Hi Kees, 0day kernel testing robot got the below dmesg and the first bad commit is git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm-mnt-restrict commit 80422c7155946739f424e0e5278ae2d0698dd593 Author: Kees Cook AuthorDate: Sat Sep 21 15:52:51 2013 -0700 Commit: Kees Cook CommitDate: Mon May 19 11:57:50 2014 -0700 LSM: MntRestrict blocks mounts on symlink targets On systems where certain filesystem contents cannot be entirely trusted, it is beneficial to block mounts on symlinks. This makes sure that malicious filesystem contents cannot trigger the over-mounting of trusted filesystems. (For example, a bind-mounted subdirectory of /var cannot be redirected to mount on /etc via a symlink: a daemon cannot elevate privs to uid-0.) Signed-off-by: Kees Cook +-------------------------------------------------------------------------+------------+------------+ | | 14186fea0c | 80422c7155 | +-------------------------------------------------------------------------+------------+------------+ | boot_successes | 60 | 0 | | boot_failures | 0 | 20 | | Kernel_panic-not_syncing:Could_not_register_MntRestrict_security_module | 0 | 20 | | backtrace:panic | 0 | 20 | | backtrace:mntrestrict_init | 0 | 20 | | backtrace:security_init | 0 | 20 | +-------------------------------------------------------------------------+------------+------------+ [ 0.020000] ACPI: All ACPI Tables successfully acquired [ 0.020000] Security Framework initialized [ 0.020000] AppArmor: AppArmor initialized [ 0.020000] Kernel panic - not syncing: Could not register MntRestrict security module [ 0.020000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.15.0-rc5-00075-g80422c7 #1 [ 0.020000] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 0.020000] 0000000000000002 ffffffff82a01ea0 ffffffff81de4adb ffffffff826fcc80 [ 0.020000] ffffffff82a01f18 ffffffff81dd364c ffffffff00000008 ffffffff82a01f28 [ 0.020000] ffffffff82a01ec8 ffffffff82af6980 0000000000000000 0000000000000001 [ 0.020000] Call Trace: [ 0.020000] [] dump_stack+0x7b/0xa8 [ 0.020000] [] panic+0x114/0x29f [ 0.020000] [] mntrestrict_init+0x3c/0x4f [ 0.020000] [] security_init+0x3c/0x47 [ 0.020000] [] start_kernel+0x4c8/0x513 [ 0.020000] [] ? repair_env_string+0x99/0x99 [ 0.020000] [] ? early_idt_handlers+0x120/0x120 [ 0.020000] [] x86_64_start_reservations+0x41/0x43 [ 0.020000] [] x86_64_start_kernel+0x148/0x157 Elapsed time: 5 qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/x86_64-randconfig-s1-05211604/80422c7155946739f424e0e5278ae2d0698dd593/vmlinuz-3.15.0-rc5-00075-g80422c7 -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=10 softlockup_panic=1 nmi_watchdog=panic prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/x86_64-randconfig-s1-05211604/linux-devel:devel-hourly-2014052115:80422c7155946739f424e0e5278ae2d0698dd593:bisect-linux9/.vmlinuz-80422c7155946739f424e0e5278ae2d0698dd593-20140521204717-8-f2 branch=linux-devel/devel-hourly-2014052115 BOOT_IMAGE=/kernel/x86_64-randconfig-s1-05211604/80422c7155946739f424e0e5278ae2d0698dd593/vmlinuz-3.15.0-rc5-00075-g80422c7 drbd.minor_count=8' -initrd /kernel-tests/initrd/quantal-core-x86_64.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-quantal-f2-51 -serial file:/dev/shm/kboot/serial-quantal-f2-51 -daemonize -display none -monitor null git bisect start 842390939e8dc18fe8a87e257e7e8088548bd8d7 d6d211db37e75de2ddc3a4f979038c40df7cc79c -- git bisect bad 6e8a2e89a46e99e7750d8511b94c6e964fa62041 # 18:39 0- 20 Merge 'arm-soc/keystone/dt' into devel-hourly-2014052115 git bisect bad 732aed36300f1426c6da40602fbaf23dd79d8391 # 18:58 0- 20 Merge 'tip/irq/core' into devel-hourly-2014052115 git bisect good fd69bb2faebc552b4da42966ee51e1dea9ba77e6 # 19:34 20+ 0 Merge 'block/for-3.16/drivers' into devel-hourly-2014052115 git bisect bad 917a4d3aed6301097ff8a2b2bb74be34be5c9b23 # 19:53 0- 20 Merge 'net/master' into devel-hourly-2014052115 git bisect good 6c8b235f29b6b756379d7d5d86371a9f399afa52 # 20:16 20+ 0 Merge 'hwmon/hwmon-next' into devel-hourly-2014052115 git bisect bad 70c0859af3e380a0508883120adac883b456b056 # 20:36 0- 20 Merge 'kees/lsm-mnt-restrict' into devel-hourly-2014052115 git bisect bad 80422c7155946739f424e0e5278ae2d0698dd593 # 20:48 0- 20 LSM: MntRestrict blocks mounts on symlink targets # first bad commit: [80422c7155946739f424e0e5278ae2d0698dd593] LSM: MntRestrict blocks mounts on symlink targets git bisect good 14186fea0cb06bc43181ce239efe0df6f1af260a # 20:59 60+ 0 Merge tag 'locks-v3.15-4' of git://git.samba.org/jlayton/linux git bisect bad 842390939e8dc18fe8a87e257e7e8088548bd8d7 # 20:59 0- 13 0day head guard for 'devel-hourly-2014052115' git bisect good fba69f042ad99f68c0268ef1c012f3199f898fac # 21:10 60+ 0 Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media git bisect good 18e072998c67e985aaa643ca1af3e6a0dc133b71 # 22:14 60+ 0 Add linux-next specific files for 20140521 This script may reproduce the error. ----------------------------------------------------------------------------- #!/bin/bash kernel=$1 kvm=( qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel $kernel -smp 2 -m 256M -net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio -net user,vlan=0 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -serial stdio -display none -monitor null ) append=( debug sched_debug apic=debug ignore_loglevel sysrq_always_enabled panic=10 prompt_ramdisk=0 earlyprintk=ttyS0,115200 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw ) "${kvm[@]}" --append "${append[*]}" ----------------------------------------------------------------------------- Thanks, Jet