 2025 -0700
>>>
>>>
>>>      apparmor: make sure unix socket labeling is correctly updated.
>>> `````````````````````````````````````````````````````````````````````````````````````````````````````````
>>>
>>> We also verified that if we revert the patch the issue is not seen.
>>>
>>> Could you please check why the patch causes this regression and provide a fix if necessary?
>>
>> yep thanks, fix made. That patch accidentally removed the spinlock initialization from
>> apparmor_file_alloc_security() while testing spin lock changes to the very similar
>> apparmor_sk_alloc_security(), and it wasn't caught 🙁
>>
>> anyways fix is being pushed
> 
> Thank you John for your response. Kindly share the patch whenever it is available. So that we can verify the fix.
> 

in apparmor-next it is
43584e993293 apparmor: fix Regression on linux-next (next-20250721)

but also included below

 From 43584e993293326cfc508e664fe81f56a65f6240 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen at canonical.com>
Date: Wed, 30 Jul 2025 03:47:07 -0700
Subject: [PATCH] apparmor: fix Regression on linux-next (next-20250721)

sk lock initialization was incorrectly removed, from
apparmor_file_alloc_security() while testing changes to changes to
apparmor_sk_alloc_security()

resulting in the following regression.

[   48.056654] INFO: trying to register non-static key.
[   48.057480] The code is fine but needs lockdep annotation, or maybe
[   48.058416] you didn't initialize this object before use?
[   48.059209] turning off the locking correctness validator.
[   48.060040] CPU: 0 UID: 0 PID: 648 Comm: chronyd Not tainted 6.16.0-rc7-test-next-20250721-11410-g1ee809985e11-dirty #577 NONE
[   48.060049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.060055] Call Trace:
[   48.060059]  <TASK>
[   48.060063] dump_stack_lvl (lib/dump_stack.c:122)
[   48.060075] register_lock_class (kernel/locking/lockdep.c:988 kernel/locking/lockdep.c:1302)
[   48.060084] ? path_name (security/apparmor/file.c:159)
[   48.060093] __lock_acquire (kernel/locking/lockdep.c:5116)
[   48.060103] lock_acquire (kernel/locking/lockdep.c:473 (discriminator 4) kernel/locking/lockdep.c:5873 (discriminator 4) kernel/locking/lockdep.c:5828 (discriminator 4))
[   48.060109] ? update_file_ctx (security/apparmor/file.c:464)
[   48.060115] ? __pfx_profile_path_perm (security/apparmor/file.c:247)
[   48.060121] _raw_spin_lock (include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[   48.060130] ? update_file_ctx (security/apparmor/file.c:464)
[   48.060134] update_file_ctx (security/apparmor/file.c:464)
[   48.060140] aa_file_perm (security/apparmor/file.c:532 (discriminator 1) security/apparmor/file.c:642 (discriminator 1))
[   48.060147] ? __pfx_aa_file_perm (security/apparmor/file.c:607)
[   48.060152] ? do_mmap (mm/mmap.c:558)
[   48.060160] ? __pfx_userfaultfd_unmap_complete (fs/userfaultfd.c:841)
[   48.060170] ? __lock_acquire (kernel/locking/lockdep.c:4677 (discriminator 1) kernel/locking/lockdep.c:5194 (discriminator 1))
[   48.060176] ? common_file_perm (security/apparmor/lsm.c:535 (discriminator 1))
[   48.060185] security_mmap_file (security/security.c:3012 (discriminator 2))
[   48.060192] vm_mmap_pgoff (mm/util.c:574 (discriminator 1))
[   48.060200] ? find_held_lock (kernel/locking/lockdep.c:5353 (discriminator 1))
[   48.060206] ? __pfx_vm_mmap_pgoff (mm/util.c:568)
[   48.060212] ? lock_release (kernel/locking/lockdep.c:5539 kernel/locking/lockdep.c:5892 kernel/locking/lockdep.c:5878)
[   48.060219] ? __fget_files (arch/x86/include/asm/preempt.h:85 (discriminator 13) include/linux/rcupdate.h:100 (discriminator 13) include/linux/rcupdate.h:873 (discriminator 13) fs/file.c:1072 (discriminator 13))
[   48.060229] ksys_mmap_pgoff (mm/mmap.c:604)
[   48.060239] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))
[   48.060248] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[   48.060254] RIP: 0033:0x7fb6920e30a2
[ 48.060265] Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 e6 41 01 00 16 00
All code
========
    0:	08 00                	or     %al,(%rax)
    2:	04 00                	add    $0x0,%al
    4:	00 eb                	add    %ch,%bl
    6:	e2 90                	loop   0xffffffffffffff98
    8:	41 f7 c1 ff 0f 00 00 	test   $0xfff,%r9d
    f:	75 27                	jne    0x38
   11:	55                   	push   %rbp
   12:	89 cd                	mov    %ecx,%ebp
   14:	53                   	push   %rbx
   15:	48 89 fb             	mov    %rdi,%rbx
   18:	48 85 ff             	test   %rdi,%rdi
   1b:	74 33                	je     0x50
   1d:	41 89 ea             	mov    %ebp,%r10d
   20:	48 89 df             	mov    %rbx,%rdi
   23:	b8 09 00 00 00       	mov    $0x9,%eax
   28:	0f 05                	syscall
   2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
   30:	77 5e                	ja     0x90
   32:	5b                   	pop    %rbx
   33:	5d                   	pop    %rbp
   34:	c3                   	ret
   35:	0f 1f 00             	nopl   (%rax)
   38:	c7                   	.byte 0xc7
   39:	05 e6 41 01 00       	add    $0x141e6,%eax
   3e:	16                   	(bad)
	...

Code starting with the faulting instruction
===========================================
    0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
    6:	77 5e                	ja     0x66
    8:	5b                   	pop    %rbx
    9:	5d                   	pop    %rbp
    a:	c3                   	ret
    b:	0f 1f 00             	nopl   (%rax)
    e:	c7                   	.byte 0xc7
    f:	05 e6 41 01 00       	add    $0x141e6,%eax
   14:	16                   	(bad)
	...
[   48.060270] RSP: 002b:00007ffd2c0d3528 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
[   48.060279] RAX: ffffffffffffffda RBX: 00007fb691fc8000 RCX: 00007fb6920e30a2
[   48.060283] RDX: 0000000000000005 RSI: 000000000007d000 RDI: 00007fb691fc8000
[   48.060287] RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000011000
[   48.060290] R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffd2c0d3578
[   48.060293] R13: 00007fb6920b6160 R14: 00007ffd2c0d39f0 R15: 00000fffa581a6a8

Fixes: 88fec3526e84 ("apparmor: make sure unix socket labeling is correctly updated.")
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
  security/apparmor/lsm.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index e4b2944431e4..f385913e7d0e 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -505,6 +505,7 @@ static int apparmor_file_alloc_security(struct file *file)
  	struct aa_file_ctx *ctx = file_ctx(file);
  	struct aa_label *label = begin_current_label_crit_section();
  
+	spin_lock_init(&ctx->lock);
  	rcu_assign_pointer(ctx->label, aa_get_label(label));
  	end_current_label_crit_section(label);
  	return 0;
-- 
2.43.0

More information about the Intel-gfx mailing list