Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/mnt-restrict commit 3d916db0f37e377a84754131fea74ff022810e80 Author: Kees Cook AuthorDate: Sat Sep 21 15:52:51 2013 -0700 Commit: Kees Cook CommitDate: Thu Oct 16 13:22:15 2014 -0700 LSM: MntRestrict blocks mounts on symlink targets On systems where certain filesystem contents cannot be entirely trusted, it is beneficial to block mounts on symlinks. This makes sure that malicious filesystem contents cannot trigger the over-mounting of trusted filesystems. (For example, a bind-mounted subdirectory of /var cannot be redirected to mount on /etc via a symlink: a daemon cannot elevate privs to uid-0.) Signed-off-by: Kees Cook +-------------------------------------------------------------+------------+------------+------------------+ | | 0429fbc0bd | 3d916db0f3 | v3.18-rc1_102012 | +-------------------------------------------------------------+------------+------------+------------------+ | boot_successes | 60 | 0 | 0 | | boot_failures | 0 | 20 | 11 | | Kernel_panic-not_syncing:Could_not_register_security_module | 0 | 20 | 11 | | backtrace:panic | 0 | 20 | 11 | | backtrace:mntrestrict_init | 0 | 20 | 11 | | backtrace:security_init | 0 | 20 | 11 | +-------------------------------------------------------------+------------+------------+------------------+ [ 0.008000] ACPI: Core revision 20140828 [ 0.008720] ACPI: All ACPI Tables successfully acquired [ 0.009215] Security Framework initialized [ 0.009581] Kernel panic - not syncing: Could not register security module [ 0.010122] CPU: 0 PID: 0 Comm: swapper Not tainted 3.17.0-09671-g3d916db #1 [ 0.010676] b10a0a81 b2072210 b2683960 b1c35f9c b1789bd1 b1c35fb4 b1787a90 b2683960 [ 0.011375] b2072210 b2683960 00000001 b1c35fc0 b202e2f4 b1ba67e4 b1c35fcc b202c558 [ 0.012000] b2006468 b1c35fe8 b2003e7f b2082800 b205e100 00000800 00020800 b2082800 [ 0.012000] Call Trace: [ 0.012000] [] ? dump_stack_print_info+0x81/0xa0 [ 0.012000] [] dump_stack+0x16/0x18 [ 0.012000] [] panic+0xcb/0x24f [ 0.012000] [] mntrestrict_init+0x64/0x73 [ 0.012000] [] security_init+0x32/0x3e [ 0.012000] [] ? ftrace_define_fields_x86_irq_vector+0x35/0x35 [ 0.012000] [] start_kernel+0x4f6/0x536 [ 0.012000] [] i386_start_kernel+0x90/0x94 Elapsed time: 5 qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/i386-randconfig-c0-10201237/3d916db0f37e377a84754131fea74ff022810e80/vmlinuz-3.17.0-09671-g3d916db -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/i386-randconfig-c0-10201237/linux-devel:devel-hourly-2014102012:3d916db0f37e377a84754131fea74ff022810e80:bisect-linux-1/.vmlinuz-3d916db0f37e377a84754131fea74ff022810e80-20141020141905-10-ivb41 branch=linux-devel/devel-hourly-2014102012 BOOT_IMAGE=/kernel/i386-randconfig-c0-10201237/3d916db0f37e377a84754131fea74ff022810e80/vmlinuz-3.17.0-09671-g3d916db drbd.minor_count=8' -initrd /kernel-tests/initrd/quantal-core-i386.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-quantal-ivb41-96 -serial file:/dev/shm/kboot/serial-quantal-ivb41-96 -daemonize -display none -monitor null git bisect start bd8b2ce2e8bce29196f300c161af1ebd7574ae6c f114040e3ea6e07372334ade75d1ee0775c355e1 -- git bisect good c5040577f53e66d792619d2de6d42b1fd7d3c334 # 13:26 20+ 0 Merge 's390/for-linus' into devel-hourly-2014102012 git bisect bad bee85c01dc2839e4cf8c77b89d0bb28abc896f71 # 13:31 0- 5 Merge 'socfpga-nex/next-dt' into devel-hourly-2014102012 git bisect good 5e340d128fa934d51d94d7bb12fda129d735381c # 13:40 20+ 0 Merge 'hwmon/hwmon-staging' into devel-hourly-2014102012 git bisect bad fd62838da2ee1f0bcf730e5721bd5504eb7d9801 # 13:49 0- 1 Merge 'kees/lsm/mnt-restrict' into devel-hourly-2014102012 git bisect good 239f086122cee5556682464597b30ce6611e551c # 13:58 20+ 0 Merge 'iwlwifi-fixes/master' into devel-hourly-2014102012 git bisect good 678e4bb52ad38b955643ebd6ad4bea2d62957d07 # 14:01 20+ 0 Merge 'socfpga-nex/for-next' into devel-hourly-2014102012 git bisect bad 3d916db0f37e377a84754131fea74ff022810e80 # 14:20 0- 20 LSM: MntRestrict blocks mounts on symlink targets # first bad commit: [3d916db0f37e377a84754131fea74ff022810e80] LSM: MntRestrict blocks mounts on symlink targets git bisect good 0429fbc0bdc297d64188483ba029a23773ae07b0 # 14:27 60+ 0 Merge branch 'for-3.18-consistent-ops' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu git bisect bad bd8b2ce2e8bce29196f300c161af1ebd7574ae6c # 14:27 0- 11 0day head guard for 'devel-hourly-2014102012' git bisect good f114040e3ea6e07372334ade75d1ee0775c355e1 # 14:31 60+ 0 Linux 3.18-rc1 git bisect good 062a08d6ad56da23209083748ea5e0f1ab65a0e7 # 14:40 60+ 0 Add linux-next specific files for 20141020 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 kvm=( qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel $kernel -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- Thanks, Fengguang