try https://chromium-review.googlesource.com/915801 and see if there's more details in the logs

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ed0e513d5d79953ef8683393eabcd2c34f44f4b0

commit ed0e513d5d79953ef8683393eabcd2c34f44f4b0
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Feb 15 10:33:10 2018

CHROMIUM: LSM: add more details to blocked symlink mount

In case of a failed mount, include the source/destination paths.

BUG= chromium:811506 
TEST=precq passes

Change-Id: Ibf93f82c51a5b40a41cb0031b9331d911ec3b943
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/915801
Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org>

[modify] https://crrev.com/ed0e513d5d79953ef8683393eabcd2c34f44f4b0/security/chromiumos/lsm.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4d7eae3cfb9640834d88de108d70d87877a1e022

commit 4d7eae3cfb9640834d88de108d70d87877a1e022
Author: Mike Frysinger <vapier@chromium.org>
Date: Thu Feb 15 10:33:16 2018

CHROMIUM: LSM: add more details to blocked symlink mount

Rewrite the current sb_mount hook to use report_load as that'll do the
same amount of command line display and will show the source path, then
add another log line to include the mount type and mount flags.

BUG= chromium:811506 
TEST=precq passes

Change-Id: Ibf93f82c51a5b40a41cb0031b9331d911ec3b943
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/919190
Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org>

[modify] https://crrev.com/4d7eae3cfb9640834d88de108d70d87877a1e022/security/chromiumos/lsm.c

could you re-run your tests now with those CLs ?  the logs should include more details as to the bad mounts triggering the crashes.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/382e278a60230097fdd3c6cfb5b8477c5ccdfdd3

commit 382e278a60230097fdd3c6cfb5b8477c5ccdfdd3
Author: Mike Frysinger <vapier@chromium.org>
Date: Fri Feb 16 23:12:29 2018

CHROMIUM: LSM: add more details to blocked symlink mount

Rewrite the current sb_mount hook to use report_load as that'll do the
same amount of command line display and will show the source path, then
add another log line to include the mount type and mount flags.

BUG= chromium:811506 
TEST=precq passes

Change-Id: Ibf93f82c51a5b40a41cb0031b9331d911ec3b943
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/919874
Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org>

[modify] https://crrev.com/382e278a60230097fdd3c6cfb5b8477c5ccdfdd3/security/chromiumos/lsm.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/9996f9ce793e052f59f5ae7d1efaa2489e0ecd70

commit 9996f9ce793e052f59f5ae7d1efaa2489e0ecd70
Author: Mike Frysinger <vapier@chromium.org>
Date: Sat Feb 17 02:47:56 2018

CHROMIUM: LSM: add more details to blocked symlink mount

Rewrite the current sb_mount hook to use report_load as that'll do the
same amount of command line display and will show the source path, then
add another log line to include the mount type and mount flags.

BUG= chromium:811506 
TEST=precq passes

Change-Id: Ibf93f82c51a5b40a41cb0031b9331d911ec3b943
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/919872
Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org>

[modify] https://crrev.com/9996f9ce793e052f59f5ae7d1efaa2489e0ecd70/security/chromiumos/lsm.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1f5f3578cbcfb65dddad3fb70038249120107372

commit 1f5f3578cbcfb65dddad3fb70038249120107372
Author: Luis Hector Chavez <lhchavez@google.com>
Date: Fri Feb 23 11:36:55 2018

CHROMIUM: LSM: Deny mounting filesystems as exec in unprivileged userns

This change makes chromiumos_security_sb_mount() forbid mounting
filesystems without the MS_NOEXEC flag outside of the init namespace.

BUG= chromium:811506 
TEST=ARC can still boot
TEST=`mount -t tmpfs tmpfs /mnt` fails in an unprivileged userns
Signed-off-by: Luis Hector Chavez <lhchavez@chromium.org>

Change-Id: I40d22bdd637b1113bb53db7856bdd06331083cbd
Reviewed-on: https://chromium-review.googlesource.com/917210
Commit-Ready: Luis Hector Chavez <lhchavez@chromium.org>
Tested-by: Luis Hector Chavez <lhchavez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
(cherry picked from commit 132548e180ca9dcbc01c4f38e862cada3f118521)
Reviewed-on: https://chromium-review.googlesource.com/931744

[modify] https://crrev.com/1f5f3578cbcfb65dddad3fb70038249120107372/security/chromiumos/lsm.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1f5f3578cbcfb65dddad3fb70038249120107372

commit 1f5f3578cbcfb65dddad3fb70038249120107372
Author: Luis Hector Chavez <lhchavez@google.com>
Date: Fri Feb 23 11:36:55 2018

CHROMIUM: LSM: Deny mounting filesystems as exec in unprivileged userns

This change makes chromiumos_security_sb_mount() forbid mounting
filesystems without the MS_NOEXEC flag outside of the init namespace.

BUG= chromium:811506 
TEST=ARC can still boot
TEST=`mount -t tmpfs tmpfs /mnt` fails in an unprivileged userns
Signed-off-by: Luis Hector Chavez <lhchavez@chromium.org>

Change-Id: I40d22bdd637b1113bb53db7856bdd06331083cbd
Reviewed-on: https://chromium-review.googlesource.com/917210
Commit-Ready: Luis Hector Chavez <lhchavez@chromium.org>
Tested-by: Luis Hector Chavez <lhchavez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
(cherry picked from commit 132548e180ca9dcbc01c4f38e862cada3f118521)
Reviewed-on: https://chromium-review.googlesource.com/931744

[modify] https://crrev.com/1f5f3578cbcfb65dddad3fb70038249120107372/security/chromiumos/lsm.c

yusukes: can you retest with ToT and see if you can get better logs out of the system ?

assuming resolved now