lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20141020145714.GA5835@wfg-t540p.sh.intel.com>
Date:	Mon, 20 Oct 2014 22:57:14 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	LKP <lkp@...org>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: [lsm] Kernel panic - not syncing: Could not register security module

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/mnt-restrict
commit 3d916db0f37e377a84754131fea74ff022810e80
Author:     Kees Cook <keescook@...omium.org>
AuthorDate: Sat Sep 21 15:52:51 2013 -0700
Commit:     Kees Cook <keescook@...omium.org>
CommitDate: Thu Oct 16 13:22:15 2014 -0700

    LSM: MntRestrict blocks mounts on symlink targets
    
    On systems where certain filesystem contents cannot be entirely trusted,
    it is beneficial to block mounts on symlinks. This makes sure that
    malicious filesystem contents cannot trigger the over-mounting of trusted
    filesystems. (For example, a bind-mounted subdirectory of /var cannot be
    redirected to mount on /etc via a symlink: a daemon cannot elevate privs
    to uid-0.)
    
    Signed-off-by: Kees Cook <keescook@...omium.org>

+-------------------------------------------------------------+------------+------------+------------------+
|                                                             | 0429fbc0bd | 3d916db0f3 | v3.18-rc1_102012 |
+-------------------------------------------------------------+------------+------------+------------------+
| boot_successes                                              | 60         | 0          | 0                |
| boot_failures                                               | 0          | 20         | 11               |
| Kernel_panic-not_syncing:Could_not_register_security_module | 0          | 20         | 11               |
| backtrace:panic                                             | 0          | 20         | 11               |
| backtrace:mntrestrict_init                                  | 0          | 20         | 11               |
| backtrace:security_init                                     | 0          | 20         | 11               |
+-------------------------------------------------------------+------------+------------+------------------+

[    0.008000] ACPI: Core revision 20140828
[    0.008720] ACPI: All ACPI Tables successfully acquired
[    0.009215] Security Framework initialized
[    0.009581] Kernel panic - not syncing: Could not register security module
[    0.010122] CPU: 0 PID: 0 Comm: swapper Not tainted 3.17.0-09671-g3d916db #1
[    0.010676]  b10a0a81 b2072210 b2683960 b1c35f9c b1789bd1 b1c35fb4 b1787a90 b2683960
[    0.011375]  b2072210 b2683960 00000001 b1c35fc0 b202e2f4 b1ba67e4 b1c35fcc b202c558
[    0.012000]  b2006468 b1c35fe8 b2003e7f b2082800 b205e100 00000800 00020800 b2082800
[    0.012000] Call Trace:
[    0.012000]  [<b10a0a81>] ? dump_stack_print_info+0x81/0xa0
[    0.012000]  [<b1789bd1>] dump_stack+0x16/0x18
[    0.012000]  [<b1787a90>] panic+0xcb/0x24f
[    0.012000]  [<b202e2f4>] mntrestrict_init+0x64/0x73
[    0.012000]  [<b202c558>] security_init+0x32/0x3e
[    0.012000]  [<b2006468>] ? ftrace_define_fields_x86_irq_vector+0x35/0x35
[    0.012000]  [<b2003e7f>] start_kernel+0x4f6/0x536
[    0.012000]  [<b20032c6>] i386_start_kernel+0x90/0x94

Elapsed time: 5
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/i386-randconfig-c0-10201237/3d916db0f37e377a84754131fea74ff022810e80/vmlinuz-3.17.0-09671-g3d916db -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal  root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/i386-randconfig-c0-10201237/linux-devel:devel-hourly-2014102012:3d916db0f37e377a84754131fea74ff022810e80:bisect-linux-1/.vmlinuz-3d916db0f37e377a84754131fea74ff022810e80-20141020141905-10-ivb41 branch=linux-devel/devel-hourly-2014102012 BOOT_IMAGE=/kernel/i386-randconfig-c0-10201237/3d916db0f37e377a84754131fea74ff022810e80/vmlinuz-3.17.0-09671-g3d916db drbd.minor_count=8'  -initrd /kernel-tests/initrd/quantal-core-i386.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-quantal-ivb41-96 -serial file:/dev/shm/kboot/serial-quantal-ivb41-96 -daemonize -display none -monitor null 

git bisect start bd8b2ce2e8bce29196f300c161af1ebd7574ae6c f114040e3ea6e07372334ade75d1ee0775c355e1 --
git bisect good c5040577f53e66d792619d2de6d42b1fd7d3c334  # 13:26     20+      0  Merge 's390/for-linus' into devel-hourly-2014102012
git bisect  bad bee85c01dc2839e4cf8c77b89d0bb28abc896f71  # 13:31      0-      5  Merge 'socfpga-nex/next-dt' into devel-hourly-2014102012
git bisect good 5e340d128fa934d51d94d7bb12fda129d735381c  # 13:40     20+      0  Merge 'hwmon/hwmon-staging' into devel-hourly-2014102012
git bisect  bad fd62838da2ee1f0bcf730e5721bd5504eb7d9801  # 13:49      0-      1  Merge 'kees/lsm/mnt-restrict' into devel-hourly-2014102012
git bisect good 239f086122cee5556682464597b30ce6611e551c  # 13:58     20+      0  Merge 'iwlwifi-fixes/master' into devel-hourly-2014102012
git bisect good 678e4bb52ad38b955643ebd6ad4bea2d62957d07  # 14:01     20+      0  Merge 'socfpga-nex/for-next' into devel-hourly-2014102012
git bisect  bad 3d916db0f37e377a84754131fea74ff022810e80  # 14:20      0-     20  LSM: MntRestrict blocks mounts on symlink targets
# first bad commit: [3d916db0f37e377a84754131fea74ff022810e80] LSM: MntRestrict blocks mounts on symlink targets
git bisect good 0429fbc0bdc297d64188483ba029a23773ae07b0  # 14:27     60+      0  Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
git bisect  bad bd8b2ce2e8bce29196f300c161af1ebd7574ae6c  # 14:27      0-     11  0day head guard for 'devel-hourly-2014102012'
git bisect good f114040e3ea6e07372334ade75d1ee0775c355e1  # 14:31     60+      0  Linux 3.18-rc1
git bisect good 062a08d6ad56da23209083748ea5e0f1ab65a0e7  # 14:40     60+      0  Add linux-next specific files for 20141020


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1

kvm=(
	qemu-system-x86_64
	-cpu kvm64
	-enable-kvm
	-kernel $kernel
	-m 320
	-smp 2
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-quantal-ivb41-96:20141020141925:i386-randconfig-c0-10201237:3.17.0-09671-g3d916db:1" of type "text/plain" (12917 bytes)

View attachment "config-3.17.0-09671-g3d916db" of type "text/plain" (73790 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ