kernel 3.5.0-26.40-generic oops immediately when doing schroot w/overlayfs

Bug #1147678 reported by Steve Beattie
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Andy Whitcroft

Bug Description

schroot causes an inst-oops w/ 3.5.0-26.40-generic . It was not happening with the 3.5.0-23-generic kernel.

Oops looks like:

Mar 5 10:26:43 kryten kernel: [40476.386289] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
Mar 5 10:26:43 kryten kernel: [40476.386326] IP: [<ffffffff81181b35>] do_sys_open+0x115/0x230
Mar 5 10:26:43 kryten kernel: [40476.386349] PGD 23c9b3067 PUD 23c9b2067 PMD 0<
Mar 5 10:26:43 kryten kernel: [40476.386367] Oops: 0000 [#1] SMP
Mar 5 10:26:43 kryten kernel: [40476.386380] CPU 0
Mar 5 10:26:43 kryten kernel: [40476.386387] Modules linked in: overlayfs ip6table_filter ip6_tables ebtable_nat ebtables xt_state ipt_REJECT xt_CHECKSUM iptable_mangle xt_tcpudp iptable_filter hid_generic hid_microsoft usbhid hid snd_usb_audio cm109 snd_usbmidi_lib snd_hrtimer pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) joydev ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ip_tables x_tables bridge stp llc dm_crypt snd_hda_codec_hdmi snd_hda_codec_conexant coretemp arc4 kvm_intel kvm bnep dm_multipath scsi_dh microcode snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi thinkpad_acpi snd_rawmidi nvram tpm_tis snd_seq_midi_event snd_seq iwlwifi snd_timer snd_seq_device mac80211 mac_hid rfcomm psmouse snd cfg80211 serio_raw bluetooth lpc_ich parport_pc soundcore mei snd_page_alloc ppdev nfsd nfs lockd fscache lp auth_rpcgss nfs_acl parport sunrpc binfmt_misc btrfs zlib_deflate libcrc32c raid10 raid456 async_pq async_xor xor async_memcpy async_raid6_recov rai
Mar 5 10:26:43 kryten kernel: d6_pq async_tx raid1 raid0 multipath linear ghash_clmulni_intel aesni_intel cryptd aes_x86_64 wmi ahci libahci e1000e i915 sdhci_pci sdhci drm_kms_helper drm i2c_algo_bit video
Mar 5 10:26:43 kryten kernel: [40476.386817]
Mar 5 10:26:43 kryten kernel: [40476.386819] Pid: 19808, comm: update-binfmts Tainted: G O 3.5.0-26-generic #40-Ubuntu LENOVO 4170CTO/4170CTO
Mar 5 10:26:43 kryten kernel: [40476.386869] RIP: 0010:[<ffffffff81181b35>] [<ffffffff81181b35>] do_sys_open+0x115/0x230
Mar 5 10:26:43 kryten kernel: [40476.386903] RSP: 0018:ffff8802e7af5f08 EFLAGS: 00010287
Mar 5 10:26:43 kryten kernel: [40476.386925] RAX: ffff8801bec42a00 RBX: 0000000000008000 RCX: 0000000000000008
Mar 5 10:26:43 kryten kernel: [40476.386953] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff8801bec42a10
Mar 5 10:26:43 kryten kernel: [40476.386981] RBP: ffff8802e7af5f68 R08: ffffffff81cd5060 R09: 0000000000000100
Mar 5 10:26:43 kryten kernel: [40476.388682] R10: ffffea0009b38600 R11: ffff8801bec42a10 R12: ffff8801b7163000
Mar 5 10:26:43 kryten kernel: [40476.390344] R13: 0000000000000003 R14: ffff8801bec42a00 R15: 0000000000000020
Mar 5 10:26:43 kryten kernel: [40476.392009] FS: 00007f7af5932700(0000) GS:ffff88043e200000(0000) knlGS:0000000000000000
Mar 5 10:26:43 kryten kernel: [40476.394315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 5 10:26:43 kryten kernel: [40476.396062] CR2: 0000000000000030 CR3: 00000001b7279000 CR4: 00000000000407f0
Mar 5 10:26:43 kryten kernel: [40476.397769] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Mar 5 10:26:43 kryten kernel: [40476.399464] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Mar 5 10:26:43 kryten kernel: [40476.401145] Process update-binfmts (pid: 19808, threadinfo ffff8802e7af4000, task ffff8801ac2a2e00)
Mar 5 10:26:43 kryten kernel: [40476.402857] Stack:
Mar 5 10:26:43 kryten kernel: [40476.404610] ffff8801d3938c00 ffff8801d3938e80 ffff8802e7af5f78 01b6ffff810ce98c
Mar 5 10:26:43 kryten kernel: [40476.406346] ffff000000008000 0000010000000024 0000000000000003 0000000001c59310
Mar 5 10:26:43 kryten kernel: [40476.408452] 000000000040ddb7 00007fff48e9d9dd 0000000000000008 0000000000000000
Mar 5 10:26:43 kryten kernel: [40476.410211] Call Trace:
Mar 5 10:26:43 kryten kernel: [40476.411941] [<ffffffff81181c71>] sys_open+0x21/0x30
Mar 5 10:26:43 kryten kernel: [40476.413726] [<ffffffff816890e9>] system_call_fastpath+0x16/0x1b
Mar 5 10:26:43 kryten kernel: [40476.415415] Code: 44 89 f9 4c 89 e6 e8 fb 04 01 00 48 3d 00 f0 ff ff 49 89 c6 0f 87 11 01 00 00 48 8b 70 18 4c 8d 58 10 41 bf 20 00 00 00 4c 89 df <4c> 8b 56 30 41 0f b7 02 4c 89 55 a8 4c 89 5d b0 66 25 00 f0 66
Mar 5 10:26:43 kryten kernel: [40476.418985] RIP [<ffffffff81181b35>] do_sys_open+0x115/0x230
Mar 5 10:26:43 kryten kernel: [40476.420733] RSP <ffff8802e7af5f08>
Mar 5 10:26:43 kryten kernel: [40476.422449] CR2: 0000000000000030
Mar 5 10:26:43 kryten kernel: [40476.704725] ---[ end trace e1b70c4b54722306 ]---

The commit http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-quantal.git;a=commit;h=06082d7a0df80a95e8b9e0b5b069ee22c01d986c looks suspicious, but may be a red herring.

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: linux-image-3.5.0-26-generic 3.5.0-26.40
ProcVersionSignature: Ubuntu 3.5.0-26.40-generic 3.5.7.6
Uname: Linux 3.5.0-26-generic x86_64
ApportVersion: 2.6.1-0ubuntu10
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: steve 3672 F.... pulseaudio
 /dev/snd/controlC0: steve 3672 F.... pulseaudio
 /dev/snd/pcmC0D0p: steve 3672 F...m pulseaudio
CheckboxSubmission: 9c15077a0ca11678d04e060687c26674
CheckboxSystem: 5dc75472945f57d094b84e90feb97396
Date: Tue Mar 5 12:27:43 2013
HibernationDevice: RESUME=UUID=a536a565-fd97-48e7-8ee9-42ba878335b7
InstallationDate: Installed on 2011-05-04 (671 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110426)
MachineType: LENOVO 4170CTO
MarkForUpload: True
ProcEnviron:
 TERM=screen
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.5.0-26-generic root=UUID=c4db2aae-2ceb-4cdf-89ad-5b45458deb35 ro rootflags=data=ordered pcie_aspm=force quiet splash vt.handoff=7
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: Daemon not responding.
RelatedPackageVersions:
 linux-restricted-modules-3.5.0-26-generic N/A
 linux-backports-modules-3.5.0-26-generic N/A
 linux-firmware 1.95
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to quantal on 2012-09-21 (165 days ago)
dmi.bios.date: 03/24/2011
dmi.bios.vendor: LENOVO
dmi.bios.version: 8CET32WW (1.09 )
dmi.board.asset.tag: Not Available
dmi.board.name: 4170CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr8CET32WW(1.09):bd03/24/2011:svnLENOVO:pn4170CTO:pvrThinkPadT420s:rvnLENOVO:rn4170CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 4170CTO
dmi.product.version: ThinkPad T420s
dmi.sys.vendor: LENOVO

Revision history for this message
Steve Beattie (sbeattie) wrote :
Revision history for this message
Steve Beattie (sbeattie) wrote :

Attaching the unmangled /var/log/kern.log since apport didn't seem to include it, and the bits pasted in the description were mangled somewhat

Changed in linux (Ubuntu):
importance: Undecided → Medium
tags: added: kernel-da-key regression-update
Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-key
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Andy Whitcroft (apw)
Revision history for this message
Andy Whitcroft (apw) wrote :

Reproduced trivially here. I am completely confused how the reporter of the previous bug claimed to have tested the fix as is in their setup. From what I can see the fix is incomplete currently due to an open-coded side effect on the nameidata.

@Steve -- could you please test the kernels here and confirm they work for you as well. Please report any testing back here:

    http://people.canonical.com/~apw/lp1147678-quantal/

[Note to self, do not trust testers.]

Revision history for this message
Steve Beattie (sbeattie) wrote :

@Andy: I'm not sure you'll trust me when I say this, but yes, I am able to schroot with overlayfs with the test kernel you posted (3.5.0-27.41~lp1147678v201303071151-generic). Thanks! Not seeing any other issues with this kernel, though granted it's only been up for 30 minutes or so.

Revision history for this message
Andy Whitcroft (apw) wrote :

/me pushes the patch for review.

Revision history for this message
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel for Quantal in -proposed solves the problem (3.5.0-26.42). Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-quantal' to 'verification-done-quantal'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-quantal
Brad Figg (brad-figg)
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
tags: removed: kernel-key
Revision history for this message
Steve Beattie (sbeattie) wrote :

I can confirm that the oops I saw when using overlayfs with chroots on the 3.5.0-26.40-generic has been fixed with the 3.5.0-26.42-generic kernel. Thanks!

tags: added: verification-done-quantal
removed: verification-needed-quantal
Revision history for this message
Adam Conrad (adconrad) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (13.8 KiB)

This bug was fixed in the package linux - 3.5.0-26.42

---------------
linux (3.5.0-26.42) quantal-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1152715

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094, #1147678

linux (3.5.0-26.40) quantal-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1133429

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094

  [ Ian Campbell ]

  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217

  [ Jan Beulich ]

  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231

  [ Tim Gardner ]

  * [Config] CONFIG_SATA_AHCI=m
    - LP: #1056563
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840

  [ Upstream Kernel Changes ]

  * Revert "USB: Handle warm reset failure on empty port."
    - LP: #1131944
  * xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
    guests.
    - LP: #1102374
    - CVE-2013-0190
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1119885
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1119885
  * PCI: pciehp: Use per-slot workqueues to avoid deadlock
    - LP: #1119885
  * PCI/AER: pci_get_domain_bus_and_slot() call missing required
    pci_dev_put()
    - LP: #1119885
  * xen/grant-table: correctly initialize grant table version 1
    - LP: #1119885
  * serial:ifx6x60:Delete SPI timer when shut down port
    - LP: #1119885
  * tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler
    - LP: #1119885
  * drm/i915: Invalidate the relocation presumed_offsets along the slow
    path
    - LP: #1119885
  * ARM: 7627/1: Predicate preempt logic on PREEMP_COUNT not PREEMPT alone
    - LP: #1119885
  * staging: vt6656: Fix inconsistent structure packing
    - LP: #1119885
  * 8250/16?50: Add support for Broadcom TruManage redirected serial port
    - LP: #1119885
  * KVM: PPC: Emulate dcbf
    - LP: #1119885
  * staging: wlan-ng: Fix clamping of returned SSID length
    - LP: #1119885
  * USB: option: blacklist network interface on ONDA MT8205 4G LTE
    - LP: #1119885
  * USB: option: add TP-LINK HSUPA Modem MA180
    - LP: #1119885
  * ALSA: hda - Fix mute led for another HP machine
    - LP: #1096789, #1119885
  * usb: dwc3: gadget: fix ep->maxburst for ep0
    - LP: #1119885
  * ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
    - LP: #1119885
  * ACPI / processor: Get power info before updating the C-states
    - LP: #1119885
  * ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
    sparsemem
    - LP: #1119885
  * evm: checki...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.