Raspberry PI 1 - dirperm1 breaks the protection by the permission bits on the lower branch

[firecube]

Hi,

I had resinos running with a handful of containers. I noticed they had gone offline so rebooted and am now presented with the error...

aufs au_opts_verify:1597:docker dirperm1 breaks the protection by the permission bits on the lower branch

There seems to be a number of issues related to Docker with the fixes coming from upgrading the kernal. Any idea how I can get this image going again or do I need to re-flash?

Thanks in advance.
Simon

[floion]

Hi, I didn't catch the last part. Have you found reports that this issue is fixed in newer docker versions?

[firecube]

Hi,

There are a number of threads referencing this issue which seems to be a kernel bug.

moby/moby#21081
kubernetes/kubernetes#27885

I have to admit I don't really understand the error let alone how it is addressed!

Any advice would be much appreciated.

Thanks, Simon

[floion]

Can you also give a bit more info on the number of containers you had running and maybe what containers were those?

[floion]

It would be a good idea also if you could hold on to that SD card for a bit in case we cannot reproduce it on our side

[firecube]

Hi,

Sorry for not getting back to you. I had the following containers running:

Node-red
Moquitto
Java based container running ha-bridge https://github.com/bwssytems/ha-bridge
Portainer

I still have the SD card so could upload an image somewhere if that would be helpful?

[floion]

Hi, do you still have the image available? Can you upload it somewhere for us to get it and test with it?

[shaunmulligan]

@floion i hit this today, I can keep the SD card and give it to @agherzan or upload it for you.

[agherzan]

@michal-mazurek please take the image from @shaunmulligan and investigate this error.

[agherzan]

@floion will take a look on the artik5 issues with aufs as well.

[agherzan]

@shaunmulligan Can you please post the errors you get? Can we get the exact steps as well to reproduce?

[shaunmulligan]

@agherzan these are the logs that I hit in dmesg:

[   26.589321] aufs au_opts_verify:1597:docker[429]: dirperm1 breaks the protection by the permission bits on the lower branch
[   58.020332] brcmfmac: brcmf_sdio_hdparse: seq 169: sequence number error, expect 167
[   58.028658] brcmfmac: brcmf_sdio_hdparse: seq 167: sequence number error, expect 170
[   58.037411] brcmfmac: brcmf_sdio_hdparse: seq 171: sequence number error, expect 170
[   70.018794] brcmfmac: brcmf_sdio_hdparse: seq 3: sequence number error, expect 2
[   70.026897] brcmfmac: brcmf_sdio_hdparse: seq 2: sequence number error, expect 4
[   70.035089] brcmfmac: brcmf_sdio_hdparse: seq 4: sequence number error, expect 3
[   76.022096] brcmfmac: brcmf_sdio_hdparse: seq 179: sequence number error, expect 178
[   76.030825] brcmfmac: brcmf_sdio_hdparse: seq 178: sequence number error, expect 180
[   76.042648] brcmfmac: brcmf_sdio_hdparse: seq 180: sequence number error, expect 179

and flowdock discussion here: https://www.flowdock.com/app/rulemotion/resin-devices/threads/l1KReW5qucNX9HUceJTzTU4Xubv

[shaunmulligan]

I think the brcmfmac issue is related to raspberrypi/linux#1313

[petrosagg]

To clarify this issue a bit, aufs au_opts_verify:1597:docker dirperm1 breaks the protection by the permission bits on the lower branch is not an issue. This is just a warning of the aufs driver because if this feature is used incorrectly it can be a security problem. Docker enables this feature on purpose and doesn't have security issues with it so it's safe to ignore it. The network issues must be coming from something else

[floion]

@agherzan can we close this?