← Back to team overview

kernel-packages team mailing list archive

[Bug 1541313] [NEW] kernel panic when umouting rootfs

 

Public bug reported:

This upstream commit is missing:
da362b09e42e umount: Do not allow unmounting rootfs.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da362b09e42e

The commit log of this patch explains how to reproduce the kernel panic
(see below).

Note that this patch depends on
5ff9d8a65ce8 vfs: Lock in place mounts from more privileged users
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ff9d8a65ce8

root@ubuntu1404:~# uname -a
Linux ubuntu1404 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1404:~# ./a.out 
[  199.274374] ------------[ cut here ]------------
[  199.274865] kernel BUG at /build/linux-hEVYOL/linux-3.13.0/fs/pnode.c:372!
[  199.275473] invalid opcode: 0000 [#1] SMP 
[  199.275850] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd serio_raw nfsd auth_rpcgss parport_pc nfs_acl nfs i2c_piix4 mac_hid lockd sunrpc fscache lp parport psmouse pata_acpi floppy
[  199.276005] CPU: 0 PID: 893 Comm: a.out Not tainted 3.13.0-71-generic #114-Ubuntu
[  199.276005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.1-0-g4adadbd-20150316_085822-nilsson.home.kraxel.org 04/01/2014
[  199.276005] task: ffff88003ba6b000 ti: ffff88003ad8e000 task.ti: ffff88003ad8e000
[  199.276005] RIP: 0010:[<ffffffff811eb4d3>]  [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
[  199.276005] RSP: 0018:ffff88003ad8fe90  EFLAGS: 00010246
[  199.276005] RAX: ffff88003d9b41a0 RBX: 0000000000000002 RCX: ffff88003d9b41a0
[  199.276005] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88003ad8fec0
[  199.276005] RBP: ffff88003ad8fea8 R08: ffff88003d9b4190 R09: ffff88003ad8fec0
[  199.276005] R10: ffffffff811ce392 R11: ffffea0000e72e00 R12: ffff88003d9b4140
[  199.276005] R13: ffff88003d9b4140 R14: ffff88003d9b4140 R15: 0000000000000000
[  199.276005] FS:  00007f72c3f0c740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
[  199.276005] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  199.276005] CR2: 00007f72c3a2d110 CR3: 000000003d3fd000 CR4: 00000000001407f0
[  199.276005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  199.276005] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  199.276005] Stack:
[  199.276005]  0000000000000002 ffff88003d9b4160 ffff88003e035000 ffff88003ad8fed8
[  199.276005]  ffffffff811ddfcc 00000002ffffff9c ffff88003d9b4140 0000000000000002
[  199.276005]  ffff88003d9b4160 ffff88003ad8ff38 ffffffff811de9cf ffffffff811ce392
[  199.276005] Call Trace:
[  199.276005]  [<ffffffff811ddfcc>] umount_tree+0x25c/0x270
[  199.276005]  [<ffffffff811de9cf>] do_umount+0x12f/0x320
[  199.276005]  [<ffffffff811ce392>] ? final_putname+0x22/0x50
[  199.276005]  [<ffffffff811ce599>] ? putname+0x29/0x40
[  199.276005]  [<ffffffff811df75b>] SyS_umount+0x10b/0x120
[  199.276005]  [<ffffffff8173545d>] system_call_fastpath+0x1a/0x1f
[  199.276005] Code: 50 08 48 89 02 49 89 45 08 e9 57 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 4c 89 e6 4c 89 e7 e8 d5 f6 ff ff 48 89 c3 e9 19 ff ff ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 55 b8 01 
[  199.276005] RIP  [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
[  199.276005]  RSP <ffff88003ad8fe90>
[  199.297648] ---[ end trace 6262a5eb9740f9d0 ]---

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: 6wind

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1541313

Title:
  kernel panic when umouting rootfs

Status in linux package in Ubuntu:
  New

Bug description:
  This upstream commit is missing:
  da362b09e42e umount: Do not allow unmounting rootfs.
  http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da362b09e42e

  The commit log of this patch explains how to reproduce the kernel
  panic (see below).

  Note that this patch depends on
  5ff9d8a65ce8 vfs: Lock in place mounts from more privileged users
  http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ff9d8a65ce8

  root@ubuntu1404:~# uname -a
  Linux ubuntu1404 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
  root@ubuntu1404:~# ./a.out 
  [  199.274374] ------------[ cut here ]------------
  [  199.274865] kernel BUG at /build/linux-hEVYOL/linux-3.13.0/fs/pnode.c:372!
  [  199.275473] invalid opcode: 0000 [#1] SMP 
  [  199.275850] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd serio_raw nfsd auth_rpcgss parport_pc nfs_acl nfs i2c_piix4 mac_hid lockd sunrpc fscache lp parport psmouse pata_acpi floppy
  [  199.276005] CPU: 0 PID: 893 Comm: a.out Not tainted 3.13.0-71-generic #114-Ubuntu
  [  199.276005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.1-0-g4adadbd-20150316_085822-nilsson.home.kraxel.org 04/01/2014
  [  199.276005] task: ffff88003ba6b000 ti: ffff88003ad8e000 task.ti: ffff88003ad8e000
  [  199.276005] RIP: 0010:[<ffffffff811eb4d3>]  [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
  [  199.276005] RSP: 0018:ffff88003ad8fe90  EFLAGS: 00010246
  [  199.276005] RAX: ffff88003d9b41a0 RBX: 0000000000000002 RCX: ffff88003d9b41a0
  [  199.276005] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88003ad8fec0
  [  199.276005] RBP: ffff88003ad8fea8 R08: ffff88003d9b4190 R09: ffff88003ad8fec0
  [  199.276005] R10: ffffffff811ce392 R11: ffffea0000e72e00 R12: ffff88003d9b4140
  [  199.276005] R13: ffff88003d9b4140 R14: ffff88003d9b4140 R15: 0000000000000000
  [  199.276005] FS:  00007f72c3f0c740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
  [  199.276005] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [  199.276005] CR2: 00007f72c3a2d110 CR3: 000000003d3fd000 CR4: 00000000001407f0
  [  199.276005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  [  199.276005] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  [  199.276005] Stack:
  [  199.276005]  0000000000000002 ffff88003d9b4160 ffff88003e035000 ffff88003ad8fed8
  [  199.276005]  ffffffff811ddfcc 00000002ffffff9c ffff88003d9b4140 0000000000000002
  [  199.276005]  ffff88003d9b4160 ffff88003ad8ff38 ffffffff811de9cf ffffffff811ce392
  [  199.276005] Call Trace:
  [  199.276005]  [<ffffffff811ddfcc>] umount_tree+0x25c/0x270
  [  199.276005]  [<ffffffff811de9cf>] do_umount+0x12f/0x320
  [  199.276005]  [<ffffffff811ce392>] ? final_putname+0x22/0x50
  [  199.276005]  [<ffffffff811ce599>] ? putname+0x29/0x40
  [  199.276005]  [<ffffffff811df75b>] SyS_umount+0x10b/0x120
  [  199.276005]  [<ffffffff8173545d>] system_call_fastpath+0x1a/0x1f
  [  199.276005] Code: 50 08 48 89 02 49 89 45 08 e9 57 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 4c 89 e6 4c 89 e7 e8 d5 f6 ff ff 48 89 c3 e9 19 ff ff ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 55 b8 01 
  [  199.276005] RIP  [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
  [  199.276005]  RSP <ffff88003ad8fe90>
  [  199.297648] ---[ end trace 6262a5eb9740f9d0 ]---

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1541313/+subscriptions


Follow ups