kernel: 5.0-rc2 d8c6e85432944 ("msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks") appears to have introduced a bug into selinux_msg_queue_msgsnd and selinux_msg_queue_msgrcv specifically the portion of the patch that does - isec = msq->q_perm.security; + isec = msq->security; which leaves the code isec = msq->security; msec = msg->security; however isec and msec are different size structures. specifically isec is an ipc_security_struct and msec is a msg_security_struct. Which are defined as struct msg_security_struct { u32 sid; /* SID of message */ }; struct ipc_security_struct { u16 sclass; /* security class of this object */ u32 sid; /* SID of IPC resource */ }; where the msg->security field is allocated as an ipc_security_struct. Access the msec->sid would thus appear to overlay the isec->sclass.