Public bug reported:
Binary package hint: linux-image-2.6.27-9-generic
I used the unshare system call in order to isolate an NFS client mount
to a certain tree of processes. However, when those processes exit, I
noticed that the kernel crashed in the exit path.
This is the version of the kernel:
[14:19 pts/3,dan-linux ~]# uname -a
Linux dan-linux 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC 2008 i686
GNU/Linux
I have used this 'unshare' wrapper utility:
#include stdio.h
#define _GNU_SOURCE
#include sched.h
int main(int argc, char *argv[])
{
int ret;
ret = unshare(CLONE_NEWNS);
if (ret) {
printf(unshare: failed\n);
return ret;
}
return execvp(argv[1], argv[1]);
}
Here is the dmesg:
[ 218.776385] IP: [f8fd] :sunrpc:rpc_new_client+0x1dd/0x320
[ 218.776401] *pde =
[ 218.776405] Oops: [#1] SMP
[ 218.776408] Modules linked in: nfs lockd nfs_acl sunrpc tun af_packet
binfmt_misc bridge rfcomm stp bnep sco l2cap bluetooth ppdev lp ipv6
acpi_cpufreq cpufreq_ondemand cpufreq_powersave cpufreq_conservative
cpufreq_userspace cpufreq_stats freq_table sbs video output bay wmi container
sbshc pci_slot battery ac snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm
snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq
snd_timer pcspkr dcdbas serio_raw evdev nvidia(P) psmouse snd_seq_device
parport_pc i2c_core intel_agp parport agpgart iTCO_wdt iTCO_vendor_support
button snd soundcore heci snd_page_alloc shpchp pci_hotplug ext3 jbd mbcache
usbhid hid sd_mod crc_t10dif sg ata_generic ahci ehci_hcd uhci_hcd pata_acpi
usbcore libata e1000e scsi_mod dock thermal processor fan fbcon tileblit font
bitblit softcursor fuse
[ 218.776483]
[ 218.776486] Pid: 6369, comm: server.sh Tainted: P (2.6.27-9-generic
#1)
[ 218.776488] EIP: 0060:[f8fd] EFLAGS: 00010287 CPU: 1
[ 218.776501] EIP is at rpc_new_client+0x1dd/0x320 [sunrpc]
[ 218.776504] EAX: EBX: f3701000 ECX: f370109c EDX: f3701000
[ 218.776506] ESI: f8f28028 EDI: f8f27ba0 EBP: f2df9cb8 ESP: f2df9c84
[ 218.776508] DS: 007b ES: 007b FS: 00d8 GS: SS: 0068
[ 218.776510] Process server.sh (pid: 6369, ti=f2df8000 task=f2d83ed0
task.ti=f2df8000)
[ 218.776513] Stack: f2e5c000 f2e5c2ac f2df9c94 c0255816 f2df9d60 f2e5c000
f37010f4 f8f28028
[ 218.776519]f8f280e4 f2e5c000 f2df9d60 f8f152b4 f2df9d44
f8f001c4 0032
[ 218.776526]c21c8618 0001 0046 f09e6399 0032 f2d83ed0
c21c8620 c21cc180
[ 218.776533] Call Trace:
[ 218.776535] [c0255816] ? random32+0x16/0x20
[ 218.776544] [f8f001c4] ? rpc_create+0x74/0x210 [sunrpc]
[ 218.776558] [c014a72d] ? enqueue_hrtimer+0x7d/0x130
[ 218.776563] [c014b474] ? hrtimer_start+0xc4/0x1c0
[ 218.776569] [f8f0d7ed] ? rpcb_register_call+0x6d/0xe0 [sunrpc]
[ 218.776585] [c01acbb1] ? __slab_free+0x91/0xf0
[ 218.776592] [f8f0d8f8] ? rpcb_register+0x98/0xe0 [sunrpc]
[ 218.776607] [c01c7faa] ? generic_forget_inode+0x15a/0x180
[ 218.776611] [c01acb2e] ? __slab_free+0xe/0xf0
[ 218.776618] [f8f081fe] ? svc_register+0x9e/0x170 [sunrpc]
[ 218.776632] [c037e6dd] ? _spin_lock+0xd/0x10
[ 218.776637] [f8f08384] ? svc_destroy+0xb4/0x150 [sunrpc]
[ 218.776651] [f8f084b9] ? svc_exit_thread+0x99/0xb0 [sunrpc]
[ 218.776665] [f8f084b9] ? svc_exit_thread+0x99/0xb0 [sunrpc]
[ 218.776679] [f8f084c8] ? svc_exit_thread+0xa8/0xb0 [sunrpc]
[ 218.776694] [f8e2f702] ? lockd_down+0x42/0x90 [lockd]
[ 218.776702] [f8e2d092] ? nlmclnt_done+0x12/0x20 [lockd]
[ 218.776709] [f8f888c0] ? nfs_destroy_server+0x20/0x30 [nfs]
[ 218.776722] [f8f88cf0] ? nfs_free_server+0x70/0x110 [nfs]
[ 218.776732] [c01b40d7] ? kill_anon_super+0x37/0x40
[ 218.776737] [f8f94b10] ? nfs_kill_super+0x30/0x40 [nfs]
[ 218.776750] [c01eb240] ? vfs_quota_off+0x0/0x380
[ 218.776754] [c01b4364] ? deactivate_super+0x64/0x90
[ 218.776758] [c01cb170] ? mntput_no_expire+0xc0/0x120
[ 218.776763] [c01cb252] ? release_mounts+0x82/0x90
[ 218.776766] [c01cafef] ? umount_tree+0x11f/0x150
[ 218.776770] [c01cb2d1] ? __put_mnt_ns+0x71/0x90
[ 218.776774] [c014bacf] ? free_nsproxy+0x5f/0x70
[ 218.776777] [c014bb25] ? switch_task_namespaces+0x45/0x60
[ 218.776781] [c014bb4f] ? exit_task_namespaces+0xf/0x20
[ 218.776785] [c0135b8a] ? exit_notify+0x1a/0x180
[ 218.776789] [c0135e92] ? do_exit+0x1a2/0x360
[ 218.776793] [c01b26cd] ? vfs_read+0x9d/0x110
[ 218.776796] [c01b1e40] ? do_sync_read+0x0/0x120
[ 218.776800] [c0136085] ? do_group_exit+0x35/0xa0
[ 218.776803] [c0136108] ? sys_exit_group+0x18/0x20
[ 218.776807] [c0103f7b] ? sysenter_do_call+0x12/0x2f
[ 218.776811] [c037] ? netdev_exit+0x10/0x20
[ 218.776815] ===
[ 218.776816] Code: 88 d1 00 00 00 8b 55 dc 8b 42 20 89 da e8 1c 70 00 00 3d
00 f0 ff ff 89 c7 0f 87 83 00 00 00 64 a1 00 c0 50 c0 8b 80 cc 03 00 00 8b 40
04 83 c0 45 e8 78 42 35 c7 83 f8 20 89 43 4c 7e 07 c7 43