Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata:
git branch: master
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
git describe: next-20200819
make_kernelversion: 5.9.0-rc1
kernel-config:
https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log:
[ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
[ 3.704865] #PF: supervisor read access in kernel mode
[ 3.704865] #PF: error_code(0x0000) - not-present page
[ 3.704865] PGD 0 P4D 0
[ 3.704865] Oops: 0000 [#1] SMP NOPTI
[ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
5.9.0-rc1-next-20200819 #1
[ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
[ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
00 48
[ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
[ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
[ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
[ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
[ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
[ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
[ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
knlGS:0000000000000000
[ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
[ 3.721157] Call Trace:
[ 3.721157] sel_netport_sid+0x120/0x1e0
[ 3.721157] selinux_socket_bind+0x15a/0x250
[ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
[ 3.721157] ? __local_bh_enable_ip+0x46/0x70
[ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
[ 3.721157] security_socket_bind+0x35/0x50
[ 3.721157] __sys_bind+0xcf/0x110
[ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
[ 3.730888] ? do_syscall_64+0x14/0x50
[ 3.730888] ? trace_hardirqs_on+0x38/0xf0
[ 3.732120] __x64_sys_bind+0x1a/0x20
[ 3.732120] do_syscall_64+0x38/0x50
[ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 3.732120] RIP: 0033:0x7f5ef37f3057
[ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
01 48
[ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
0000000000000031
[ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
[ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
[ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
[ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
[ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
[ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
000000RIP: 0010:security_port_sid0000000000
[ 3.744849] Modules linked in:
[ 3.744849] CR2: 00000000000001c8
[ 3.744849] ---[ end trace 485eaaecdce54971 ]---
[ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
[ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
00 48
[ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
[ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
[ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
[ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
[ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
[ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
[ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
knlGS:0000000000000000
[ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
[ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
Fatal exception in interrupt
[ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
(relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
interrupt ]---
full test log link,
https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
Reported-by: Naresh Kamboju <[email protected]>
--
Linaro LKFT
https://lkft.linaro.org
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
> Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
>
> Kernel panic - not syncing: Fatal exception in interrupt
>
> metadata:
> git branch: master
> git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
> git describe: next-20200819
> make_kernelversion: 5.9.0-rc1
> kernel-config:
> https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
>
> crash log:
> [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
> [ 3.704865] #PF: supervisor read access in kernel mode
> [ 3.704865] #PF: error_code(0x0000) - not-present page
> [ 3.704865] PGD 0 P4D 0
> [ 3.704865] Oops: 0000 [#1] SMP NOPTI
> [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
> 5.9.0-rc1-next-20200819 #1
> [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.12.0-1 04/01/2014
> [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
> [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> 00 48
> [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> knlGS:0000000000000000
> [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> [ 3.721157] Call Trace:
> [ 3.721157] sel_netport_sid+0x120/0x1e0
> [ 3.721157] selinux_socket_bind+0x15a/0x250
> [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
> [ 3.721157] ? __local_bh_enable_ip+0x46/0x70
> [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
> [ 3.721157] security_socket_bind+0x35/0x50
> [ 3.721157] __sys_bind+0xcf/0x110
> [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
> [ 3.730888] ? do_syscall_64+0x14/0x50
> [ 3.730888] ? trace_hardirqs_on+0x38/0xf0
> [ 3.732120] __x64_sys_bind+0x1a/0x20
> [ 3.732120] do_syscall_64+0x38/0x50
> [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 3.732120] RIP: 0033:0x7f5ef37f3057
> [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
> 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
> 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
> 01 48
> [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
> 0000000000000031
> [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
> [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
> [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
> [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
> [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
> [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
> 000000RIP: 0010:security_port_sid0000000000
> [ 3.744849] Modules linked in:
> [ 3.744849] CR2: 00000000000001c8
> [ 3.744849] ---[ end trace 485eaaecdce54971 ]---
> [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
> [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> 00 48
> [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> knlGS:0000000000000000
> [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
> Fatal exception in interrupt
> [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
> (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
> [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
> interrupt ]---
>
> full test log link,
> https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
>
> Reported-by: Naresh Kamboju <[email protected]>
Thank you for the report. It appears from the log that you are enabling
SELinux but not loading any policy? If that is correct, then I believe
I know the underlying cause and can create a patch.
On 8/19/20 9:12 AM, Paul Moore wrote:
> On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley
> <[email protected]> wrote:
>> On 8/19/20 6:11 AM, Naresh Kamboju wrote:
>>> Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
>>>
>>> Kernel panic - not syncing: Fatal exception in interrupt
>>>
>>> metadata:
>>> git branch: master
>>> git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
>>> git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
>>> git describe: next-20200819
>>> make_kernelversion: 5.9.0-rc1
>>> kernel-config:
>>> https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
>>>
>>> crash log:
>>> [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
>>> [ 3.704865] #PF: supervisor read access in kernel mode
>>> [ 3.704865] #PF: error_code(0x0000) - not-present page
>>> [ 3.704865] PGD 0 P4D 0
>>> [ 3.704865] Oops: 0000 [#1] SMP NOPTI
>>> [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
>>> 5.9.0-rc1-next-20200819 #1
>>> [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>>> BIOS 1.12.0-1 04/01/2014
>>> [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
>>> [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
>>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
>>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
>>> 00 48
>>> [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
>>> [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
>>> [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
>>> [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
>>> [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
>>> [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
>>> [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
>>> knlGS:0000000000000000
>>> [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
>>> [ 3.721157] Call Trace:
>>> [ 3.721157] sel_netport_sid+0x120/0x1e0
>>> [ 3.721157] selinux_socket_bind+0x15a/0x250
>>> [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
>>> [ 3.721157] ? __local_bh_enable_ip+0x46/0x70
>>> [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
>>> [ 3.721157] security_socket_bind+0x35/0x50
>>> [ 3.721157] __sys_bind+0xcf/0x110
>>> [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
>>> [ 3.730888] ? do_syscall_64+0x14/0x50
>>> [ 3.730888] ? trace_hardirqs_on+0x38/0xf0
>>> [ 3.732120] __x64_sys_bind+0x1a/0x20
>>> [ 3.732120] do_syscall_64+0x38/0x50
>>> [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>>> [ 3.732120] RIP: 0033:0x7f5ef37f3057
>>> [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
>>> 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
>>> 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
>>> 01 48
>>> [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
>>> 0000000000000031
>>> [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
>>> [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
>>> [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
>>> [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
>>> [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
>>> [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
>>> 000000RIP: 0010:security_port_sid0000000000
>>> [ 3.744849] Modules linked in:
>>> [ 3.744849] CR2: 00000000000001c8
>>> [ 3.744849] ---[ end trace 485eaaecdce54971 ]---
>>> [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
>>> [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
>>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
>>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
>>> 00 48
>>> [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
>>> [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
>>> [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
>>> [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
>>> [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
>>> [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
>>> [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
>>> knlGS:0000000000000000
>>> [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
>>> [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
>>> Fatal exception in interrupt
>>> [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
>>> (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>>> [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
>>> interrupt ]---
>>>
>>> full test log link,
>>> https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
>>>
>>> Reported-by: Naresh Kamboju <[email protected]>
>> Thank you for the report. It appears from the log that you are enabling
>> SELinux but not loading any policy? If that is correct, then I believe
>> I know the underlying cause and can create a patch.
> Yes, I'm guessing the bind() hook is the culprit.
>
> I'm beginning to think we should try forcing a run of the
> selinux-testsuite on a system with SELinux enabled but without a
> loaded policy. The test suite will fail in spectacular fashion, but
> it will be a good way to shake out some of these corner cases.
It's due to the lack of explicit selinux_initialized(state) guards in
security_port_sid() and the rest of those functions. Previously, they
happened to work because the policydb was statically allocated and could
be accessed even before initial policy load. With the encapsulation of
the policy state and dynamic allocation, they need to check
selinux_initialized() first and return immediately if it isn't 1. I
have a patch in the works. With respect to testing, even just doing a
simple boot test with SELinux enabled but no policy would have detected
this one; it just isn't part of my usual workflow.
On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley
<[email protected]> wrote:
> On 8/19/20 6:11 AM, Naresh Kamboju wrote:
> > Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
> >
> > Kernel panic - not syncing: Fatal exception in interrupt
> >
> > metadata:
> > git branch: master
> > git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> > git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
> > git describe: next-20200819
> > make_kernelversion: 5.9.0-rc1
> > kernel-config:
> > https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
> >
> > crash log:
> > [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
> > [ 3.704865] #PF: supervisor read access in kernel mode
> > [ 3.704865] #PF: error_code(0x0000) - not-present page
> > [ 3.704865] PGD 0 P4D 0
> > [ 3.704865] Oops: 0000 [#1] SMP NOPTI
> > [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
> > 5.9.0-rc1-next-20200819 #1
> > [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS 1.12.0-1 04/01/2014
> > [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
> > [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> > 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> > 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> > 00 48
> > [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> > [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> > [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> > [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> > [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> > [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> > [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> > knlGS:0000000000000000
> > [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> > [ 3.721157] Call Trace:
> > [ 3.721157] sel_netport_sid+0x120/0x1e0
> > [ 3.721157] selinux_socket_bind+0x15a/0x250
> > [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
> > [ 3.721157] ? __local_bh_enable_ip+0x46/0x70
> > [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
> > [ 3.721157] security_socket_bind+0x35/0x50
> > [ 3.721157] __sys_bind+0xcf/0x110
> > [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
> > [ 3.730888] ? do_syscall_64+0x14/0x50
> > [ 3.730888] ? trace_hardirqs_on+0x38/0xf0
> > [ 3.732120] __x64_sys_bind+0x1a/0x20
> > [ 3.732120] do_syscall_64+0x38/0x50
> > [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > [ 3.732120] RIP: 0033:0x7f5ef37f3057
> > [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
> > 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
> > 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
> > 01 48
> > [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
> > 0000000000000031
> > [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
> > [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
> > [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
> > [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
> > [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
> > [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
> > 000000RIP: 0010:security_port_sid0000000000
> > [ 3.744849] Modules linked in:
> > [ 3.744849] CR2: 00000000000001c8
> > [ 3.744849] ---[ end trace 485eaaecdce54971 ]---
> > [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
> > [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> > 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> > 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> > 00 48
> > [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> > [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> > [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> > [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> > [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> > [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> > [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> > knlGS:0000000000000000
> > [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> > [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
> > Fatal exception in interrupt
> > [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
> > (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
> > [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
> > interrupt ]---
> >
> > full test log link,
> > https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
> >
> > Reported-by: Naresh Kamboju <[email protected]>
>
> Thank you for the report. It appears from the log that you are enabling
> SELinux but not loading any policy? If that is correct, then I believe
> I know the underlying cause and can create a patch.
Yes, I'm guessing the bind() hook is the culprit.
I'm beginning to think we should try forcing a run of the
selinux-testsuite on a system with SELinux enabled but without a
loaded policy. The test suite will fail in spectacular fashion, but
it will be a good way to shake out some of these corner cases.
--
paul moore
http://www.paul-moore.com
On Wed, Aug 19, 2020 at 9:16 AM Stephen Smalley
<[email protected]> wrote:
> On 8/19/20 9:12 AM, Paul Moore wrote:
>
> > On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley
> > <[email protected]> wrote:
> >> On 8/19/20 6:11 AM, Naresh Kamboju wrote:
> >>> Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
> >>>
> >>> Kernel panic - not syncing: Fatal exception in interrupt
> >>>
> >>> metadata:
> >>> git branch: master
> >>> git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> >>> git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
> >>> git describe: next-20200819
> >>> make_kernelversion: 5.9.0-rc1
> >>> kernel-config:
> >>> https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
> >>>
> >>> crash log:
> >>> [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
> >>> [ 3.704865] #PF: supervisor read access in kernel mode
> >>> [ 3.704865] #PF: error_code(0x0000) - not-present page
> >>> [ 3.704865] PGD 0 P4D 0
> >>> [ 3.704865] Oops: 0000 [#1] SMP NOPTI
> >>> [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
> >>> 5.9.0-rc1-next-20200819 #1
> >>> [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> >>> BIOS 1.12.0-1 04/01/2014
> >>> [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
> >>> [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> >>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> >>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> >>> 00 48
> >>> [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> >>> [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> >>> [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> >>> [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> >>> [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> >>> [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> >>> [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> >>> knlGS:0000000000000000
> >>> [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >>> [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> >>> [ 3.721157] Call Trace:
> >>> [ 3.721157] sel_netport_sid+0x120/0x1e0
> >>> [ 3.721157] selinux_socket_bind+0x15a/0x250
> >>> [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
> >>> [ 3.721157] ? __local_bh_enable_ip+0x46/0x70
> >>> [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
> >>> [ 3.721157] security_socket_bind+0x35/0x50
> >>> [ 3.721157] __sys_bind+0xcf/0x110
> >>> [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
> >>> [ 3.730888] ? do_syscall_64+0x14/0x50
> >>> [ 3.730888] ? trace_hardirqs_on+0x38/0xf0
> >>> [ 3.732120] __x64_sys_bind+0x1a/0x20
> >>> [ 3.732120] do_syscall_64+0x38/0x50
> >>> [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> >>> [ 3.732120] RIP: 0033:0x7f5ef37f3057
> >>> [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
> >>> 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
> >>> 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
> >>> 01 48
> >>> [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
> >>> 0000000000000031
> >>> [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
> >>> [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
> >>> [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
> >>> [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
> >>> [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
> >>> [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
> >>> 000000RIP: 0010:security_port_sid0000000000
> >>> [ 3.744849] Modules linked in:
> >>> [ 3.744849] CR2: 00000000000001c8
> >>> [ 3.744849] ---[ end trace 485eaaecdce54971 ]---
> >>> [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
> >>> [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> >>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> >>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> >>> 00 48
> >>> [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> >>> [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> >>> [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> >>> [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> >>> [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> >>> [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> >>> [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> >>> knlGS:0000000000000000
> >>> [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >>> [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> >>> [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
> >>> Fatal exception in interrupt
> >>> [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
> >>> (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
> >>> [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
> >>> interrupt ]---
> >>>
> >>> full test log link,
> >>> https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
> >>>
> >>> Reported-by: Naresh Kamboju <[email protected]>
> >> Thank you for the report. It appears from the log that you are enabling
> >> SELinux but not loading any policy? If that is correct, then I believe
> >> I know the underlying cause and can create a patch.
> > Yes, I'm guessing the bind() hook is the culprit.
> >
> > I'm beginning to think we should try forcing a run of the
> > selinux-testsuite on a system with SELinux enabled but without a
> > loaded policy. The test suite will fail in spectacular fashion, but
> > it will be a good way to shake out some of these corner cases.
>
> It's due to the lack of explicit selinux_initialized(state) guards in
> security_port_sid() and the rest of those functions. Previously, they
> happened to work because the policydb was statically allocated and could
> be accessed even before initial policy load. With the encapsulation of
> the policy state and dynamic allocation, they need to check
> selinux_initialized() first and return immediately if it isn't 1. I
> have a patch in the works.
Right. I was just saying that I was pretty sure the code path came in
via bind() ... which is obvious since it is in the backtrace and I
missed that since I only looked at the location of the panic and
worked the code path backwards looking for the initialization check :)
> With respect to testing, even just doing a
> simple boot test with SELinux enabled but no policy would have detected
> this one; it just isn't part of my usual workflow.
Which is fair as it isn't a use case that is really valid, but we've
seen it pop up a few times now with everyone automating their testing
without understanding how to use/test SELinux properly. My thinking
behind running the test suite w/o a policy is to try and catch all
these cases where we aren't doing an initialization check before
querying any of the policy data; I know we squashed a bunch of these,
but I'm not convinced we caught them all (and of course we can always
introduce new bugs).
--
paul moore
http://www.paul-moore.com
On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley
<[email protected]> wrote:
>
> On 8/19/20 6:11 AM, Naresh Kamboju wrote:
>
> > Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
> >
> > Kernel panic - not syncing: Fatal exception in interrupt
> >
> > metadata:
> > git branch: master
> > git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> > git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
> > git describe: next-20200819
> > make_kernelversion: 5.9.0-rc1
> > kernel-config:
> > https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
> >
> > crash log:
> > [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
> > [ 3.704865] #PF: supervisor read access in kernel mode
> > [ 3.704865] #PF: error_code(0x0000) - not-present page
> > [ 3.704865] PGD 0 P4D 0
> > [ 3.704865] Oops: 0000 [#1] SMP NOPTI
> > [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
> > 5.9.0-rc1-next-20200819 #1
> > [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS 1.12.0-1 04/01/2014
> > [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
> > [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> > 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> > 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> > 00 48
> > [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> > [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> > [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> > [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> > [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> > [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> > [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> > knlGS:0000000000000000
> > [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> > [ 3.721157] Call Trace:
> > [ 3.721157] sel_netport_sid+0x120/0x1e0
> > [ 3.721157] selinux_socket_bind+0x15a/0x250
> > [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
> > [ 3.721157] ? __local_bh_enable_ip+0x46/0x70
> > [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
> > [ 3.721157] security_socket_bind+0x35/0x50
> > [ 3.721157] __sys_bind+0xcf/0x110
> > [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
> > [ 3.730888] ? do_syscall_64+0x14/0x50
> > [ 3.730888] ? trace_hardirqs_on+0x38/0xf0
> > [ 3.732120] __x64_sys_bind+0x1a/0x20
> > [ 3.732120] do_syscall_64+0x38/0x50
> > [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > [ 3.732120] RIP: 0033:0x7f5ef37f3057
> > [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
> > 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
> > 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
> > 01 48
> > [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
> > 0000000000000031
> > [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
> > [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
> > [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
> > [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
> > [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
> > [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
> > 000000RIP: 0010:security_port_sid0000000000
> > [ 3.744849] Modules linked in:
> > [ 3.744849] CR2: 00000000000001c8
> > [ 3.744849] ---[ end trace 485eaaecdce54971 ]---
> > [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
> > [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> > 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> > 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> > 00 48
> > [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> > [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> > [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> > [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> > [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> > [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> > [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> > knlGS:0000000000000000
> > [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> > [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
> > Fatal exception in interrupt
> > [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
> > (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
> > [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
> > interrupt ]---
> >
> > full test log link,
> > https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
> >
> > Reported-by: Naresh Kamboju <[email protected]>
>
+1.
Reported-by: Andy Shevchenko <[email protected]>
> Thank you for the report. It appears from the log that you are enabling
> SELinux but not loading any policy? If that is correct, then I believe
> I know the underlying cause and can create a patch.
I guess it's too far with assumptions that people are using some
monster Linux distribution or so. I have simple kernel configuration
with minimal Buildroot (busybox + uclibc) and I have got this
inconvenience.
Please, fix this. And would be nice if you may tell what commit I can
revert without wasting time on bisect to unblock my main work.
--
With Best Regards,
Andy Shevchenko
On 8/19/20 11:06 AM, Andy Shevchenko wrote:
> On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley
> <[email protected]> wrote:
>> On 8/19/20 6:11 AM, Naresh Kamboju wrote:
>>
>>> Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
>>>
>>> Kernel panic - not syncing: Fatal exception in interrupt
>>>
>>> metadata:
>>> git branch: master
>>> git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
>>> git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
>>> git describe: next-20200819
>>> make_kernelversion: 5.9.0-rc1
>>> kernel-config:
>>> https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
>>>
>>> crash log:
>>> [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
>>> [ 3.704865] #PF: supervisor read access in kernel mode
>>> [ 3.704865] #PF: error_code(0x0000) - not-present page
>>> [ 3.704865] PGD 0 P4D 0
>>> [ 3.704865] Oops: 0000 [#1] SMP NOPTI
>>> [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
>>> 5.9.0-rc1-next-20200819 #1
>>> [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
>>> BIOS 1.12.0-1 04/01/2014
>>> [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
>>> [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
>>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
>>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
>>> 00 48
>>> [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
>>> [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
>>> [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
>>> [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
>>> [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
>>> [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
>>> [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
>>> knlGS:0000000000000000
>>> [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
>>> [ 3.721157] Call Trace:
>>> [ 3.721157] sel_netport_sid+0x120/0x1e0
>>> [ 3.721157] selinux_socket_bind+0x15a/0x250
>>> [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
>>> [ 3.721157] ? __local_bh_enable_ip+0x46/0x70
>>> [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
>>> [ 3.721157] security_socket_bind+0x35/0x50
>>> [ 3.721157] __sys_bind+0xcf/0x110
>>> [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
>>> [ 3.730888] ? do_syscall_64+0x14/0x50
>>> [ 3.730888] ? trace_hardirqs_on+0x38/0xf0
>>> [ 3.732120] __x64_sys_bind+0x1a/0x20
>>> [ 3.732120] do_syscall_64+0x38/0x50
>>> [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>>> [ 3.732120] RIP: 0033:0x7f5ef37f3057
>>> [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
>>> 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
>>> 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
>>> 01 48
>>> [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
>>> 0000000000000031
>>> [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
>>> [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
>>> [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
>>> [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
>>> [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
>>> [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
>>> 000000RIP: 0010:security_port_sid0000000000
>>> [ 3.744849] Modules linked in:
>>> [ 3.744849] CR2: 00000000000001c8
>>> [ 3.744849] ---[ end trace 485eaaecdce54971 ]---
>>> [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
>>> [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
>>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
>>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
>>> 00 48
>>> [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
>>> [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
>>> [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
>>> [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
>>> [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
>>> [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
>>> [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
>>> knlGS:0000000000000000
>>> [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
>>> [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
>>> Fatal exception in interrupt
>>> [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
>>> (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
>>> [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
>>> interrupt ]---
>>>
>>> full test log link,
>>> https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
>>>
>>> Reported-by: Naresh Kamboju <[email protected]>
> +1.
> Reported-by: Andy Shevchenko <[email protected]>
>
>> Thank you for the report. It appears from the log that you are enabling
>> SELinux but not loading any policy? If that is correct, then I believe
>> I know the underlying cause and can create a patch.
> I guess it's too far with assumptions that people are using some
> monster Linux distribution or so. I have simple kernel configuration
> with minimal Buildroot (busybox + uclibc) and I have got this
> inconvenience.
> Please, fix this. And would be nice if you may tell what commit I can
> revert without wasting time on bisect to unblock my main work.
>
Fix can be found at:https://patchwork.kernel.org/patch/11724203/
<https://patchwork.kernel.org/patch/11724203/>
On Wed, Aug 19, 2020 at 6:12 PM Stephen Smalley
<[email protected]> wrote:
>
> On 8/19/20 11:06 AM, Andy Shevchenko wrote:
>
> > On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley
> > <[email protected]> wrote:
> >> On 8/19/20 6:11 AM, Naresh Kamboju wrote:
> >>
> >>> Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
> >>>
> >>> Kernel panic - not syncing: Fatal exception in interrupt
> >>>
> >>> metadata:
> >>> git branch: master
> >>> git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> >>> git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9
> >>> git describe: next-20200819
> >>> make_kernelversion: 5.9.0-rc1
> >>> kernel-config:
> >>> https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
> >>>
> >>> crash log:
> >>> [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8
> >>> [ 3.704865] #PF: supervisor read access in kernel mode
> >>> [ 3.704865] #PF: error_code(0x0000) - not-present page
> >>> [ 3.704865] PGD 0 P4D 0
> >>> [ 3.704865] Oops: 0000 [#1] SMP NOPTI
> >>> [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted
> >>> 5.9.0-rc1-next-20200819 #1
> >>> [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> >>> BIOS 1.12.0-1 04/01/2014
> >>> [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0
> >>> [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> >>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> >>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> >>> 00 48
> >>> [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> >>> [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> >>> [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> >>> [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> >>> [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> >>> [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> >>> [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> >>> knlGS:0000000000000000
> >>> [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >>> [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> >>> [ 3.721157] Call Trace:
> >>> [ 3.721157] sel_netport_sid+0x120/0x1e0
> >>> [ 3.721157] selinux_socket_bind+0x15a/0x250
> >>> [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50
> >>> [ 3.721157] ? __local_bh_enable_ip+0x46/0x70
> >>> [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20
> >>> [ 3.721157] security_socket_bind+0x35/0x50
> >>> [ 3.721157] __sys_bind+0xcf/0x110
> >>> [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0
> >>> [ 3.730888] ? do_syscall_64+0x14/0x50
> >>> [ 3.730888] ? trace_hardirqs_on+0x38/0xf0
> >>> [ 3.732120] __x64_sys_bind+0x1a/0x20
> >>> [ 3.732120] do_syscall_64+0x38/0x50
> >>> [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> >>> [ 3.732120] RIP: 0033:0x7f5ef37f3057
> >>> [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89
> >>> 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00
> >>> 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89
> >>> 01 48
> >>> [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX:
> >>> 0000000000000031
> >>> [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057
> >>> [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b
> >>> [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0
> >>> [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000
> >>> [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000
> >>> [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15:
> >>> 000000RIP: 0010:security_port_sid0000000000
> >>> [ 3.744849] Modules linked in:
> >>> [ 3.744849] CR2: 00000000000001c8
> >>> [ 3.744849] ---[ end trace 485eaaecdce54971 ]---
> >>> [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0
> >>> [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55
> >>> 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48
> >>> 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00
> >>> 00 48
> >>> [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246
> >>> [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c
> >>> [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10
> >>> [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016
> >>> [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006
> >>> [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820
> >>> [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000)
> >>> knlGS:0000000000000000
> >>> [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >>> [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0
> >>> [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing:
> >>> Fatal exception in interrupt
> >>> [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000
> >>> (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
> >>> [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in
> >>> interrupt ]---
> >>>
> >>> full test log link,
> >>> https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun/3084905/suite/linux-log-parser/test/check-kernel-panic-1682816/log
> >>>
> >>> Reported-by: Naresh Kamboju <[email protected]>
> > +1.
> > Reported-by: Andy Shevchenko <[email protected]>
> >
> >> Thank you for the report. It appears from the log that you are enabling
> >> SELinux but not loading any policy? If that is correct, then I believe
> >> I know the underlying cause and can create a patch.
> > I guess it's too far with assumptions that people are using some
> > monster Linux distribution or so. I have simple kernel configuration
> > with minimal Buildroot (busybox + uclibc) and I have got this
> > inconvenience.
> > Please, fix this. And would be nice if you may tell what commit I can
> > revert without wasting time on bisect to unblock my main work.
> >
> Fix can be found at:https://patchwork.kernel.org/patch/11724203/
> <https://patchwork.kernel.org/patch/11724203/>
Thanks, feel free to add
Tested-by: Andy Shevchenko <[email protected]>
--
With Best Regards,
Andy Shevchenko
Hi all,
On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley <[email protected]> wrote:
>
> Fix can be found at:https://patchwork.kernel.org/patch/11724203/
> <https://patchwork.kernel.org/patch/11724203/>
Thanks.
I will add that to the selinux tree merge in linux-next until it turns
up in the tree.
--
Cheers,
Stephen Rothwell
On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell <[email protected]> wrote:
> Hi all,
>
> On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley <[email protected]> wrote:
> >
> > Fix can be found at:https://patchwork.kernel.org/patch/11724203/
> > <https://patchwork.kernel.org/patch/11724203/>
>
> Thanks.
>
> I will add that to the selinux tree merge in linux-next until it turns
> up in the tree.
FYI, I just merged that patch into the selinux/next tree.
commit 37ea433c66070fcef09c6d118492c36299eb72ba
Author: Stephen Smalley <[email protected]>
Date: Wed Aug 19 09:45:41 2020 -0400
selinux: avoid dereferencing the policy prior to initialization
Certain SELinux security server functions (e.g. security_port_sid,
called during bind) were not explicitly testing to see if SELinux
has been initialized (i.e. initial policy loaded) and handling
the no-policy-loaded case. In the past this happened to work
because the policydb was statically allocated and could always
be accessed, but with the recent encapsulation of policy state
and conversion to dynamic allocation, we can no longer access
the policy state prior to initialization. Add a test of
!selinux_initialized(state) to all of the exported functions that
were missing them and handle appropriately.
Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor ...")
Reported-by: Naresh Kamboju <[email protected]>
Tested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Stephen Smalley <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
--
paul moore
http://www.paul-moore.com
Hi Paul,
On Wed, 19 Aug 2020 21:21:29 -0400 Paul Moore <[email protected]> wrote:
>
> On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell <[email protected]> wrote:
> FYI, I just merged that patch into the selinux/next tree.
Thanks, I will drop my copy from my tree tomorrow.
--
Cheers,
Stephen Rothwell