kernel panic caused by kernel.pid_ns_hide_child=1 with kernel 2.6.32-166

mozp

New Member
Aug 17, 2015
6
0
1
Hello!

When "kernel.pid_ns_hide_child=1" sysctl flag is used, and one starts a new OpenVZ container it causes a crash into kernel panic on the latest and greatest "proxmox-ve-2.6.32: 3.4-166 (running kernel: 2.6.32-43-pve)". OpenVZ devs seem to know about the issue and will hopefully fix it very soon.

Very unpleasent and upgrading to this version is not advisable.

Is there any workaround to hide processes of containers from being visible on the host?

Thanks and best regards
moz

PS: Stacktrace attached:
Code:
------------[ cut here ]------------
kernel BUG at kernel/workqueue.c:192!
invalid opcode: 0000 [#1] SMP 
last sysfs file: /sys/kernel/uevent_seqnum
CPU 1 
Modules linked in: ipt_addrtype nf_conntrack_ipv6 nf_defrag_ipv6 netconsole 8021q garp ip_set vhost_net tun macvtap macvlan kvm_intel kvm nfnetlink_log nfnetlink vzethdev vznetdev pio_nfs pio_direct pfmt_raw pfmt_ploop1 ploop simfs vzrst nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 vzcpt vzdquota vzmon vzdev ip6t_REJECT ip6table_mangle ip6table_filter ip6_tables xt_conntrack nf_conntrack ipt_LOG xt_length xt_hl xt_tcpmss xt_TCPMSS iptable_mangle iptable_filter xt_multiport xt_limit xt_dscp ipt_REJECT ip_tables dlm sctp configfs acpi_cpufreq mperf cpufreq_ondemand cpufreq_conservative cpufreq_powersave cpufreq_stats freq_table vzevent ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc bonding fuse snd_hda_codec_analog snd_hda_codec_generic tpm_infineon snd_hda_intel i915 iTCO_wdt drm_kms_helper iTCO_vendor_support snd_pcsp snd_hda_codec snd_hwdep drm i2c_algo_bit snd_pcm snd_page_alloc snd_timer tpm_tis i2c_core lpc_ich snd soundcore tpm tpm_bios serio_raw mfd_core video output wmi zfs(P) zunicode(P) zavl(P) zcommon(P) znvpair(P) spl zlib_deflate ata_generic sg usb_storage pata_acpi r8169 mii mvsas libsas scsi_transport_sas ata_piix e1000e ptp pps_core [last unloaded: scsi_wait_scan]
Pid: 7945, comm: salt-minion veid: 501 Tainted: P        W  -- ------------    2.6.32-43-pve #1 042stab112_15 Hewlett-Packard HP Compaq dc5800 Microtower/2820h
RIP: 0010:[<ffffffff810a186c>]  [<ffffffff810a186c>] queue_work_on+0x5c/0x70
RSP: 0018:ffff8801442a3cd8  EFLAGS: 00010003
RAX: ffffffff81ab4ee0 RBX: ffff88014e919ec0 RCX: 0000000000000001
RDX: ffffffff81ab4ed8 RSI: ffff88021b17cdc0 RDI: 0000000000000001
RBP: ffff8801442a3cd8 R08: 0000000000000000 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff81ab4680
R13: 0000000000000001 R14: 0000000000000046 R15: ffff8802107c8140
FS:  00007f7749b91740(0000) GS:ffff880028280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f773ea701a0 CR3: 0000000143151000 CR4: 00000000000427e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process salt-minion (pid: 7945, veid: 501, threadinfo ffff8801442a0000, task ffff8801ec6624c0)
Stack:
 ffff8801442a3ce8 ffffffff810a18bf ffff8801442a3cf8 ffffffff810a18e8
<d> ffff8801442a3d28 ffffffff810a30d6 ffff88020a4927c0 00000000000108e0
<d> ffff88020a492701 ffff8801576da680 ffff8801442a3d38 ffffffff810a324a
Call Trace:
 [<ffffffff810a18bf>] queue_work+0x1f/0x30
 [<ffffffff810a18e8>] schedule_work+0x18/0x20
 [<ffffffff810a30d6>] free_pid+0xd6/0x1f0
 [<ffffffff810a324a>] __change_pid+0x5a/0x60
 [<ffffffff810a3260>] detach_pid+0x10/0x20
 [<ffffffff8107fe59>] release_task+0x3c9/0x540
 [<ffffffff81080441>] wait_task_zombie+0x471/0x5e0
 [<ffffffff81080636>] wait_consider_task+0x86/0x4e0
 [<ffffffff81080b77>] do_wait+0xe7/0x220
 [<ffffffff81080d1f>] sys_wait4+0x6f/0xf0
 [<ffffffff8107f5a0>] ? child_wait_callback+0x0/0x80
 [<ffffffff8100b1e2>] system_call_fastpath+0x16/0x1b
Code: 03 04 fd e0 99 c1 81 48 89 c7 e8 20 ff ff ff b8 01 00 00 00 5d c3 66 0f 1f 84 00 00 00 00 00 31 c0 5d c3 8b 3d ae 1f b8 00 eb cb <0f> 0b 66 90 eb fc 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 
RIP  [<ffffffff810a186c>] queue_work_on+0x5c/0x70
 RSP <ffff8801442a3cd8>
Tainting kernel with flag 0x7
Pid: 7945, comm: salt-minion veid: 501 Tainted: P        W  -- ------------    2.6.32-43-pve #1
Call Trace:
 [<ffffffff8107bbe9>] ? add_taint+0x69/0x70
 [<ffffffff815ad5d3>] ? oops_end+0x53/0xf0
 [<ffffffff81011b28>] ? die+0x58/0x90
 [<ffffffff815acc70>] ? do_trap+0xc0/0x160
 [<ffffffff815af642>] ? __atomic_notifier_call_chain+0x12/0x20
 [<ffffffff8100ca2b>] ? do_invalid_op+0xab/0xc0
 [<ffffffff810a186c>] ? queue_work_on+0x5c/0x70
 [<ffffffff810a31ce>] ? free_pid+0x1ce/0x1f0
 [<ffffffff8100c19b>] ? invalid_op+0x1b/0x20
 [<ffffffff810a186c>] ? queue_work_on+0x5c/0x70
 [<ffffffff810a18bf>] ? queue_work+0x1f/0x30
 [<ffffffff810a18e8>] ? schedule_work+0x18/0x20
 [<ffffffff810a30d6>] ? free_pid+0xd6/0x1f0
 [<ffffffff810a324a>] ? __change_pid+0x5a/0x60
 [<ffffffff810a3260>] ? detach_pid+0x10/0x20
 [<ffffffff8107fe59>] ? release_task+0x3c9/0x540
 [<ffffffff81080441>] ? wait_task_zombie+0x471/0x5e0
 [<ffffffff81080636>] ? wait_consider_task+0x86/0x4e0
 [<ffffffff81080b77>] ? do_wait+0xe7/0x220
 [<ffffffff81080d1f>] ? sys_wait4+0x6f/0xf0
 [<ffffffff8107f5a0>] ? child_wait_callback+0x0/0x80
 [<ffffffff8100b1e2>] ? system_call_fastpath+0x16/0x1b
---[ end trace 6c8fcd470bbda8c5 ]---
Kernel panic - not syncing: Fatal exception
Pid: 7945, comm: salt-minion veid: 501 Tainted: P      D W  -- ------------    2.6.32-43-pve #1
Call Trace:
 [<ffffffff815a04d9>] ? panic+0xa7/0x167
 [<ffffffff815ad654>] ? oops_end+0xd4/0xf0
 [<ffffffff81011b28>] ? die+0x58/0x90
 [<ffffffff815acc70>] ? do_trap+0xc0/0x160
 [<ffffffff815af642>] ? __atomic_notifier_call_chain+0x12/0x20
 [<ffffffff8100ca2b>] ? do_invalid_op+0xab/0xc0
 [<ffffffff810a186c>] ? queue_work_on+0x5c/0x70
 [<ffffffff810a31ce>] ? free_pid+0x1ce/0x1f0
 [<ffffffff8100c19b>] ? invalid_op+0x1b/0x20
 [<ffffffff810a186c>] ? queue_work_on+0x5c/0x70
 [<ffffffff810a18bf>] ? queue_work+0x1f/0x30
 [<ffffffff810a18e8>] ? schedule_work+0x18/0x20
 [<ffffffff810a30d6>] ? free_pid+0xd6/0x1f0
 [<ffffffff810a324a>] ? __change_pid+0x5a/0x60
 [<ffffffff810a3260>] ? detach_pid+0x10/0x20
 [<ffffffff8107fe59>] ? release_task+0x3c9/0x540
 [<ffffffff81080441>] ? wait_task_zombie+0x471/0x5e0
 [<ffffffff81080636>] ? wait_consider_task+0x86/0x4e0
 [<ffffffff81080b77>] ? do_wait+0xe7/0x220
 [<ffffffff81080d1f>] ? sys_wait4+0x6f/0xf0
 [<ffffffff8107f5a0>] ? child_wait_callback+0x0/0x80
 [<ffffffff8100b1e2>] ? system_call_fastpath+0x16/0x1b
drm_kms_helper: panic occurred, switching back to text console
------------[ cut here ]------------
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!