chown of SUID executable in docker container on overlayfs fails with kernel BUG at linux-4.4.0/fs/attr.c:280
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Steps to reproduce:
1. Take any fresh installation of Ubuntu 16.04. I used Vagrant to reproduce this bug, but it also reproduces on my VM with Ubuntu 16.04 in Azure.
2. Upgrade kernel to current latest release (linux-
# uname -r
4.4.
3. Install Docker 1.11.2 from Ubuntu repositories (also can be reproduced with Docker 1.12.1 from official Docker repositories for Debian/Ubuntu):
# apt install docker.io
4. Use overlayfs as storage driver in Docker. Edit /etc/default/docker and add DOCKER_
# echo 'DOCKER_
# systemctl restart docker
# docker info
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 1.11.2
Storage Driver: overlay
Backing Filesystem: extfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.4.0-36-generic
Operating System: Ubuntu 16.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 488.5 MiB
Name: vagrant
ID: COJW:JDNB:
Docker Root Dir: /var/lib/docker
Debug mode (client): false
Debug mode (server): false
Registry: https:/
WARNING: No swap limit support
5. Start container and run following commands in container:
# docker run --rm -ti busybox:latest /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
8ddc19f16526: Pull complete
Digest: sha256:
Status: Downloaded newer image for busybox:latest
/ # touch a
/ # chmod 04744 a
/ # stat a
File: a
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fc00h/64512d Inode: 264640 Links: 1
Access: (4744/-rwsr--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-09-09 19:18:50.000000000
Modify: 2016-09-09 19:18:50.000000000
Change: 2016-09-09 19:18:56.000000000
/ # chown 0:12345 a
Segmentation fault
/ #
During chown fault following appears in dmesg:
[ 753.808988] ------------[ cut here ]------------
[ 753.809003] kernel BUG at /build/
[ 753.809016] invalid opcode: 0000 [#1] SMP
[ 753.809026] Modules linked in: overlay veth ipt_MASQUERADE nf_nat_
t nf_conntrack br_netfilter bridge stp llc aufs vboxsf ppdev crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd input_leds serio_raw vboxvideo 8250_fintek parpo
rt_pc parport ttm drm_kms_helper mac_hid drm fb_sys_fops i2c_piix4 syscopyarea vboxguest sysfillrect sysimgblt sunrpc autofs4 psmouse ahci libahci e1000 pata_acpi video fjes
[ 753.809172] CPU: 0 PID: 5971 Comm: chown Tainted: G W 4.4.0-36-generic #55-Ubuntu
[ 753.809188] Hardware name: innotek GmbH VirtualBox/
[ 753.809203] task: ffff88001f042c40 ti: ffff880010c74000 task.ti: ffff880010c74000
[ 753.809217] RIP: 0010:[<
[ 753.809258] RSP: 0018:ffff880010
[ 753.809270] RAX: 0000000057d30b2d RBX: 0000000000001847 RCX: 0000000000000017
[ 753.809297] RDX: 000000000771653f RSI: 000000000771653f RDI: 0000000057d30b2d
[ 753.809312] RBP: ffff880010c77de0 R08: 0000000000000000 R09: 0000000000000001
[ 753.809332] R10: 0000000000000000 R11: ffff880017582a0c R12: ffff880010c77e78
[ 753.809352] R13: ffff8800194f7cc0 R14: 00000000000089e4 R15: ffff880016a77b88
[ 753.809389] FS: 00000000011991f
[ 753.809420] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 753.809431] CR2: 000000000119abf8 CR3: 0000000017cbe000 CR4: 00000000000406f0
[ 753.809446] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 753.809461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 753.809491] Stack:
[ 753.809496] 0000000000000000 0000000000000000 ffff880010c77e78 ffff880012299e40
[ 753.809517] ffff8800194f7cc0 ffff880019ed46a8 ffff880010c77e10 ffffffffc03573d1
[ 753.809552] 0000000000001847 ffff880010c77e78 ffff880012299e40 0000000000000000
[ 753.809585] Call Trace:
[ 753.809596] [<ffffffffc0357
[ 753.809612] [<ffffffff8122a
[ 753.809626] [<ffffffff8120a
[ 753.809660] [<ffffffff8120b
[ 753.809674] [<ffffffff8182d
[ 753.810211] Code: 4c 89 ef e8 60 87 17 00 31 c0 e9 00 fe ff ff 83 ca 01 41 89 14 24 89 d3 41 0f b7 07 e9 23 fe ff ff b8 ff ff ff ff e9 e4 fd ff ff <0f> 0b 48 3b 50 30 0f 85 50 fe ff ff e9 08 ff ff ff 4c
89 e6 4c
[ 753.811863] RIP [<ffffffff8122a
[ 753.812355] RSP <ffff880010c77db0>
[ 753.812839] fbcon_switch: detected unhandled fb_set_par error, error code -16
[ 753.813741] fbcon_switch: detected unhandled fb_set_par error, error code -16
[ 753.814663] ---[ end trace 4d5ff9f2f68c4235 ]---
This bug is not reproduced in linux-image-
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-
ProcVersionSign
Uname: Linux 4.4.0-36-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Sep 9 19:06 seq
crw-rw---- 1 root audio 116, 33 Sep 9 19:06 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Fri Sep 9 19:22:32 2016
HibernationDevice: RESUME=
InstallationDate: Installed on 2016-08-01 (39 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: innotek GmbH VirtualBox
PciMultimedia:
ProcFB: 0 vboxdrmfb
ProcKernelCmdLine: BOOT_IMAGE=
RelatedPackageV
linux-
linux-
linux-firmware 1.157.3
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias: dmi:bvninnotekG
dmi.product.name: VirtualBox
dmi.product.
dmi.sys.vendor: innotek GmbH
Vladimir - please try the kernel in proposed, Ubuntu-4.4.0-38.57. It has a patch that likely addresses your bug: "UBUNTU: SAUCE: overlayfs: fix regression in whiteout detection".