Re: [syzbot] [lsm?] [net?] WARNING in kvfree_call_rcu
From: Hillf Danton
Date: Sat Jul 12 2025 - 02:08:23 EST
> Date: Tue, 08 Jul 2025 15:27:28 -0700 [thread overview]
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 7482bb149b9f Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=130c528c580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=3c06e3e2454512b3
> dashboard link: https://syzkaller.appspot.com/bug?extid=40bf00346c3fe40f90f2
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1257428c580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15fe9582580000
#syz test
--- x/net/netlabel/netlabel_kapi.c
+++ y/net/netlabel/netlabel_kapi.c
@@ -960,6 +960,7 @@ int netlbl_enabled(void)
return (atomic_read(&netlabel_mgmt_protocount) > 0);
}
+static DEFINE_SPINLOCK(setattr_spinlock);
/**
* netlbl_sock_setattr - Label a socket using the correct protocol
* @sk: the socket to label
@@ -997,9 +998,11 @@ int netlbl_sock_setattr(struct sock *sk,
ret_val = -EDESTADDRREQ;
break;
case NETLBL_NLTYPE_CIPSOV4:
+ spin_lock(&setattr_spinlock);
ret_val = cipso_v4_sock_setattr(sk,
dom_entry->def.cipso,
secattr, sk_locked);
+ spin_unlock(&setattr_spinlock);
break;
case NETLBL_NLTYPE_UNLABELED:
ret_val = 0;
@@ -1049,7 +1052,9 @@ void netlbl_sock_delattr(struct sock *sk
{
switch (sk->sk_family) {
case AF_INET:
+ spin_lock(&setattr_spinlock);
cipso_v4_sock_delattr(sk);
+ spin_unlock(&setattr_spinlock);
break;
#if IS_ENABLED(CONFIG_IPV6)
case AF_INET6:
@@ -1149,9 +1154,11 @@ int netlbl_conn_setattr(struct sock *sk,
}
switch (entry->type) {
case NETLBL_NLTYPE_CIPSOV4:
+ spin_lock(&setattr_spinlock);
ret_val = cipso_v4_sock_setattr(sk,
entry->cipso, secattr,
netlbl_sk_lock_check(sk));
+ spin_unlock(&setattr_spinlock);
break;
case NETLBL_NLTYPE_UNLABELED:
/* just delete the protocols we support for right now
--