Hi Kees,

FYI, this bug seems still not fixed in your updated tree.

git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm/mnt-restrict
commit 98d51ac605984b0306dfa8d4e99f027d894b3cee
Author:     Kees Cook <keescook@chromium.org>
AuthorDate: Sat Sep 21 15:52:51 2013 -0700
Commit:     Kees Cook <keescook@chromium.org>
CommitDate: Tue Nov 4 13:39:48 2014 -0800

    LSM: MntRestrict blocks mounts on symlink targets
    
    On systems where certain filesystem contents cannot be entirely trusted,
    it is beneficial to block mounts on symlinks. This makes sure that
    malicious filesystem contents cannot trigger the over-mounting of trusted
    filesystems. (For example, a bind-mounted subdirectory of /var cannot be
    redirected to mount on /etc via a symlink: a daemon cannot elevate privs
    to uid-0.)
    
    Signed-off-by: Kees Cook <keescook@chromium.org>

+-------------------------------------------------------------+------------+------------+------------------+
|                                                             | a1cff6e25e | 98d51ac605 | v3.18-rc3_110516 |
+-------------------------------------------------------------+------------+------------+------------------+
| boot_successes                                              | 60         | 0          | 0                |
| boot_failures                                               | 0          | 20         | 12               |
| Kernel_panic-not_syncing:Could_not_register_security_module | 0          | 20         | 12               |
| backtrace:panic                                             | 0          | 20         | 12               |
| backtrace:mntrestrict_init                                  | 0          | 20         | 12               |
| backtrace:security_init                                     | 0          | 20         | 12               |
+-------------------------------------------------------------+------------+------------+------------------+

[    0.005072] ACPI: Core revision 20140926
[    0.146154] ACPI: All ACPI Tables successfully acquired
[    0.148077] Security Framework initialized
[    0.150011] Kernel panic - not syncing: Could not register security module
[    0.151000] CPU: 0 PID: 0 Comm: swapper Not tainted 3.18.0-rc3-00062-g98d51ac #2
[    0.151000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[    0.151000]  ffff880013fdd000 ffffffff82003e98 ffffffff819eb8ed ffffffff82003f18
[    0.151000]  ffffffff819e659b ffff880013fdd000 ffffffff00000008 ffffffff82003f28
[    0.151000]  ffffffff82003ec8 ffffffff82003f28 ffffffff8259b000 0000000000000001
[    0.151000] Call Trace:
[    0.151000]  [<ffffffff819eb8ed>] dump_stack+0x2e/0x3e
[    0.151000]  [<ffffffff819e659b>] panic+0x10d/0x2c1
[    0.151000]  [<ffffffff8250a4b4>] mntrestrict_init+0x61/0x81
[    0.151000]  [<ffffffff82509506>] security_init+0x59/0x7a
[    0.151000]  [<ffffffff824ce52d>] start_kernel+0x602/0x689
[    0.151000]  [<ffffffff824cd120>] ? early_idt_handlers+0x120/0x120
[    0.151000]  [<ffffffff824cd585>] x86_64_start_reservations+0x46/0x4f
[    0.151000]  [<ffffffff824cd758>] x86_64_start_kernel+0x1ca/0x1e0

Elapsed time: 10
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/x86_64-randconfig-s1-11051837/98d51ac605984b0306dfa8d4e99f027d894b3cee/vmlinuz-3.18.0-rc3-00062-g98d51ac -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal  root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/x86_64-randconfig-s1-11051837/linux-devel:devel-hourly-2014110516:98d51ac605984b0306dfa8d4e99f027d894b3cee:bisect-linux-9/.vmlinuz-98d51ac605984b0306dfa8d4e99f027d894b3cee-20141105205705-16-ivb42 branch=linux-devel/devel-hourly-2014110516 BOOT_IMAGE=/kernel/x86_64-randconfig-s1-11051837/98d51ac605984b0306dfa8d4e99f027d894b3cee/vmlinuz-3.18.0-rc3-00062-g98d51ac drbd.minor_count=8'  -initrd /kernel-tests/initrd/yocto-minimal-x86_64.cgz -m 320 -smp 1 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-yocto-ivb42-65 -serial file:/dev/shm/kboot/serial-yocto-ivb42-65 -daemonize -display none -monitor null 

git bisect start f6f8ced7cc7292fafc82150cec57b9582e998df3 0df1f2487d2f0d04703f142813d53615d62a1da4 --
git bisect good d0f987408960b4518cf27d21cf6e90d85125ff9d  # 19:16     20+      0  Merge 'linuxtv-media/fixes' into devel-hourly-2014110516
git bisect  bad 30f845d955a127006e5145d4e125dabe61af35e7  # 19:23      0-     20  Merge 'kees/arm/ro-nx' into devel-hourly-2014110516
git bisect  bad 09f8fd9a0c0f7f25e0643dbd382a4be72cbf366c  # 19:44      0-     19  Merge 'arm-soc/for-next' into devel-hourly-2014110516
git bisect good 20deebf46c9f558a88bd0a91cf68a4f66ef3ae2d  # 20:00     20+      0  Merge 'shawnguo/imx/fixes' into devel-hourly-2014110516
git bisect good 6bc68b0ac5355f4fbfaf628d6b7db3b3562c09fb  # 20:07     20+      0  Merge 'platform-drivers-x86/testing' into devel-hourly-2014110516
git bisect  bad 8d22f170a6f0ce5cc0b36a5fa74e96f441e3db1f  # 20:14      0-     13  Merge 'peterz-queue/x86/mm' into devel-hourly-2014110516
git bisect  bad 560a9c21e447342c8c6138a230ddc8d9f5d0cd62  # 20:29      0-     20  Merge 'kees/lsm/mnt-restrict' into devel-hourly-2014110516
git bisect  bad 98d51ac605984b0306dfa8d4e99f027d894b3cee  # 20:57      0-     11  LSM: MntRestrict blocks mounts on symlink targets
# first bad commit: [98d51ac605984b0306dfa8d4e99f027d894b3cee] LSM: MntRestrict blocks mounts on symlink targets
git bisect good a1cff6e25e6e3b55183610dddca91546951b20e3  # 08:08     60+      0  Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal
git bisect  bad f6f8ced7cc7292fafc82150cec57b9582e998df3  # 08:09      0-     12  0day head guard for 'devel-hourly-2014110516'
git bisect good 20f3963d8f48ae8309fbc777ef6787fd0a3f53c2  # 08:39     60+      0  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect good 8e650107bb6961f82c81eac9161e80fa82ece56c  # 08:51     60+      0  Add linux-next specific files for 20141105


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1

kvm=(
	qemu-system-x86_64
	-cpu kvm64
	-enable-kvm
	-kernel $kernel
	-m 320
	-smp 1
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

_______________________________________________
LKP mailing list
LKP(a)linux.intel.com