Linux-next: Kernel panic - not syncing: Fatal exception in interrupt - RIP: 0010:security_port_sid
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
Thank you for the report. It appears from the log that you are enabling SELinux but not loading any policy? If that is correct, then I believe I know the underlying cause and can create a patch.
On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
Thank you for the report. It appears from the log that you are enabling SELinux but not loading any policy? If that is correct, then I believe I know the underlying cause and can create a patch.
Yes, I'm guessing the bind() hook is the culprit.
I'm beginning to think we should try forcing a run of the selinux-testsuite on a system with SELinux enabled but without a loaded policy. The test suite will fail in spectacular fashion, but it will be a good way to shake out some of these corner cases.
On 8/19/20 9:12 AM, Paul Moore wrote:
On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
Thank you for the report. It appears from the log that you are enabling SELinux but not loading any policy? If that is correct, then I believe I know the underlying cause and can create a patch.
Yes, I'm guessing the bind() hook is the culprit.
I'm beginning to think we should try forcing a run of the selinux-testsuite on a system with SELinux enabled but without a loaded policy. The test suite will fail in spectacular fashion, but it will be a good way to shake out some of these corner cases.
It's due to the lack of explicit selinux_initialized(state) guards in security_port_sid() and the rest of those functions. Previously, they happened to work because the policydb was statically allocated and could be accessed even before initial policy load. With the encapsulation of the policy state and dynamic allocation, they need to check selinux_initialized() first and return immediately if it isn't 1. I have a patch in the works. With respect to testing, even just doing a simple boot test with SELinux enabled but no policy would have detected this one; it just isn't part of my usual workflow.
On Wed, Aug 19, 2020 at 9:16 AM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 9:12 AM, Paul Moore wrote:
On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
Thank you for the report. It appears from the log that you are enabling SELinux but not loading any policy? If that is correct, then I believe I know the underlying cause and can create a patch.
Yes, I'm guessing the bind() hook is the culprit.
I'm beginning to think we should try forcing a run of the selinux-testsuite on a system with SELinux enabled but without a loaded policy. The test suite will fail in spectacular fashion, but it will be a good way to shake out some of these corner cases.
It's due to the lack of explicit selinux_initialized(state) guards in security_port_sid() and the rest of those functions. Previously, they happened to work because the policydb was statically allocated and could be accessed even before initial policy load. With the encapsulation of the policy state and dynamic allocation, they need to check selinux_initialized() first and return immediately if it isn't 1. I have a patch in the works.
Right. I was just saying that I was pretty sure the code path came in via bind() ... which is obvious since it is in the backtrace and I missed that since I only looked at the location of the panic and worked the code path backwards looking for the initialization check :)
With respect to testing, even just doing a simple boot test with SELinux enabled but no policy would have detected this one; it just isn't part of my usual workflow.
Which is fair as it isn't a use case that is really valid, but we've seen it pop up a few times now with everyone automating their testing without understanding how to use/test SELinux properly. My thinking behind running the test suite w/o a policy is to try and catch all these cases where we aren't doing an initialization check before querying any of the policy data; I know we squashed a bunch of these, but I'm not convinced we caught them all (and of course we can always introduce new bugs).
On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
+1. Reported-by: Andy Shevchenko andy.shevchenko@gmail.com
Thank you for the report. It appears from the log that you are enabling SELinux but not loading any policy? If that is correct, then I believe I know the underlying cause and can create a patch.
I guess it's too far with assumptions that people are using some monster Linux distribution or so. I have simple kernel configuration with minimal Buildroot (busybox + uclibc) and I have got this inconvenience. Please, fix this. And would be nice if you may tell what commit I can revert without wasting time on bisect to unblock my main work.
On 8/19/20 11:06 AM, Andy Shevchenko wrote:
On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
+1. Reported-by: Andy Shevchenko andy.shevchenko@gmail.com
Thank you for the report. It appears from the log that you are enabling SELinux but not loading any policy? If that is correct, then I believe I know the underlying cause and can create a patch.
I guess it's too far with assumptions that people are using some monster Linux distribution or so. I have simple kernel configuration with minimal Buildroot (busybox + uclibc) and I have got this inconvenience. Please, fix this. And would be nice if you may tell what commit I can revert without wasting time on bisect to unblock my main work.
Fix can be found at:https://patchwork.kernel.org/patch/11724203/ https://patchwork.kernel.org/patch/11724203/
On Wed, Aug 19, 2020 at 6:12 PM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 11:06 AM, Andy Shevchenko wrote:
On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley stephen.smalley.work@gmail.com wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git commit: 8eb858df0a5f6bcd371b5d5637255c987278b8c9 git describe: next-20200819 make_kernelversion: 5.9.0-rc1 kernel-config: https://builds.tuxbuild.com/izEMrcIH10iI6m0FU7O0LA/kernel.config
crash log: [ 3.704578] BUG: kernel NULL pointer dereference, address: 00000000000001c8 [ 3.704865] #PF: supervisor read access in kernel mode [ 3.704865] #PF: error_code(0x0000) - not-present page [ 3.704865] PGD 0 P4D 0 [ 3.704865] Oops: 0000 [#1] SMP NOPTI [ 3.704865] CPU: 0 PID: 1 Comm: systemd Not tainted 5.9.0-rc1-next-20200819 #1 [ 3.704865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3.704865] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.704865] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.704865] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.704865] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.704865] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.704865] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.704865] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.704865] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.721157] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.721157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.721157] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.721157] Call Trace: [ 3.721157] sel_netport_sid+0x120/0x1e0 [ 3.721157] selinux_socket_bind+0x15a/0x250 [ 3.721157] ? _raw_spin_trylock_bh+0x42/0x50 [ 3.721157] ? __local_bh_enable_ip+0x46/0x70 [ 3.721157] ? _raw_spin_unlock_bh+0x1a/0x20 [ 3.721157] security_socket_bind+0x35/0x50 [ 3.721157] __sys_bind+0xcf/0x110 [ 3.721157] ? syscall_enter_from_user_mode+0x1f/0x1f0 [ 3.730888] ? do_syscall_64+0x14/0x50 [ 3.730888] ? trace_hardirqs_on+0x38/0xf0 [ 3.732120] __x64_sys_bind+0x1a/0x20 [ 3.732120] do_syscall_64+0x38/0x50 [ 3.732120] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 3.732120] RIP: 0033:0x7f5ef37f3057 [ 3.732120] Code: ff ff ff ff c3 48 8b 15 3f 9e 2b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 11 9e 2b 00 f7 d8 64 89 01 48 [ 3.738888] RSP: 002b:00007ffe638fbbb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 3.738888] RAX: ffffffffffffffda RBX: 000055833cf9ef80 RCX: 00007f5ef37f3057 [ 3.738888] RDX: 000000000000001c RSI: 000055833cf9ef80 RDI: 000000000000002b [ 3.743930] virtio_net virtio0 enp0s3: renamed from eth0 [ 3.738888] RBP: 000000000000002b R08: 0000000000000004 R09: 0000000000000000 [ 3.738888] R10: 00007ffe638fbbe4 R11: 0000000000000246 R12: 0000000000000000 [ 3.744849] R13: 00007ffe638fbbe4 R14: 0000000000000000 R15: 000000RIP: 0010:security_port_sid0000000000 [ 3.744849] Modules linked in: [ 3.744849] CR2: 00000000000001c8 [ 3.744849] ---[ end trace 485eaaecdce54971 ]--- [ 3.744849] RIP: 0010:security_port_sid+0x2f/0xb0 [ 3.744849] Code: 55 48 89 e5 41 57 49 89 ff 41 56 49 89 ce 41 55 41 89 d5 41 54 41 89 f4 53 48 8b 7f 40 e8 c9 ca 94 00 49 8b 47 40 48 8b 40 10 <48> 8b 98 c8 01 00 00 48 85 db 75 0e eb 65 48 8b 9b c0 00 00 00 48 [ 3.744849] RSP: 0018:ffffb607c0013d00 EFLAGS: 00010246 [ 3.744849] RAX: 0000000000000000 RBX: ffffffffaef076f8 RCX: ffffb607c0013d9c [ 3.744849] RDX: 0000000000000016 RSI: 0000000000000006 RDI: ffffffffaef08d10 [ 3.744849] RBP: ffffb607c0013d28 R08: 0000000000000218 R09: 0000000000000016 [ 3.744849] R10: ffffb607c0013d9c R11: ffff988ff9665260 R12: 0000000000000006 [ 3.744849] R13: 0000000000000016 R14: ffffb607c0013d9c R15: ffffffffaef05820 [ 3.744849] FS: 00007f5ef4fec840(0000) GS:ffff988ffbc00000(0000) knlGS:0000000000000000 [ 3.744849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.744849] CR2: 00000000000001c8 CR3: 000000013b04c000 CR4: 00000000003506f0 [ 3.7RIP: 0010:security_port_sid44849] Kernel panic - not syncing: Fatal exception in interrupt [ 3.744849] Kernel Offset: 0x2c000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 3.744849] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
full test log link, https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20200819/testrun...
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
+1. Reported-by: Andy Shevchenko andy.shevchenko@gmail.com
Thank you for the report. It appears from the log that you are enabling SELinux but not loading any policy? If that is correct, then I believe I know the underlying cause and can create a patch.
I guess it's too far with assumptions that people are using some monster Linux distribution or so. I have simple kernel configuration with minimal Buildroot (busybox + uclibc) and I have got this inconvenience. Please, fix this. And would be nice if you may tell what commit I can revert without wasting time on bisect to unblock my main work.
Fix can be found at:https://patchwork.kernel.org/patch/11724203/ https://patchwork.kernel.org/patch/11724203/
Thanks, feel free to add Tested-by: Andy Shevchenko andy.shevchenko@gmail.com
Hi all,
On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley stephen.smalley.work@gmail.com wrote:
Fix can be found at:https://patchwork.kernel.org/patch/11724203/ https://patchwork.kernel.org/patch/11724203/
Thanks.
I will add that to the selinux tree merge in linux-next until it turns up in the tree.
On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell sfr@canb.auug.org.au wrote:
Hi all,
On Wed, 19 Aug 2020 11:12:44 -0400 Stephen Smalley stephen.smalley.work@gmail.com wrote:
Fix can be found at:https://patchwork.kernel.org/patch/11724203/ https://patchwork.kernel.org/patch/11724203/
Thanks.
I will add that to the selinux tree merge in linux-next until it turns up in the tree.
FYI, I just merged that patch into the selinux/next tree.
commit 37ea433c66070fcef09c6d118492c36299eb72ba Author: Stephen Smalley stephen.smalley.work@gmail.com Date: Wed Aug 19 09:45:41 2020 -0400
selinux: avoid dereferencing the policy prior to initialization
Certain SELinux security server functions (e.g. security_port_sid, called during bind) were not explicitly testing to see if SELinux has been initialized (i.e. initial policy loaded) and handling the no-policy-loaded case. In the past this happened to work because the policydb was statically allocated and could always be accessed, but with the recent encapsulation of policy state and conversion to dynamic allocation, we can no longer access the policy state prior to initialization. Add a test of !selinux_initialized(state) to all of the exported functions that were missing them and handle appropriately.
Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor ...") Reported-by: Naresh Kamboju naresh.kamboju@linaro.org Tested-by: Andy Shevchenko andy.shevchenko@gmail.com Signed-off-by: Stephen Smalley stephen.smalley.work@gmail.com Signed-off-by: Paul Moore paul@paul-moore.com
Hi Paul,
On Wed, 19 Aug 2020 21:21:29 -0400 Paul Moore paul@paul-moore.com wrote:
On Wed, Aug 19, 2020 at 6:31 PM Stephen Rothwell sfr@canb.auug.org.au wrote: FYI, I just merged that patch into the selinux/next tree.
Thanks, I will drop my copy from my tree tomorrow.
-
Andy Shevchenko -
Naresh Kamboju -
Paul Moore -
Stephen Rothwell -
Stephen Smalley