Kernel panic with user namespaces

Alexander Larsson alexl at redhat.com
Mon May 18 14:39:11 UTC 2015


If I build and run the attached break-kernel.c as a user i get this
kernel panic on the fedora 4.0.3 kernel:

maj 18 16:33:36 nano kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
maj 18 16:33:36 nano kernel: IP: [<ffffffff81250288>] pin_remove+0x58/0xc0
maj 18 16:33:36 nano kernel: PGD 1cc973067 PUD 1d727b067 PMD 0 
maj 18 16:33:36 nano kernel: Oops: 0002 [#1] SMP 
maj 18 16:33:36 nano kernel: Modules linked in: rfcomm fuse ccm xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep arc4 intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm iwlmvm snd_hda_codec_realtek mac80211 snd_hda_codec_hdmi snd_hda_codec_generic vfat fat iTCO_wdt iTCO_vendor_support snd_hda_intel snd_hda_controller snd_hda_codec crct10dif_pclmul snd_hwdep crc32_pclmul snd_seq iwlwifi crc32c_intel
maj 18 16:33:36 nano kernel:  snd_seq_device uvcvideo ghash_clmulni_intel videobuf2_vmalloc snd_pcm videobuf2_core cfg80211 videobuf2_memops v4l2_common videodev thinkpad_acpi snd_timer serio_raw btusb media hid_multitouch bluetooth snd lpc_ich mfd_core i2c_i801 mei_me cdc_acm tpm_tis shpchp mei tpm soundcore wmi rfkill i2c_designware_platform i2c_designware_core nfsd auth_rpcgss nfs_acl lockd grace sunrpc cdc_mbim cdc_wdm cdc_ncm usbnet mii i915 i2c_algo_bit drm_kms_helper e1000e drm ptp pps_core video
maj 18 16:33:36 nano kernel: CPU: 2 PID: 2662 Comm: break-kernel Not tainted 4.0.3-201.fc21.x86_64 #1
maj 18 16:33:36 nano kernel: Hardware name: LENOVO 20A7005RUK/20A7005RUK, BIOS GRET42WW (1.19 ) 11/20/2014
maj 18 16:33:36 nano kernel: task: ffff8800a1a893e0 ti: ffff8801cafb4000 task.ti: ffff8801cafb4000
maj 18 16:33:36 nano kernel: RIP: 0010:[<ffffffff81250288>]  [<ffffffff81250288>] pin_remove+0x58/0xc0
maj 18 16:33:36 nano kernel: RSP: 0018:ffff8801cafb7e08  EFLAGS: 00010246
maj 18 16:33:36 nano kernel: RAX: 0000000000000000 RBX: ffff880212b09f20 RCX: 000000000000011a
maj 18 16:33:36 nano kernel: RDX: 0000000000000000 RSI: 0000000000000005 RDI: ffffffff82004a70
maj 18 16:33:36 nano kernel: RBP: ffff8801cafb7e18 R08: ffffffff81d25540 R09: ffff8800a6f73a28
maj 18 16:33:36 nano kernel: R10: 0000000000000000 R11: 0000000000000206 R12: ffff8801cafb7e70
maj 18 16:33:36 nano kernel: R13: ffff8800a1a893e0 R14: ffff8800a1a893e0 R15: 0000000000000000
maj 18 16:33:36 nano kernel: FS:  00007fab3d3fa700(0000) GS:ffff88021e280000(0000) knlGS:0000000000000000
maj 18 16:33:36 nano kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
maj 18 16:33:36 nano kernel: CR2: 0000000000000000 CR3: 00000001d70b6000 CR4: 00000000001407e0
maj 18 16:33:36 nano kernel: Stack:
maj 18 16:33:36 nano kernel:  ffff8800a1a893e0 ffff880212b09f20 ffff8801cafb7e38 ffffffff8123d7c2
maj 18 16:33:36 nano kernel:  ffff8801cafb7e20 ffff880212b09f20 ffff8801cafb7ea8 ffffffff81250414
maj 18 16:33:36 nano kernel:  ffff880212b08da0 ffff88003f41b000 ffff880100000000 ffff8800a1a893e0
maj 18 16:33:36 nano kernel: Call Trace:
maj 18 16:33:36 nano kernel:  [<ffffffff8123d7c2>] drop_mountpoint+0x22/0x40
maj 18 16:33:36 nano kernel:  [<ffffffff81250414>] pin_kill+0x74/0x100
maj 18 16:33:36 nano kernel:  [<ffffffff810dfbb0>] ? wait_woken+0x90/0x90
maj 18 16:33:36 nano kernel:  [<ffffffff812504c9>] mnt_pin_kill+0x29/0x40
maj 18 16:33:36 nano kernel:  [<ffffffff8123cbe0>] cleanup_mnt+0x90/0xa0
maj 18 16:33:36 nano kernel:  [<ffffffff8123cc42>] __cleanup_mnt+0x12/0x20
maj 18 16:33:36 nano kernel:  [<ffffffff810ba607>] task_work_run+0xb7/0xf0
maj 18 16:33:36 nano kernel:  [<ffffffff81014cdd>] do_notify_resume+0x8d/0xa0
maj 18 16:33:36 nano kernel:  [<ffffffff817835e3>] int_signal+0x12/0x17
maj 18 16:33:36 nano kernel: Code: 48 89 50 08 48 b8 00 01 10 00 00 00 ad de 48 8b 53 28 48 89 43 30 48 b8 00 02 20 00 00 00 ad de 48 89 43 38 48 8b 43 20 48 85 c0 <48> 89 02 74 04 48 89 50 08 48 b8 00 01 10 00 00 00 ad de 48 89 
maj 18 16:33:36 nano kernel: RIP  [<ffffffff81250288>] pin_remove+0x58/0xc0
maj 18 16:33:36 nano kernel:  RSP <ffff8801cafb7e08>
maj 18 16:33:36 nano kernel: CR2: 0000000000000000
maj 18 16:33:36 nano kernel: ---[ end trace e025319273fa36f8 ]---

I get no such crash with the previous (3.19.7) kernel.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl at redhat.com            alexander.larsson at gmail.com 
He's an old-fashioned Catholic stage actor with acid for blood. She's a 
beautiful nymphomaniac single mother married to the Mob. They fight 
crime! 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: break-kernel.c
Type: text/x-csrc
Size: 12955 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/containers/attachments/20150518/f7cc7f5c/attachment.bin>


More information about the Containers mailing list