Package: linux-image-2.6.26-1-openvz-amd64
Version: 2.6.26-11
Severity: normal
I found script below to always lock up my system with oops from
simfs module (OpenVZ).
#!/bin/sh
mkdir dir.ro dir.rw dir
mount -t aufs -o br:dir.rw:dir.ro=ro none dir
# removing simfs will prevent system from crashing
#modprobe -r simfs
mknod dir/anydev c 100 100
I'm reporting this for linux-image-2.6.26-1-openvz-amd64 package
because it is simfs module (OpenVZ component) that's oopsing, and
rmmod'ing simfs stops this from happening. However, this could be
related to aufs (aufs-modules-2.6.26-1-openvz-amd64 package).
Following is a session log took over serial console.
# mkdir dir.ro dir.rw dir
# mount -t aufs -o br:dir.rw:dir.ro=ro none dir
# mknod dir/anydev c 100 100
[ 152.961748] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[ 152.964024] IP: [<ffffffffa02f8269>] :simfs:sim_systemcall+0x9b/0x272
[ 152.964024] PGD 1e81d067 PUD 1d993067 PMD 0
[ 152.964024] Oops: 0000 [1] SMP
[ 152.964024] CPU: 0
[ 152.964024] Modules linked in: simfs aufs exportfs vzethdev vznetdev vzrst vzcpt tun vzdquota vzmon vzdev xt_tcpudp xt_length ipt_ttl xt_tcpmss xt_TCPMSS iptable_mangle iptable_filter xt_multiport xt_limit xt_dscp ipt_REJECT ip_tables x_tables ipv6 bridge ext2 mbcache loop parport_pc parport snd_pcm snd_timer snd soundcore snd_page_alloc pcspkr psmouse serio_raw i2c_i801 i2c_core iTCO_wdt container button evdev xfs raid1 md_mod sd_mod ata_generic ide_pci_generic ahci libata scsi_mod dock jmicron ide_core ehci_hcd uhci_hcd e1000e thermal processor fanthermal_sys [last unloaded: simfs]
[ 152.964024] Pid: 2581, comm: mknod Not tainted 2.6.26-1-openvz-amd64 #1 036test001
[ 152.964024] RIP: 0010:[<ffffffffa02f8269>] [<ffffffffa02f8269>] :simfs:sim_systemcall+0x9b/0x272
[ 152.964024] RSP: 0018:ffff81001e937a28 EFLAGS: 00010246
[ 152.964024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003
[ 152.964024] RDX: 0000000000000064 RSI: ffff81001f4ab800 RDI: ffff81001e937bb8
[ 152.964024] RBP: ffff81001e937bb8 R08: ffff81001cd8c340 R09: ffff81001cd7b5b8
[ 152.964024] R10: ffff81001f4ab908 R11: 0000000000000001 R12: ffff81001e937b58
[ 152.964024] R13: 0000000000000000 R14: ffff81001cd8a290 R15: ffff81001cd8c340
[ 152.964024] FS: 00007f4e96a45770(0000) GS:ffffffff80534000(0000) knlGS:0000000000000000
[ 152.964024] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 152.964024] CR2: 0000000000000028 CR3: 000000001e93a000 CR4: 00000000000006e0
[ 152.964024] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 152.964024] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 152.964024] Process mknod (pid: 2581, veid=0, threadinfo ffff81001e936000, task ffff81001f8cd7d0)
[ 152.964024] Stack: ffff81001cd7fd88 ffffffff8031199f 0000000000000002 ffff81001cd7fcc0
[ 152.964024] 0000000000000202 ffffffffa0135c5b ffff81001e937b48 0000000000000008
[ 152.964024] ffff81001dd681c0 ffffffffa01591cb 0000000100000000 ffff81001e937bb8
[ 152.964024] Call Trace:
[ 152.964024] [<ffffffff8031199f>] ? __up_read+0x13/0x8a
[ 152.964024] [<ffffffffa0135c5b>] ? :xfs:xfs_iunlock+0x31/0x7c
[ 152.964024] [<ffffffffa01591cb>] ? :xfs:xfs_read+0x1ec/0x21a
[ 152.964024] [<ffffffff802a0ac2>] ? do_sync_read+0x0/0x10c
[ 152.964024] [<ffffffff802a0b8b>] ? do_sync_read+0xc9/0x10c
[ 152.964024] [<ffffffff802417f8>] ? virtinfo_notifier_call+0x5b/0xa9
[ 152.964024] [<ffffffff802a3f1e>] ? vfs_getattr+0x35/0x74
[ 152.964024] [<ffffffffa0320c47>] ? :aufs:au_h_rdev+0x8b/0xec
[ 152.964024] [<ffffffff802b32f3>] ? inode_init_once+0x10/0xeb
[ 152.964024] [<ffffffffa031b418>] ? :aufs:au_new_inode+0x192/0x432
[ 152.964024] [<ffffffff802b1577>] ? d_instantiate+0x52/0x5d
[ 152.964024] [<ffffffffa031c6f3>] ? :aufs:epilog+0x5f/0x150
[ 152.964024] [<ffffffff802a886d>] ? vfs_mknod+0x11d/0x157
[ 152.964024] [<ffffffffa031cb35>] ? :aufs:add_simple+0x15e/0x2d8
[ 152.964024] [<ffffffffa031c457>] ? :aufs:aufs_permission+0x2b2/0x30e
[ 152.964024] [<ffffffff8031199f>] ? __up_read+0x13/0x8a
[ 152.964024] [<ffffffffa031cd41>] ? :aufs:aufs_mknod+0x2a/0x2f
[ 152.964024] [<ffffffff802a8838>] ? vfs_mknod+0xe8/0x157
[ 152.964024] [<ffffffff802ab06e>] ? sys_mknodat+0x190/0x1f4
[ 152.964024] [<ffffffff80311a37>] ? __up_write+0x21/0x10e
[ 152.964024] [<ffffffff8031199f>] ? __up_read+0x13/0x8a
[ 152.964024] [<ffffffff80423a39>] ? error_exit+0x0/0x60
[ 152.964024] [<ffffffff8020bffa>] ? system_call_after_swapgs+0x8a/0x8f
[ 152.964024]
[ 152.964024]
[ 152.964024] Code: ff c8 48 d3 e8 89 c0 48 0f af d0 48 89 55 60 48 8b 46 18 48 89 45 58 eb 12 48 89 ea 4c 89 ef ff d0 85 c0 89 c3 0f 85 b3 01 00 00 <49> 8b 45 28 31 db 48 81 78 38 20 8d 2f a0 0f 85 9f 01 00 00 8b
[ 152.964024] RIP [<ffffffffa02f8269>] :simfs:sim_systemcall+0x9b/0x272
[ 152.964024] RSP <ffff81001e937a28>
[ 152.964024] CR2: 0000000000000028
[ 153.342780] ---[ end trace d79ece63cdce3674 ]---
Message from syslogd@newpc at Dec 15 17:20:33 ...
kernel:[ 152.964024] Oops: 0000 [1] SMP
Message from syslogd@newpc at Dec 15 17:20:33 ...
kernel:[ 152.964024] Code: ff c8 48 d3 e8 89 c0 48 0f af d0 48 89 55 60 48 8b 46 18 48 89 45 58 eb 12 48 89 ea 4c 89 ef ff d0 85 c0 89 c3 0f 85 b3 01 00 00 <49> 8b 45 28 31 db 48 81 78 38 20 8d 2f a0 0f 85 9f 01 00 00 8b
Message from syslogd@newpc at Dec 15 17:20:33 ...
kernel:[ 152.964024] CR2: 0000000000000028
Killed
#
This is a blocker for me as I couldn't wrap chroot/debootstrap
environment with aufs to clone chroot tree quickly.
Regards,
Taisuke Yamada