Bug#880655: SMB mount/umount between 2 docker containers causes kernel Oops

To: submit@bugs.debian.org
Subject: Bug#880655: SMB mount/umount between 2 docker containers causes kernel Oops
From: Fabian Holler <fabian.holler@simplesurance.de>
Date: Fri, 3 Nov 2017 12:08:25 +0100
Message-id: <[🔎] 20171103110824.GA1646@ltop.localdomain>
Reply-to: Fabian Holler <fabian.holler@simplesurance.de>, 880655@bugs.debian.org

Package: linux-image-4.9.0-4-amd64
Version: 4.9.51-1

Running Samba in one docker container and mounting/umounting a SMB share of it
in a second docker container causes a kernel Oops.
The machine did not crash with linux-image-4.9.0-4-amd64=4.9.51-1.

The bug can be reproduced by https://github.com/fho/docker-samba-loop.

I was also able to reproduce a kernel Oops with the docker-samba-loop scripts
in multiple Ubuntu kernels (incl. machine crashes).
The trace looks different on linux-image-4.9.0-4-amd64. It might be a
different issue.
Ubuntu bug report: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1729637
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407 might be related,
it's about the "unregister_netdevice: waiting for lo to become free."
messages.

The kernel log is attached.

[ 1085.345239] unregister_netdevice: waiting for lo to become free. Usage count = 1
[ 1095.425242] unregister_netdevice: waiting for lo to become free. Usage count = 1
[ 1105.505246] unregister_netdevice: waiting for lo to become free. Usage count = 1
[ 1115.585269] unregister_netdevice: waiting for lo to become free. Usage count = 1
[ 1124.835985] docker0: port 2(veth966a0a1) entered disabled state
[ 1124.846673] device veth966a0a1 left promiscuous mode
[ 1124.852945] docker0: port 2(veth966a0a1) entered disabled state
[ 1124.893454] BUG: unable to handle kernel paging request at 00000000fffffee0
[ 1124.900946] IP: [<ffffffff8eb1d675>] sk_filter_uncharge+0x5/0x40
[ 1124.907177] PGD 12995b067 
[ 1124.909816] PUD 0 
[ 1124.913539] Oops: 0000 [#1] SMP
[ 1124.916816] Modules linked in: nls_utf8 cifs sha256_ssse3 cmac md4 des_generic arc4 dns_resolver fscache xt_nat xt_tcpudp veth ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter xt_conntrack nf_nat nf_conntrack br_netfilter bridge stp llc overlay sb_edac edac_core crct10dif_pclmul crc32_pclmul ppdev ghash_clmulni_intel intel_rapl_perf sg evdev parport_pc pvpanic parport serio_raw button ip_tables x_tables autofs4 ext4 crc16 jbd2 crc32c_generic fscrypto ecb mbcache sd_mod crc32c_intel virtio_scsi scsi_mod virtio_net aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd psmouse virtio_pci virtio_ring virtio i2c_piix4
[ 1124.991747] CPU: 0 PID: 10546 Comm: dockerd Not tainted 4.9.0-4-amd64 #1 Debian 4.9.51-1
[ 1124.999944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1125.009273] task: ffff899b769f2040 task.stack: ffffa8ed01010000
[ 1125.015302] RIP: 0010:[<ffffffff8eb1d675>]  [<ffffffff8eb1d675>] sk_filter_uncharge+0x5/0x40
[ 1125.023967] RSP: 0018:ffffa8ed01013de8  EFLAGS: 00010202
[ 1125.029386] RAX: 0000000000000000 RBX: ffff899c67741aa8 RCX: 0000000000000006
[ 1125.036631] RDX: 00000000ffffffff RSI: 00000000fffffec8 RDI: ffff899c67741800
[ 1125.043941] RBP: ffff899c67741800 R08: 0000000000000000 R09: 0000000000000000
[ 1125.051181] R10: ffff899c676b6810 R11: ffff899b769f2040 R12: ffff899c677418a8
[ 1125.058436] R13: 0000000000000001 R14: ffff899c67741880 R15: ffff899c6a80d400
[ 1125.065679] FS:  00007fe5aa0c1700(0000) GS:ffff899c6fc00000(0000) knlGS:0000000000000000
[ 1125.073880] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1125.079740] CR2: 00000000fffffee0 CR3: 0000000126d0e000 CR4: 00000000000406f0
[ 1125.086980] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1125.094232] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1125.101472] Stack:
[ 1125.103589]  ffffffff8eae9555 ffff899c67741800 ffffa8ed01013e60 ffff899c677418a8
[ 1125.111545]  ffffffff8eba849a ffff899c6a80d740 ffff899c677418a8 ffff899c66ece6e0
[ 1125.119778]  ffff899beaaaee40 6cd836548a884acd ffff899c4c955040 ffff899c4c955070
[ 1125.127787] Call Trace:
[ 1125.130353]  [<ffffffff8eae9555>] ? __sk_destruct+0x35/0x190
[ 1125.136126]  [<ffffffff8eba849a>] ? unix_release_sock+0x1ea/0x2d0
[ 1125.142329]  [<ffffffff8eba8599>] ? unix_release+0x19/0x30
[ 1125.147933]  [<ffffffff8eae376a>] ? sock_release+0x1a/0x70
[ 1125.153523]  [<ffffffff8eae37ce>] ? sock_close+0xe/0x20
[ 1125.158868]  [<ffffffff8e804da5>] ? __fput+0xd5/0x220
[ 1125.164030]  [<ffffffff8e694bb9>] ? task_work_run+0x79/0xa0
[ 1125.169719]  [<ffffffff8e603284>] ? exit_to_usermode_loop+0xa4/0xb0
[ 1125.176095]  [<ffffffff8e603a94>] ? syscall_return_slowpath+0x54/0x60
[ 1125.182650]  [<ffffffff8ec08648>] ? system_call_fast_compare_end+0x99/0x9b
[ 1125.189633] Code: ea ff ff ff c3 4c 89 e7 e8 49 d2 c3 ff 48 c7 c0 f4 ff ff ff e9 49 ff ff ff 48 c7 c0 f4 ff ff ff e9 3d ff ff ff 90 66 66 66 66 90 <48> 8b 46 18 8b 40 04 48 8d 04 c5 28 00 00 00 3e 29 87 24 01 00 
[ 1125.216264] RIP  [<ffffffff8eb1d675>] sk_filter_uncharge+0x5/0x40
[ 1125.222598]  RSP <ffffa8ed01013de8>
[ 1125.226200] CR2: 00000000fffffee0
[ 1125.230140] ---[ end trace 25825482a4e502a0 ]---

Reply to:

Follow-Ups:
- Bug#880655: SMB mount/umount between 2 docker containers causes kernel Oops
  - From: Ben Hutchings <ben@decadent.org.uk>
- Processed: Re: Bug#880655: SMB mount/umount between 2 docker containers causes kernel Oops
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: [debian/stretch64] lxc-copy: Snapshot with OverlayFS backingstorage fails with Linux-4.9.y
Next by Date: Bug#877558: Labtec DC-505, Model V-UAG30, P/N:861149-0000
Previous by thread: Bug#880617: linux-image-4.13.0-1-amd64: Trackpoint and headphone jack don't work
Next by thread: Bug#880655: SMB mount/umount between 2 docker containers causes kernel Oops
Index(es):
- Date
- Thread