ci starts bisection 2024-05-10 08:49:15.568530682 +0000 UTC m=+65515.740437324 bisecting cause commit starting from 45db3ab70092637967967bfd8e6144017638563c building syzkaller on de979bc20b2b73242b7d6fbbdf614a8cb4c574f4 ensuring issue is reproducible on original commit 45db3ab70092637967967bfd8e6144017638563c testing commit 45db3ab70092637967967bfd8e6144017638563c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9d35872f3430cc7dbcd6b1e02f6077d2d2da563c77633ed562c96fe25b69a56b all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 45db3ab70092637967967bfd8e6144017638563c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4e3c24b48e1800c07039d13f094604e73fb4e9ba4310207948a6f65721909165 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=3976 full=8007 leaves diff=2013 split chunks (needed=false): <2013> split chunk #0 of len 2013 into 5 parts testing without sub-chunk 1/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 45db3ab70092637967967bfd8e6144017638563c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5a01183d8b2049cfcf07b4a14a272e6ea619c73ee60d850d49c388d5b4730cbb all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 45db3ab70092637967967bfd8e6144017638563c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b2f2116a6502bf42b7b6f7a1afdd7daf70ebb5aeeaf3719c9c0b369346554a74 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 45db3ab70092637967967bfd8e6144017638563c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3bf7694d6f0b56641f3ef56f08e07107d6ca9f1eccf71b9465cabb83332f5d78 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 45db3ab70092637967967bfd8e6144017638563c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 618c89dc1d0ee3521d5001765bb90d5fc997d7b4f81dc1de67820aeff3fc9cd1 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 45db3ab70092637967967bfd8e6144017638563c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 38964d4d1f6fb6f043ff59af4be479947e9ed194c48b8d3096f754e8dced3c46 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] the chunk can be dropped disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed picked [v6.8 v6.7 v6.6 v6.4 v6.2 v6.0 v5.18 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 31 release tags testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 301da86d71a383f96646c0cdec4638d5746768fc1e33cdaaf65a9b20a6b3b58a all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dfb92df843b99e3aef2d6e27b3fe48303ed1dc21fc8ee2ddeba0521c575b4038 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 98459238b2500ada0b9152ba51aea11d5157d3609cdb05451ef50182196bb3dd all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bdde93617139c2cefd6ec5cfda357d3e2140bbd0ddac032a5f2f84c6320f0443 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bd5ab407683aac5280e914d9efcb7603fd03d824cf809c704f8fe35d2d9e60f0 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3b081f91adab52de952a1bd71ffe9ebf641f30078f4abfb8e138b3a99fb3e623 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5afd701c239267e05655f5478ee5ae3d8a395f42b65af0bb3969997ecc3ea1b3 all runs: OK false negative chance: 0.000 # git bisect start 4fe89d07dcc2804c8b562f6c7896a45643d34b2f 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 16503 revisions left to test after this (roughly 14 steps) [0fac198def2b41138850867b6aa92044c76ff802] Merge tag 'fs.idmapped.overlay.acl.v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 0fac198def2b41138850867b6aa92044c76ff802 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8aba3ed71c2180872468b36c9a7033087a4a0bcf1f1a57feeb783efb5d6a5124 all runs: OK false negative chance: 0.000 # git bisect good 0fac198def2b41138850867b6aa92044c76ff802 Bisecting: 8189 revisions left to test after this (roughly 13 steps) [723c188d5cd42a07344f997b0b7e1d83b4173c8d] Merge tag 'staging-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 723c188d5cd42a07344f997b0b7e1d83b4173c8d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7a40307a81c51bfb4c879f4d95ceee876bbf949c7237c474d1ddb8d6243e8d1f all runs: OK false negative chance: 0.000 # git bisect good 723c188d5cd42a07344f997b0b7e1d83b4173c8d Bisecting: 4099 revisions left to test after this (roughly 12 steps) [83ee9f23763a432a4077bf20624ee35de87bce99] powerpc/kexec: Fix build failure from uninitialised variable testing commit 83ee9f23763a432a4077bf20624ee35de87bce99 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 443a6487c9fe16c6d864c65125fdb6c46786da28480e2d6903e5a14a94daa8ba all runs: OK false negative chance: 0.000 # git bisect good 83ee9f23763a432a4077bf20624ee35de87bce99 Bisecting: 2045 revisions left to test after this (roughly 11 steps) [4c2d0b039c5cc0112206a5b22431b577cb1c57ad] Merge tag 'net-6.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 4c2d0b039c5cc0112206a5b22431b577cb1c57ad gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fdb6ac98aed55265fe08f23d118157dff1e7bbcb7be05c1abfb08678984a2de1 all runs: OK false negative chance: 0.000 # git bisect good 4c2d0b039c5cc0112206a5b22431b577cb1c57ad Bisecting: 1022 revisions left to test after this (roughly 10 steps) [47af6c640ed82f111dbce0b3bf4083a91d61e324] Merge tag 'usb-serial-6.0-rc7' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus testing commit 47af6c640ed82f111dbce0b3bf4083a91d61e324 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 633f9e3ecc9f8d8702ac26ac94becaa95ad64b20890ac9fef560ab8d600a7607 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] # git bisect bad 47af6c640ed82f111dbce0b3bf4083a91d61e324 Bisecting: 504 revisions left to test after this (roughly 9 steps) [e022620b5d056e822e42eb9bc0f24fcb97389d86] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit e022620b5d056e822e42eb9bc0f24fcb97389d86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a678da3974e654c88f55b0b430440f04c23a96246a0323ca289eb685d7a0f95 all runs: OK false negative chance: 0.000 # git bisect good e022620b5d056e822e42eb9bc0f24fcb97389d86 Bisecting: 269 revisions left to test after this (roughly 8 steps) [1a2f6a3722a7c127817af24efb309e5bf70afe36] Merge tag 'platform-drivers-x86-v6.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 1a2f6a3722a7c127817af24efb309e5bf70afe36 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fb2fb91fa5287c7b24263a4ba4b0be0a9fdd087bff9e82e32bb9f7ec0cc7bb90 all runs: OK false negative chance: 0.000 # git bisect good 1a2f6a3722a7c127817af24efb309e5bf70afe36 Bisecting: 123 revisions left to test after this (roughly 7 steps) [1e8e515edd6dbe15b86003d846fee005c12c0685] Merge tag 'drm-fixes-2022-09-02' of git://anongit.freedesktop.org/drm/drm testing commit 1e8e515edd6dbe15b86003d846fee005c12c0685 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1ba389578fb804021951da6bc9958a26e7459824128fb7f9c0f85246866011fd all runs: OK false negative chance: 0.000 # git bisect good 1e8e515edd6dbe15b86003d846fee005c12c0685 Bisecting: 61 revisions left to test after this (roughly 6 steps) [6433fe06f698936e02f79bf18f69be766e4f53aa] Merge tag 'input-for-v6.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 6433fe06f698936e02f79bf18f69be766e4f53aa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5d43cf455389a153725274d77c5d4fa1c9e8674f9ab581f19c8d42c86562342a all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] # git bisect bad 6433fe06f698936e02f79bf18f69be766e4f53aa Bisecting: 31 revisions left to test after this (roughly 5 steps) [777464261d12f4b011fff68de36a4a1075691cd9] Merge tag 'hwmon-for-v6.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging testing commit 777464261d12f4b011fff68de36a4a1075691cd9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fd47ee379e06ee1b482df42d0017b2e7c82e09e236aa5941d6caed6ed703b3ee all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] # git bisect bad 777464261d12f4b011fff68de36a4a1075691cd9 Bisecting: 18 revisions left to test after this (roughly 4 steps) [1551f8f21e007e608fff00cf27caac8504283b43] Merge tag '6.0-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit 1551f8f21e007e608fff00cf27caac8504283b43 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: be074696b1bc200e05248f479c1649891f4fa29f308f5f04fd3c4d24fa00ff20 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] # git bisect bad 1551f8f21e007e608fff00cf27caac8504283b43 Bisecting: 5 revisions left to test after this (roughly 3 steps) [0c95f02269a1ef6c3fae4f46bbdd7a4578d44b8f] Merge tag 'landlock-6.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux testing commit 0c95f02269a1ef6c3fae4f46bbdd7a4578d44b8f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d4061395ea410206f18f731d8b68e3edbe260fa59377af9d83461e70c333d7b8 all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] # git bisect bad 0c95f02269a1ef6c3fae4f46bbdd7a4578d44b8f Bisecting: 2 revisions left to test after this (roughly 1 step) [63f1560930e4e1c4f6279b8ae715c9841fe1a6d3] mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure testing commit 63f1560930e4e1c4f6279b8ae715c9841fe1a6d3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c81163b0702093fa18b2c1dc309513295b7ac2b9d55a1d3aa9aa12218cca9d0b all runs: OK false negative chance: 0.000 # git bisect good 63f1560930e4e1c4f6279b8ae715c9841fe1a6d3 Bisecting: 1 revision left to test after this (roughly 1 step) [55e55920bbe3ccf516022c51f5527e7d026b8f1d] landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER testing commit 55e55920bbe3ccf516022c51f5527e7d026b8f1d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 915dbd587edee68cfdc106c06479da198fc9bca07452d33c3fcdfde2b79898dc all runs: crashed: WARNING in collect_domain_accesses representative crash: WARNING in collect_domain_accesses, types: [WARNING] # git bisect bad 55e55920bbe3ccf516022c51f5527e7d026b8f1d 55e55920bbe3ccf516022c51f5527e7d026b8f1d is the first bad commit commit 55e55920bbe3ccf516022c51f5527e7d026b8f1d Author: Mickaël Salaün Date: Wed Aug 31 22:38:40 2022 +0200 landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER This change fixes a mis-handling of the LANDLOCK_ACCESS_FS_REFER right when multiple rulesets/domains are stacked. The expected behaviour was that an additional ruleset can only restrict the set of permitted operations, but in this particular case, it was potentially possible to re-gain the LANDLOCK_ACCESS_FS_REFER right. With the introduction of LANDLOCK_ACCESS_FS_REFER, we added the first globally denied-by-default access right. Indeed, this lifted an initial Landlock limitation to rename and link files, which was initially always denied when the source or the destination were different directories. This led to an inconsistent backward compatibility behavior which was only taken into account if no domain layer were using the new LANDLOCK_ACCESS_FS_REFER right. However, when restricting a thread with a new ruleset handling LANDLOCK_ACCESS_FS_REFER, all inherited parent rulesets/layers not explicitly handling LANDLOCK_ACCESS_FS_REFER would behave as if they were handling this access right and with all their rules allowing it. This means that renaming and linking files could became allowed by these parent layers, but all the other required accesses must also be granted: all layers must allow file removal or creation, and renaming and linking operations cannot lead to privilege escalation according to the Landlock policy. See detailed explanation in commit b91c3e4ea756 ("landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER"). To say it another way, this bug may lift the renaming and linking limitations of the initial Landlock version, and a same ruleset can enforce different restrictions depending on previous or next enforced ruleset (i.e. inconsistent behavior). The LANDLOCK_ACCESS_FS_REFER right cannot give access to data not already allowed, but this doesn't follow the contract of the first Landlock ABI. This fix puts back the limitation for sandboxes that didn't opt-in for this additional right. For instance, if a first ruleset allows LANDLOCK_ACCESS_FS_MAKE_REG on /dst and LANDLOCK_ACCESS_FS_REMOVE_FILE on /src, renaming /src/file to /dst/file is denied. However, without this fix, stacking a new ruleset which allows LANDLOCK_ACCESS_FS_REFER on / would now permit the sandboxed thread to rename /src/file to /dst/file . This change fixes the (absolute) rule access rights, which now always forbid LANDLOCK_ACCESS_FS_REFER except when it is explicitly allowed when creating a rule. Making all domain handle LANDLOCK_ACCESS_FS_REFER was an initial approach but there is two downsides: * it makes the code more complex because we still want to check that a rule allowing LANDLOCK_ACCESS_FS_REFER is legitimate according to the ruleset's handled access rights (i.e. ABI v1 != ABI v2); * it would not allow to identify if the user created a ruleset explicitly handling LANDLOCK_ACCESS_FS_REFER or not, which will be an issue to audit Landlock. Instead, this change adds an ACCESS_INITIALLY_DENIED list of denied-by-default rights, which (only) contains LANDLOCK_ACCESS_FS_REFER. All domains are treated as if they are also handling this list, but without modifying their fs_access_masks field. A side effect is that the errno code returned by rename(2) or link(2) *may* be changed from EXDEV to EACCES according to the enforced restrictions. Indeed, we now have the mechanic to identify if an access is denied because of a required right (e.g. LANDLOCK_ACCESS_FS_MAKE_REG, LANDLOCK_ACCESS_FS_REMOVE_FILE) or if it is denied because of missing LANDLOCK_ACCESS_FS_REFER rights. This may result in different errno codes than for the initial Landlock version, but this approach is more consistent and better for rename/link compatibility reasons, and it wasn't possible before (hence no backport to ABI v1). The layout1.rename_file test reflects this change. Add 4 layout1.refer_denied_by_default* test suites to check that the behavior of a ruleset not handling LANDLOCK_ACCESS_FS_REFER (ABI v1) is unchanged even if another layer handles LANDLOCK_ACCESS_FS_REFER (i.e. ABI v1 precedence). Make sure rule's absolute access rights are correct by testing with and without a matching path. Add test_rename() and test_exchange() helpers. Extend layout1.inval tests to check that a denied-by-default access right is not necessarily part of a domain's handled access rights. Test coverage for security/landlock is 95.3% of 599 lines according to gcc/gcov-11. Fixes: b91c3e4ea756 ("landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER") Reviewed-by: Paul Moore Reviewed-by: Günther Noack Link: https://lore.kernel.org/r/20220831203840.1370732-1-mic@digikod.net Cc: stable@vger.kernel.org [mic: Constify and slightly simplify test helpers] Signed-off-by: Mickaël Salaün security/landlock/fs.c | 48 ++++----- tools/testing/selftests/landlock/fs_test.c | 155 +++++++++++++++++++++++++++-- 2 files changed, 170 insertions(+), 33 deletions(-) accumulated error probability: 0.00 parent commit 3d7cb6b04c3f3115719235cc6866b10326de34cd wasn't tested testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ba6246d0a6f034f3d1c0f9fe9fbec934c02c518aed9952ef5afe593b75cc3a32 culprit signature: 915dbd587edee68cfdc106c06479da198fc9bca07452d33c3fcdfde2b79898dc parent signature: ba6246d0a6f034f3d1c0f9fe9fbec934c02c518aed9952ef5afe593b75cc3a32 revisions tested: 28, total time: 4h17m36.030875238s (build: 1h49m53.610043274s, test: 2h12m48.952381462s) first bad commit: 55e55920bbe3ccf516022c51f5527e7d026b8f1d landlock: Fix file reparenting without explicit LANDLOCK_ACCESS_FS_REFER recipients (to): ["gnoack3000@gmail.com" "mic@digikod.net" "paul@paul-moore.com"] recipients (cc): [] crash: WARNING in collect_domain_accesses ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1100 at security/landlock/fs.c:753 collect_domain_accesses+0x2bc/0x2d0 security/landlock/fs.c:753 Modules linked in: CPU: 1 PID: 1100 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:collect_domain_accesses+0x2bc/0x2d0 security/landlock/fs.c:753 Code: 24 eb 08 45 31 f6 48 8b 5c 24 08 48 89 df e8 eb 8d dd ff 44 89 f0 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 45 31 f6 eb d9 90 0f 0b 90 41 b6 01 eb d8 0f 1f 00 55 53 RSP: 0018:ffffc900011b3d00 EFLAGS: 00010246 RAX: 069e37e8648a5000 RBX: ffff888111033d68 RCX: 0000000000000010 RDX: 0000000035b6ba85 RSI: ffffffff822d6605 RDI: ffffffff823181cd RBP: ffff888111033d68 R08: 0000000080000000 R09: 0000000000003fff R10: 0000000000000000 R11: ffffffff814f23d0 R12: 0000000000000000 R13: 0000000000003ffe R14: 0000000000003fff R15: ffffc900011b3dd0 FS: 00007f46b2e1c6c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010c6f6000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: current_check_refer_path+0x270/0x410 security/landlock/fs.c:874 security_path_link+0x42/0x60 security/security.c:1190 do_linkat+0x138/0x360 fs/namei.c:4537 __do_sys_linkat fs/namei.c:4568 [inline] __se_sys_linkat fs/namei.c:4565 [inline] __x64_sys_linkat+0x59/0x70 fs/namei.c:4565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x46/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f46b329ad69 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f46b2e1c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000109 RAX: ffffffffffffffda RBX: 00007f46b33c8f80 RCX: 00007f46b329ad69 RDX: ffffffffffffff9c RSI: 0000000020000000 RDI: ffffffffffffff9c RBP: 00007f46b32e749e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000700 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007f46b33c8f80 R15: 00007ffe90fd8348