[Devel] Re: BUG in tty_open when using containers and ptrace

Grzegorz Nosek Sat, 04 Jul 2009 06:32:15 -0700

Hi,

On pon, kwi 13, 2009 at 09:20:38 -0500, Serge E. Hallyn wrote:
> Quoting Môshe van der Sterre ([email protected]):
> > Hello,
> > 
> > I am working on the lxc userspace tools, and got this BUG a couple of
> > times.
> > Here are the reports:
> > 
> > http://moshe.nl/tty-bugshot1.png
> > http://moshe.nl/tty-bugshot2.png
> > 
> > I am running 2.6.29.1 from kernel.org in a virtual machine under kvm.
> > I have not been able to reliably reproduce it, but it happens only after
> > the container is setup and ptrace is active on lxc-start.
> > I think the first screen shot is while all ttys where allowed in
> > cgroup.devices, the second one while only tty1 was allowed.
> 
> Which distro is this - an uptodate F10, fresh F11, something else?
> 
> Since it also happens when all ttys are allowed it probably isn't the
> devices cgroup...  Actually the devpts code seems the most likely
> cause.  Suka, can you take a look at the 2.6.29.1 source for anything
> suspect?
> 
> Môshe, can you send me tty_io.S after doing:
>       'objdump -d drivers/char/tty_io.o > tty_io.S'
> 
> as well as strace_output after doing:
>       'strace -f -ostrace_output <your_lxc_start_command_here>'
> ?


Sorry for digging up such an old thread but I have apparently been
bitten by the same bug. I've been playing with libvirt 0.6.4 (which
mounts devpts with option newinstance) and I got the oops below
while strace'ing container init (upstart actually, got SIGINT and was
about to exit; sorry, no strace available but I remember nothing
extraordinary except for a "+++ Killed by SIGSEGV +++" at the end).

The kernel was vanilla 2.6.30 (hand-rolled on Debian Lenny).

The machine is quite uncomfortable to reboot but is not in production
use, so I guess I can test some patches if needed.

Best regards,
 Grzegorz Nosek

Jul  3 23:23:31 sback kernel: [170809.413989] general protection fault: 0000 
[#1] SMP
Jul  3 23:23:31 sback kernel: [170809.414024] last sysfs file: 
/sys/class/net/lo/operstate
Jul  3 23:23:31 sback kernel: [170809.414052] CPU 0
Jul  3 23:23:31 sback kernel: [170809.414074] Modules linked in: veth 
ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state 
nf_conntrack ipt_REJECT xt_tcpudp iptable_filter ip_tables x_tables bridge stp 
llc ipv6 w
83627hf lm85 hwmon_vid loop evdev tg3 libphy k8temp shpchp pci_hotplug 
i2c_nforce2 i2c_core container thermal processor thermal_sys button
Jul  3 23:23:31 sback kernel: [170809.414272] Pid: 13974, comm: init Not 
tainted 2.6.30-sback #3 S2891
Jul  3 23:23:31 sback kernel: [170809.414301] RIP: 0010:[<ffffffff80437914>]  
[<ffffffff80437914>] tty_open+0x1fb/0x423
Jul  3 23:23:31 sback kernel: [170809.414354] RSP: 0018:ffff880068015cf8  
EFLAGS: 00010246
Jul  3 23:23:31 sback kernel: [170809.414383] RAX: ffff88007e540800 RBX: 
ffff88007e540800 RCX: ffff88007e8cd708
Jul  3 23:23:31 sback kernel: [170809.414428] RDX: 6973646e65732f64 RSI: 
0000000000000000 RDI: ffff880058c8dc10
Jul  3 23:23:31 sback kernel: [170809.414474] RBP: ffff880068015d48 R08: 
0000000000000002 R09: 0000000000000000
Jul  3 23:23:31 sback kernel: [170809.414519] R10: 0000000000000167 R11: 
0000000000000004 R12: ffff88013ede9000
Jul  3 23:23:31 sback kernel: [170809.414564] R13: ffff88013ede9008 R14: 
ffff88007e586c00 R15: 0000000000000100
Jul  3 23:23:31 sback kernel: [170809.414609] FS:  00007f4a887056e0(0000) 
GS:ffffc20000000000(0000) knlGS:0000000000000000
Jul  3 23:23:31 sback kernel: [170809.414656] CS:  0010 DS: 0000 ES: 0000 CR0: 
000000008005003b
Jul  3 23:23:31 sback kernel: [170809.414685] CR2: 00000000020cd000 CR3: 
000000007dc1a000 CR4: 00000000000006e0
Jul  3 23:23:31 sback kernel: [170809.414730] DR0: 0000000000000000 DR1: 
0000000000000000 DR2: 0000000000000000
Jul  3 23:23:31 sback kernel: [170809.414775] DR3: 0000000000000000 DR6: 
00000000ffff4ff0 DR7: 0000000000000400
Jul  3 23:23:31 sback kernel: [170809.414821] Process init (pid: 13974, 
threadinfo ffff880068014000, task ffff880072560040)
Jul  3 23:23:31 sback kernel: [170809.414868] Stack:
Jul  3 23:23:31 sback kernel: [170809.414889]  ffff88007e586c00 
ffff880058c8dc10 0880000000008101 0000000000000001
Jul  3 23:23:31 sback kernel: [170809.414922]  0000000000000000 
0000000000000000 0000000000000000 ffff88013ede9008
Jul  3 23:23:31 sback kernel: [170809.414971]  0000000000000000 
ffff880058c8dc10 ffff880068015d98 ffffffff802d5b25
Jul  3 23:23:31 sback kernel: [170809.415036] Call Trace:
Jul  3 23:23:31 sback kernel: [170809.415059]  [<ffffffff802d5b25>] 
chrdev_open+0x15f/0x17e
Jul  3 23:23:31 sback kernel: [170809.415090]  [<ffffffff803baa3b>] ? 
selinux_dentry_open+0xf2/0xfb
Jul  3 23:23:31 sback kernel: [170809.415125]  [<ffffffff802d59c6>] ? 
chrdev_open+0x0/0x17e
Jul  3 23:23:31 sback kernel: [170809.415154]  [<ffffffff802d1082>] 
__dentry_open+0x155/0x274
Jul  3 23:23:31 sback kernel: [170809.415186]  [<ffffffff802d1278>] 
nameidata_to_filp+0x46/0x57
Jul  3 23:23:31 sback kernel: [170809.415218]  [<ffffffff802deb1b>] 
do_filp_open+0x4ca/0x924
Jul  3 23:23:31 sback kernel: [170809.415251]  [<ffffffff802e7ce8>] ? 
alloc_fd+0x122/0x133
Jul  3 23:23:31 sback kernel: [170809.415281]  [<ffffffff802d0e61>] 
do_sys_open+0x5b/0xdb
Jul  3 23:23:31 sback kernel: [170809.415312]  [<ffffffff802d0f14>] 
sys_open+0x20/0x22
Jul  3 23:23:31 sback kernel: [170809.415341]  [<ffffffff8020bf36>] 
tracesys+0xd9/0xde
Jul  3 23:23:31 sback kernel: [170809.415373] Code: 81 fb 00 f0 ff ff 76 11 48 
c7 c7 60 61 7d 80 e8 c1 38 17 00 e9 a9 00 00 00 48 85 db 74 5c 80 bb 40 01 00 
00 00 48 8b 53 08 78 64 <81> ba 9c 00 00 00 04 00 01 00 75 16 83 bb 48 01 00 0
0 00 75 4f
Jul  3 23:23:31 sback kernel: [170809.415582] RIP  [<ffffffff80437914>] 
tty_open+0x1fb/0x423
Jul  3 23:23:31 sback kernel: [170809.415612]  RSP <ffff880068015cf8>
Jul  3 23:23:31 sback kernel: [170809.415869] ---[ end trace e65e6319b2f34f5a 
]---


Decoding the code yields:
All code
========
   0:   81 fb 00 f0 ff ff       cmp    $0xfffff000,%ebx
   6:   76 11                   jbe    0x19
   8:   48 c7 c7 60 61 7d 80    mov    $0xffffffff807d6160,%rdi
   f:   e8 c1 38 17 00          callq  0x1738d5
  14:   e9 a9 00 00 00          jmpq   0xc2
  19:   48 85 db                test   %rbx,%rbx
  1c:   74 5c                   je     0x7a
  1e:   80 bb 40 01 00 00 00    cmpb   $0x0,0x140(%rbx)
  25:   48 8b 53 08             mov    0x8(%rbx),%rdx
  29:   78 64                   js     0x8f
  2b:*  81 ba 9c 00 00 00 04    cmpl   $0x10004,0x9c(%rdx)     <-- trapping 
instruction
  32:   00 01 00
  35:   75 16                   jne    0x4d
  37:   83                      .byte 0x83
  38:   bb 48 01 00 00          mov    $0x148,%ebx

Code starting with the faulting instruction
===========================================
   0:   81 ba 9c 00 00 00 04    cmpl   $0x10004,0x9c(%rdx)
   7:   00 01 00
   a:   75 16                   jne    0x22
   c:   83                      .byte 0x83
   d:   bb 48 01 00 00          mov    $0x148,%ebx


_______________________________________________
Containers mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/containers

_______________________________________________
Devel mailing list
[email protected]
https://openvz.org/mailman/listinfo/devel

[Devel] Re: BUG in tty_open when using containers and ptrace

Reply via email to