kernel 3.5.0-26.40-generic oops immediately when doing schroot w/overlayfs

Bug #1147678 reported by Steve Beattie on 2013-03-05
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Andy Whitcroft

Bug Description

schroot causes an inst-oops w/ 3.5.0-26.40-generic . It was not happening with the 3.5.0-23-generic kernel.

Oops looks like:

Mar 5 10:26:43 kryten kernel: [40476.386289] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
Mar 5 10:26:43 kryten kernel: [40476.386326] IP: [<ffffffff81181b35>] do_sys_open+0x115/0x230
Mar 5 10:26:43 kryten kernel: [40476.386349] PGD 23c9b3067 PUD 23c9b2067 PMD 0<
Mar 5 10:26:43 kryten kernel: [40476.386367] Oops: 0000 [#1] SMP
Mar 5 10:26:43 kryten kernel: [40476.386380] CPU 0
Mar 5 10:26:43 kryten kernel: [40476.386387] Modules linked in: overlayfs ip6table_filter ip6_tables ebtable_nat ebtables xt_state ipt_REJECT xt_CHECKSUM iptable_mangle xt_tcpudp iptable_filter hid_generic hid_microsoft usbhid hid snd_usb_audio cm109 snd_usbmidi_lib snd_hrtimer pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) joydev ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables bridge stp llc dm_crypt snd_hda_codec_hdmi snd_hda_codec_conexant coretemp arc4 kvm_intel kvm bnep dm_multipath scsi_dh microcode snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi thinkpad_acpi snd_rawmidi nvram tpm_tis snd_seq_midi_event snd_seq iwlwifi snd_timer snd_seq_device mac80211 mac_hid rfcomm psmouse snd cfg80211 serio_raw bluetooth lpc_ich parport_pc soundcore mei snd_page_alloc ppdev nfsd nfs lockd fscache lp auth_rpcgss nfs_acl parport sunrpc binfmt_misc btrfs zlib_deflate libcrc32c raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov rai
Mar 5 10:26:43 kryten kernel: d6_pq async_tx raid1 raid0 multipath linear ghash_clmulni_intel aesni_intel cryptd aes_x86_64 wmi ahci libahci e1000e i915 sdhci_pci sdhci drm_kms_helper drm i2c_algo_bit video
Mar 5 10:26:43 kryten kernel: [40476.386817]
Mar 5 10:26:43 kryten kernel: [40476.386819] Pid: 19808, comm: update-binfmts Tainted: G O 3.5.0-26-generic #40-Ubuntu LENOVO 4170CTO/4170CTO
Mar 5 10:26:43 kryten kernel: [40476.386869] RIP: 0010:[<ffffffff81181b35>] [<ffffffff81181b35>] do_sys_open+0x115/0x230
Mar 5 10:26:43 kryten kernel: [40476.386903] RSP: 0018:ffff8802e7af5f08 EFLAGS: 00010287
Mar 5 10:26:43 kryten kernel: [40476.386925] RAX: ffff8801bec42a00 RBX: 0000000000008000 RCX: 0000000000000008
Mar 5 10:26:43 kryten kernel: [40476.386953] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff8801bec42a10
Mar 5 10:26:43 kryten kernel: [40476.386981] RBP: ffff8802e7af5f68 R08: ffffffff81cd5060 R09: 0000000000000100
Mar 5 10:26:43 kryten kernel: [40476.388682] R10: ffffea0009b38600 R11: ffff8801bec42a10 R12: ffff8801b7163000
Mar 5 10:26:43 kryten kernel: [40476.390344] R13: 0000000000000003 R14: ffff8801bec42a00 R15: 0000000000000020
Mar 5 10:26:43 kryten kernel: [40476.392009] FS: 00007f7af5932700(0000) GS:ffff88043e200000(0000) knlGS:0000000000000000
Mar 5 10:26:43 kryten kernel: [40476.394315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 5 10:26:43 kryten kernel: [40476.396062] CR2: 0000000000000030 CR3: 00000001b7279000 CR4: 00000000000407f0
Mar 5 10:26:43 kryten kernel: [40476.397769] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Mar 5 10:26:43 kryten kernel: [40476.399464] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Mar 5 10:26:43 kryten kernel: [40476.401145] Process update-binfmts (pid: 19808, threadinfo ffff8802e7af4000, task ffff8801ac2a2e00)
Mar 5 10:26:43 kryten kernel: [40476.402857] Stack:
Mar 5 10:26:43 kryten kernel: [40476.404610] ffff8801d3938c00 ffff8801d3938e80 ffff8802e7af5f78 01b6ffff810ce98c
Mar 5 10:26:43 kryten kernel: [40476.406346] ffff000000008000 0000010000000024 0000000000000003 0000000001c59310
Mar 5 10:26:43 kryten kernel: [40476.408452] 000000000040ddb7 00007fff48e9d9dd 0000000000000008 0000000000000000
Mar 5 10:26:43 kryten kernel: [40476.410211] Call Trace:
Mar 5 10:26:43 kryten kernel: [40476.411941] [<ffffffff81181c71>] sys_open+0x21/0x30
Mar 5 10:26:43 kryten kernel: [40476.413726] [<ffffffff816890e9>] system_call_fastpath+0x16/0x1b
Mar 5 10:26:43 kryten kernel: [40476.415415] Code: 44 89 f9 4c 89 e6 e8 fb 04 01 00 48 3d 00 f0 ff ff 49 89 c6 0f 87 11 01 00 00 48 8b 70 18 4c 8d 58 10 41 bf 20 00 00 00 4c 89 df <4c> 8b 56 30 41 0f b7 02 4c 89 55 a8 4c 89 5d b0 66 25 00 f0 66
Mar 5 10:26:43 kryten kernel: [40476.418985] RIP [<ffffffff81181b35>] do_sys_open+0x115/0x230
Mar 5 10:26:43 kryten kernel: [40476.420733] RSP <ffff8802e7af5f08>
Mar 5 10:26:43 kryten kernel: [40476.422449] CR2: 0000000000000030
Mar 5 10:26:43 kryten kernel: [40476.704725] ---[ end trace e1b70c4b54722306 ]---

The commit http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-quantal.git;a=commit;h=06082d7a0df80a95e8b9e0b5b069ee22c01d986c looks suspicious, but may be a red herring.

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: linux-image-3.5.0-26-generic 3.5.0-26.40
ProcVersionSignature: Ubuntu 3.5.0-26.40-generic 3.5.7.6
Uname: Linux 3.5.0-26-generic x86_64
ApportVersion: 2.6.1-0ubuntu10
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: steve 3672 F.... pulseaudio
 /dev/snd/controlC0: steve 3672 F.... pulseaudio
 /dev/snd/pcmC0D0p: steve 3672 F...m pulseaudio
CheckboxSubmission: 9c15077a0ca11678d04e060687c26674
CheckboxSystem: 5dc75472945f57d094b84e90feb97396
Date: Tue Mar 5 12:27:43 2013
HibernationDevice: RESUME=UUID=a536a565-fd97-48e7-8ee9-42ba878335b7
InstallationDate: Installed on 2011-05-04 (671 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110426)
MachineType: LENOVO 4170CTO
MarkForUpload: True
ProcEnviron:
 TERM=screen
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-26-generic root=UUID=c4db2aae-2ceb-4cdf-89ad-5b45458deb35 ro rootflags=data=ordered pcie_aspm=force quiet splash vt.handoff=7
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: Daemon not responding.
RelatedPackageVersions:
 linux-restricted-modules-3.5.0-26-generic N/A
 linux-backports-modules-3.5.0-26-generic N/A
 linux-firmware 1.95
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to quantal on 2012-09-21 (165 days ago)
dmi.bios.date: 03/24/2011
dmi.bios.vendor: LENOVO
dmi.bios.version: 8CET32WW (1.09 )
dmi.board.asset.tag: Not Available
dmi.board.name: 4170CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr8CET32WW(1.09):bd03/24/2011:svnLENOVO:pn4170CTO:pvrThinkPadT420s:rvnLENOVO:rn4170CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 4170CTO
dmi.product.version: ThinkPad T420s
dmi.sys.vendor: LENOVO

Steve Beattie (sbeattie) wrote :
Steve Beattie (sbeattie) wrote :

Attaching the unmangled /var/log/kern.log since apport didn't seem to include it, and the bits pasted in the description were mangled somewhat

Changed in linux (Ubuntu):
importance: Undecided → Medium
tags: added: kernel-da-key regression-update

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-key
Andy Whitcroft (apw) on 2013-03-07
Changed in linux (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw) wrote :

Reproduced trivially here. I am completely confused how the reporter of the previous bug claimed to have tested the fix as is in their setup. From what I can see the fix is incomplete currently due to an open-coded side effect on the nameidata.

@Steve -- could you please test the kernels here and confirm they work for you as well. Please report any testing back here:

    http://people.canonical.com/~apw/lp1147678-quantal/

[Note to self, do not trust testers.]

Steve Beattie (sbeattie) wrote :

@Andy: I'm not sure you'll trust me when I say this, but yes, I am able to schroot with overlayfs with the test kernel you posted (3.5.0-27.41~lp1147678v201303071151-generic). Thanks! Not seeing any other issues with this kernel, though granted it's only been up for 30 minutes or so.

Andy Whitcroft (apw) wrote :

/me pushes the patch for review.

Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Quantal in -proposed solves the problem (3.5.0-26.42). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-quantal' to 'verification-done-quantal'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-quantal
Brad Figg (brad-figg) on 2013-03-12
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
tags: removed: kernel-key
Steve Beattie (sbeattie) wrote :

I can confirm that the oops I saw when using overlayfs with chroots on the 3.5.0-26.40-generic has been fixed with the 3.5.0-26.42-generic kernel. Thanks!

tags: added: verification-done-quantal
removed: verification-needed-quantal

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :
Download full text (13.8 KiB)

This bug was fixed in the package linux - 3.5.0-26.42

---------------
linux (3.5.0-26.42) quantal-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1152715

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094, #1147678

linux (3.5.0-26.40) quantal-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1133429

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094

  [ Ian Campbell ]

  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217

  [ Jan Beulich ]

  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231

  [ Tim Gardner ]

  * [Config] CONFIG_SATA_AHCI=m
    - LP: #1056563
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840

  [ Upstream Kernel Changes ]

  * Revert "USB: Handle warm reset failure on empty port."
    - LP: #1131944
  * xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
    guests.
    - LP: #1102374
    - CVE-2013-0190
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1119885
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1119885
  * PCI: pciehp: Use per-slot workqueues to avoid deadlock
    - LP: #1119885
  * PCI/AER: pci_get_domain_bus_and_slot() call missing required
    pci_dev_put()
    - LP: #1119885
  * xen/grant-table: correctly initialize grant table version 1
    - LP: #1119885
  * serial:ifx6x60:Delete SPI timer when shut down port
    - LP: #1119885
  * tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler
    - LP: #1119885
  * drm/i915: Invalidate the relocation presumed_offsets along the slow
    path
    - LP: #1119885
  * ARM: 7627/1: Predicate preempt logic on PREEMP_COUNT not PREEMPT alone
    - LP: #1119885
  * staging: vt6656: Fix inconsistent structure packing
    - LP: #1119885
  * 8250/16?50: Add support for Broadcom TruManage redirected serial port
    - LP: #1119885
  * KVM: PPC: Emulate dcbf
    - LP: #1119885
  * staging: wlan-ng: Fix clamping of returned SSID length
    - LP: #1119885
  * USB: option: blacklist network interface on ONDA MT8205 4G LTE
    - LP: #1119885
  * USB: option: add TP-LINK HSUPA Modem MA180
    - LP: #1119885
  * ALSA: hda - Fix mute led for another HP machine
    - LP: #1096789, #1119885
  * usb: dwc3: gadget: fix ep->maxburst for ep0
    - LP: #1119885
  * ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
    - LP: #1119885
  * ACPI / processor: Get power info before updating the C-states
    - LP: #1119885
  * ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
    sparsemem
    - LP: #1119885
  * evm: checki...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers