lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20150215001144.GA7015@wfg-t540p.sh.intel.com>
Date:	Sun, 15 Feb 2015 08:11:44 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	LKP <lkp@...org>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: [LSM] Kernel panic - not syncing: Could not register security module

Hi Kees,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git revert-2228b30d2010404a0eb4a1e8e57fe04550dd9708-2228b30d2010404a0eb4a1e8e57fe04550dd9708

commit 2228b30d2010404a0eb4a1e8e57fe04550dd9708
Author:     Kees Cook <keescook@...omium.org>
AuthorDate: Sat Sep 21 15:52:51 2013 -0700
Commit:     Kees Cook <keescook@...omium.org>
CommitDate: Sat Feb 14 08:33:51 2015 -0800

    LSM: MntRestrict blocks mounts on symlink targets
    
    On systems where certain filesystem contents cannot be entirely trusted,
    it is beneficial to block mounts on symlinks. This makes sure that
    malicious filesystem contents cannot trigger the over-mounting of trusted
    filesystems. (For example, a bind-mounted subdirectory of /var cannot be
    redirected to mount on /etc via a symlink: a daemon cannot elevate privs
    to uid-0.)
    
    Signed-off-by: Kees Cook <keescook@...omium.org>

+-------------------------------------------------------------+------------+------------+------------+
|                                                             | 18320f2a68 | 2228b30d20 | ea62d88b64 |
+-------------------------------------------------------------+------------+------------+------------+
| boot_successes                                              | 60         | 0          | 0          |
| boot_failures                                               | 0          | 20         | 12         |
| Kernel_panic-not_syncing:Could_not_register_security_module | 0          | 20         | 12         |
| backtrace:panic                                             | 0          | 20         | 12         |
| backtrace:mntrestrict_init                                  | 0          | 20         | 12         |
| backtrace:security_init                                     | 0          | 20         | 12         |
+-------------------------------------------------------------+------------+------------+------------+


[    0.053230] Security Framework initialized
[    0.053230] Security Framework initialized
[    0.053894] Kernel panic - not syncing: Could not register security module
[    0.053894] Kernel panic - not syncing: Could not register security module
[    0.054991] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.19.0-04761-g2228b30 #12
[    0.054991] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.19.0-04761-g2228b30 #12
[    0.056162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[    0.056162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[    0.057777]  ffff880013fd9340
[    0.057777]  ffff880013fd9340 ffffffff81603e98 ffffffff81603e98 ffffffff8137cebc ffffffff8137cebc 000000000000003e 000000000000003e

[    0.058998]  ffffffff81586fd5
[    0.058998]  ffffffff81586fd5 ffffffff81603f18 ffffffff81603f18 ffffffff8137be10 ffffffff8137be10 ffffffff817160c0 ffffffff817160c0

[    0.060000]  0000000000000008
[    0.060000]  0000000000000008 ffffffff81603f28 ffffffff81603f28 ffffffff81603ec8 ffffffff81603ec8 ffffffff81603f28 ffffffff81603f28

[    0.060000] Call Trace:
[    0.060000] Call Trace:
[    0.060000]  [<ffffffff8137cebc>] dump_stack+0x4c/0x65
[    0.060000]  [<ffffffff8137cebc>] dump_stack+0x4c/0x65
[    0.060000]  [<ffffffff8137be10>] panic+0xbf/0x1d1
[    0.060000]  [<ffffffff8137be10>] panic+0xbf/0x1d1
[    0.060000]  [<ffffffff816b6898>] mntrestrict_init+0x37/0x49
[    0.060000]  [<ffffffff816b6898>] mntrestrict_init+0x37/0x49
[    0.060000]  [<ffffffff816b5c43>] security_init+0x3d/0x49
[    0.060000]  [<ffffffff816b5c43>] security_init+0x3d/0x49
[    0.060000]  [<ffffffff81698e9c>] start_kernel+0x409/0x445
[    0.060000]  [<ffffffff81698e9c>] start_kernel+0x409/0x445
[    0.060000]  [<ffffffff81698120>] ? early_idt_handlers+0x120/0x120
[    0.060000]  [<ffffffff81698120>] ? early_idt_handlers+0x120/0x120
[    0.060000]  [<ffffffff816984a2>] x86_64_start_reservations+0x2a/0x2c
[    0.060000]  [<ffffffff816984a2>] x86_64_start_reservations+0x2a/0x2c
[    0.060000]  [<ffffffff81698592>] x86_64_start_kernel+0xee/0xfd
[    0.060000]  [<ffffffff81698592>] x86_64_start_kernel+0xee/0xfd

Elapsed time: 5
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/x86_64-randconfig-ib0-02150501/2228b30d2010404a0eb4a1e8e57fe04550dd9708/vmlinuz-3.19.0-04761-g2228b30 -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 rd.udev.log-priority=err systemd.log_target=journal systemd.log_level=warning debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal  root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/x86_64-randconfig-ib0-02150501/linux-devel:devel-lkp-ib04-smoke-201502150503:2228b30d2010404a0eb4a1e8e57fe04550dd9708:bisect-linux-0/.vmlinuz-2228b30d2010404a0eb4a1e8e57fe04550dd9708-20150215071310-7-client8 branch=linux-devel/devel-lkp-ib04-smoke-201502150503 BOOT_IMAGE=/kernel/x86_64-randconfig-ib0-02150501/2228b30d2010404a0eb4a1e8e57fe04550dd9708/vmlinuz-3.19.0-04761-g2228b30 drbd.minor_count=8'  -initrd /kernel-tests/initrd/yocto-minimal-x86_64.cgz -m 320 -smp 1 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-yocto-client8-9 -serial file:/dev/shm/kboot/serial-yocto-client8-9 -daemonize -display none -monitor null 

git bisect start ea62d88b645bbcc4842e572023dcadc1e83ff66d bfa76d49576599a4b9f9b7a71f23d73d6dcff735 --
git bisect  bad 8d3eaae4f88608e1d6e3d193fea8bfe79d84dfce  # 06:20      0-     20  Merge 'kees/nak/dcache-oob-read' into devel-lkp-ib04-smoke-201502150503
git bisect good 2754339654514dbfcebeeb88c933555c09d4ceb5  # 06:32     20+      0  Merge 'kees/gcc-bug' into devel-lkp-ib04-smoke-201502150503
git bisect good c48d9dbdde8797093dd00425b2a13d20ae9ca978  # 06:42     20+      0  Merge 'kees/kaslr/weak' into devel-lkp-ib04-smoke-201502150503
git bisect  bad 371d5c0c9e01613d43283b78529418fb609705f3  # 06:54      0-     20  Merge 'kees/lsm/mnt-restrict' into devel-lkp-ib04-smoke-201502150503
git bisect  bad 2228b30d2010404a0eb4a1e8e57fe04550dd9708  # 07:14      0-     20  LSM: MntRestrict blocks mounts on symlink targets
# first bad commit: [2228b30d2010404a0eb4a1e8e57fe04550dd9708] LSM: MntRestrict blocks mounts on symlink targets
git bisect good 18320f2a6871aaf2522f793fee4a67eccf5e131a  # 07:24     60+      0  Merge tag 'pm+acpi-3.20-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
# extra tests with DEBUG_INFO
git bisect  bad 2228b30d2010404a0eb4a1e8e57fe04550dd9708  # 07:29      0-     60  LSM: MntRestrict blocks mounts on symlink targets
# extra tests on HEAD of linux-devel/devel-lkp-ib04-smoke-201502150503
git bisect  bad ea62d88b645bbcc4842e572023dcadc1e83ff66d  # 07:29      0-     12  0day head guard for 'devel-lkp-ib04-smoke-201502150503'
# extra tests on tree/branch kees/lsm/mnt-restrict
git bisect  bad 2228b30d2010404a0eb4a1e8e57fe04550dd9708  # 07:41      0-     20  LSM: MntRestrict blocks mounts on symlink targets
# extra tests with first bad commit reverted
# extra tests on tree/branch linus/master
git bisect good d347efeb16d3d5150cb7f8d50b05f388b572840e  # 07:53     60+      0  mutex: remove unused field "name" in debug mode
# extra tests on tree/branch next/master
git bisect good b8acf73194186a5cba86812eb4ba17b897f0e13e  # 08:01     60+     60  Add linux-next specific files for 20150213


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1

kvm=(
	qemu-system-x86_64
	-cpu kvm64
	-enable-kvm
	-kernel $kernel
	-m 320
	-smp 1
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	rd.udev.log-priority=err
	systemd.log_target=journal
	systemd.log_level=warning
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-yocto-client8-9:20150215071338:x86_64-randconfig-ib0-02150501:3.19.0-04761-g2228b30:12" of type "text/plain" (37552 bytes)

View attachment "config-3.19.0-04761-g2228b30" of type "text/plain" (65022 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ