Hi Kees, 0day kernel testing robot got the below dmesg and the first bad commit is git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git lsm-mod-pin commit 15e961b72496a2302914a66575f8f4b25463d65c Author: Kees Cook AuthorDate: Fri Sep 20 10:06:46 2013 -0700 Commit: Kees Cook CommitDate: Wed May 21 17:23:01 2014 -0700 LSM: ModPin LSM for module loading restrictions This LSM enforces that modules must all come from the same filesystem, with the expectation that such a filesystem is backed by a read-only device such as dm-verity or CDROM. This allows systems that have a verified or unchanging filesystem to enforce module loading restrictions without needing to sign the modules individually. Signed-off-by: Kees Cook +----------------------------------------------------------+-----------+------------+ | | v3.15-rc6 | 15e961b724 | +----------------------------------------------------------+-----------+------------+ | boot_successes | 60 | 0 | | boot_failures | 0 | 20 | | Kernel_panic-not_syncing:Yama:kernel_registration_failed | 0 | 20 | | backtrace:panic | 0 | 20 | | backtrace:yama_init | 0 | 20 | | backtrace:security_init | 0 | 20 | +----------------------------------------------------------+-----------+------------+ [ 0.020000] Security Framework initialized [ 0.020000] ModPin LSM: ready to pin. [ 0.020000] Yama: becoming mindful. [ 0.020000] Kernel panic - not syncing: Yama: kernel registration failed. [ 0.020000] [ 0.020000] CPU: 0 PID: 0 Comm: swapper Not tainted 3.15.0-rc6-00001-g15e961b #1 [ 0.020000] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 0.020000] 0000000000000000 ffffffff82801eb0 ffffffff81ebc563 ffffffff82801f28 [ 0.020000] ffffffff81eb665d ffffffff00000008 ffffffff82801f38 ffffffff82801ed8 [ 0.020000] ffffffff81eb762c 0000000000000001 ffffffff8281b480 0000000000000000 [ 0.020000] Call Trace: [ 0.020000] [] dump_stack+0x19/0x1b [ 0.020000] [] panic+0xcb/0x1e4 [ 0.020000] [] ? printk+0x4f/0x51 [ 0.020000] [] yama_init+0x61/0x65 [ 0.020000] [] security_init+0x35/0x47 [ 0.020000] [] start_kernel+0x45c/0x4ba [ 0.020000] [] ? repair_env_string+0x5a/0x5a [ 0.020000] [] ? early_idt_handlers+0x120/0x120 [ 0.020000] [] x86_64_start_reservations+0x2a/0x2c [ 0.020000] [] x86_64_start_kernel+0xd7/0xe4 Elapsed time: 5 qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/x86_64-randconfig-s0-05250024/15e961b72496a2302914a66575f8f4b25463d65c/vmlinuz-3.15.0-rc6-00001-g15e961b -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=10 softlockup_panic=1 nmi_watchdog=panic prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/x86_64-randconfig-s0-05250024/linux-devel:devel-hourly-2014052422:15e961b72496a2302914a66575f8f4b25463d65c:bisect-linux2/.vmlinuz-15e961b72496a2302914a66575f8f4b25463d65c-20140525020645-18-ivb44 branch=linux-devel/devel-hourly-2014052422 BOOT_IMAGE=/kernel/x86_64-randconfig-s0-05250024/15e961b72496a2302914a66575f8f4b25463d65c/vmlinuz-3.15.0-rc6-00001-g15e961b drbd.minor_count=8' -initrd /kernel-tests/initrd/quantal-core-x86_64.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-quantal-ivb44-37 -serial file:/dev/shm/kboot/serial-quantal-ivb44-37 -daemonize -display none -monitor null git bisect start 2a70639cc4ea08bd40712cb010cabbb24b8ec939 4b660a7f5c8099d88d1a43d8ae138965112592c7 -- git bisect bad 3e7094f8f4479ad5c2dae652779385c6a5860963 # 01:10 0- 20 Merge 'arm-soc/sti/dt' into devel-hourly-2014052422 git bisect bad c758b8624c09283de327df15ba363ad6e19d9cbb # 01:21 0- 20 Merge 'driver-core/driver-core-next' into devel-hourly-2014052422 git bisect good 45eeb88abd75477c8f2edbaaf193c834e4472f9b # 01:31 20+ 0 Merge 'arm-soc/qcom/dt' into devel-hourly-2014052422 git bisect good bd58b5faa0113b5306697b510f48ae4d684aa4b2 # 01:41 20+ 0 Merge 'arm-soc/qcom/defconfig' into devel-hourly-2014052422 git bisect good 6d89122f9b4106872ff4cb08b912ced4418a3611 # 01:47 20+ 0 Merge 'pci/next' into devel-hourly-2014052422 git bisect bad 3fb6f99039f45799a98cd6c9967396b20b7dafcf # 01:58 0- 20 Merge 'kees/lsm-mod-pin' into devel-hourly-2014052422 git bisect bad 15e961b72496a2302914a66575f8f4b25463d65c # 02:07 0- 20 LSM: ModPin LSM for module loading restrictions # first bad commit: [15e961b72496a2302914a66575f8f4b25463d65c] LSM: ModPin LSM for module loading restrictions git bisect good 4b660a7f5c8099d88d1a43d8ae138965112592c7 # 02:10 60+ 0 Linux 3.15-rc6 git bisect bad 2a70639cc4ea08bd40712cb010cabbb24b8ec939 # 02:10 0- 13 0day head guard for 'devel-hourly-2014052422' git bisect good 1ee1ceafb572f1a925809168267a7962a4289de8 # 02:41 60+ 0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc git bisect good f13c6d93ae8ebdfb1301e43051bcec78eb92995f # 02:47 60+ 0 Add linux-next specific files for 20140523 This script may reproduce the error. ----------------------------------------------------------------------------- #!/bin/bash kernel=$1 kvm=( qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel $kernel -smp 2 -m 256M -net nic,vlan=0,macaddr=00:00:00:00:00:00,model=virtio -net user,vlan=0 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -serial stdio -display none -monitor null ) append=( debug sched_debug apic=debug ignore_loglevel sysrq_always_enabled panic=10 prompt_ramdisk=0 earlyprintk=ttyS0,115200 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw ) "${kvm[@]}" --append "${append[*]}" ----------------------------------------------------------------------------- Thanks, Jet